Sandboxie+ Roadmap

To get some more user engagement I think I'll provide here a road map what features will come to the upcoming sandboxie+ builds.


Features up to and including 1.6.0 are available for patrons on tiers 10$ and above in an insider build, functionality up to 1.10.x will be released to insiders soon


Feature Road map

[1.14.0 / 5.69.0] - 2023-??-??
Added

• sbie ini path can be specified in driver registry's using REG_SZ "IniPath"
• added advanced API trace functionality
• added full stack trace to all trace messages

Changed

• reworked scm hooking to improve windows 10 compatybility

[1.13.0 / 5.68.0] - 2023-??-??
Added

• added missing virtualization to EventPair & KeyedEvent objects
• added filtering and virtualization to Timer objects

Changed

• reworked low level code injection mechanism ti improve flexibility and debugging

Fixed

• improved compatybility with procmon/stack traces for debug builds

[1.12.0 / 5.67.0] - 2022-??-??
Added

• added Sandbox USB drives option
• added nt object view to trace log

[1.11.0 / 5.66.0] - 2022-??-??
Added

• added ability to fore sandboxed processes to use a pre defined socks 5 proxy
• added ability to intercept DNS queries such that thay can be log and/or redirected

[1.10.0 / 5.65.0] - 2022-??-??
Added

• added new user proxy mechanism to enable user cspecific operations
• added Support for EFS using the user proxy #1980
• to enable add 'EnableEFS=y' to the sandbox config
• added break out document functionality #2741
• use a syntax like this 'BreakoutDocument=C:\path*.txt' to specify path and extension
• Security Warning: do not use paths terminated with a wild card like 'BreakoutDocument=C:\path*' as thay will allow for executeion ot maliciouse scripts outside teh sandbox!!!

Other things that are being worked on but not yet scheduled / ready for a release

1.) add a open file proxy process to enable EFS (Encrypted File System) support available in 1.8.x

2.) ImDisk integration allowing to create RAM resident boxes to leave no trace on the actual pc

3.) Better UWP support, with existing builds in compartment mode its already possible to a limited extent to run store packaged win32 apps but that is far from actual UWP/Store support, given where windows 11 is going an proper modern windows support seams required in the long run.

4.) Improved MSI installer support, it still fails for some msi's and I wont stop until I can install MS office into a sandbox muhahahaha...

5.) Rework service handling, implement a proper sandboxed service manager

6.) Rework COM proxing EP mapper handling

7.) Rework creation of the sandboxed token ti improve compatybility

8.) Add inbox process protection to better enforce start/ execution restrictions available in 1.7.x

9.) Function to force boxed processes to use a specified socks 5 proxy available in 1.9.x

10.) Option to set file checkers to test files before recovering them available in 1.10.x

11.) Encrypted sandboxes (using eider *.vhdx or custom container files *.ebox)


What other large things would you like to see in sandboxie+? Like really big, not juts add a small button here or there, but significant changes greatly improving its usefulness.

 

sarcasm or ironic? i would propose now that you'll never finish.
i dont have doubt on your skills, but office is a bit more complex than msi.

 

Perhaps my idea is a little bit too unclear or general but nevertheless I will try to express it:

Many users seem to use Sandboxie for a specific, more or less clearly defined purpose - e.g. for using their browser (= for surfing) within a sandbox.

For such users perhaps it would be useful if something like a sandbox with predefined settings for such a certain purpose could be offered. For example something like a sandbox - ready "out of the box" - with all necessary settings (only) for "surfing within Sandboxie".

Maybe that something similar will be able to be realized anyway with the planned wizard (https://www.wilderssecurity.com/threads/what-to-add-to-the-1st-start-wizard-in-sbie.445531/). I think of a solution that makes it as simple as possible (and of course as secure as possible) for someone to use Sandboxie for a specific standard activity without the necessity to do (too much of) configuration work. (But of course with the possibility to modify the standard settings if someone wants to do so).

 

Whether Sandboxie+ is approaching the level of rocket science or not, maybe Sandboxie Classic fits the bill you're looking for. One would hope and assume that the protection levels offered by either version are equally superb.
And, without a doubt, the are a a multitude of Sandboxie users that pray the Classic version will never be abandoned in lieu of an exclusive focus on the development of Sandboxie+.

 

Sure. But even David himself recommends the change to the plus-Version (not so much for security reasons, I think, but as the more "modern" version in general). So an easy creation of some "standard" sandboxes perhaps would be useful there too. And moreover: Even the Classic version I did not use "as it is" but with some additional strengthening (e.g. restricting the internet access to specific files). This is something which possibly could be part of some sort of a "predefined" sandbox so that "beginners" need not do this configuration work by themselves.

 

Sooo.... add a button saying "send this sandbox presets in to win a free supporter certificate, please also describe why the template is worth wile and should be included in future sandboxie builds as an available box preset"
This way we can build a bunch of useful preset box configurations even for software i don't have or know how to use.

 

It may be problematic to simplify the Classic version more than it already is. With other security measures in place, I just slap a browser of choice under Sandboxie and take it out for a spin. To quote you, I never felt the need of "some additional strengthening." And by the way, any "restricting the internet access to specific files"
you're worried about can be resolved with the right click of the mouse. Wham bam...

 

why are you still using the classical version anyways?
the plus version can be switched into a simple view anyways

 

I think the eventual integration of Classic and Plus may be a consideration. Melding the best of both would benefit both schools of thought and usage. Or get rid of the Classic interface altogether. It's a relic, a security blankie that grew up already.

Other than that, I hope I'm not perceiving that once again, Sandboxie is spinning out of the reach of regular, basic users like me. I'd rather the development continue under the hood. What's wrong with the way things are now? People can still input on your GitHub page and here too.

And now, I must dash.

 

What is there left to integrate? Currently the plus UI should have all the capabilities of the classic one.
Yes in the past this was not so, but now after the final 1.xx release there shouldn't be anything left in classic that plus does not also have.
Now I can't guarantee that I did not miss some obscure fringe feature, but probably not.
And sure a few things are made to look particularly different, like the browse content is in plus a separate window instead of a switchable view of the main window. And the settings structure is quite different, though not the box options.

I really don't see there being much use for the classic UI. The reason its still there is that its 0 afford to keep it, but its not being developed at all, I only fix minor things I may break when changing the core components to add new plus functionality.

 

@DavidXanatos and @plat1098 ...My favorite developer and poster, respectively. No need for a crystal ball to see where this is going. Later today I'll disentangle my system from the purportedly impervious Faronics DF, uninstall the antiquated and soon to be kicked in the booty Classic version,
and welcome with open arms and a kiss on the digital cheek of Sandboxie+... Yippy-Ty-O-Ty-Ay...

 

Well its already the same technology under the hood, only the UI is different.

Tell me what to simplify even further in the simple view of sandman

 

Well, it seems I'm just echoing what you've been saying, prob. more than once to boot.

If YOU wish to keep the Classic UI, that's one thing-but seeing as you're inviting the users to offer thoughts, well--how about polling Classic users to see if the majority wouldn't mind transitioning to Plus without getting intimidated or alienated from Sandboxie altogether. I wasn't even thinking about the stuff you mentioned in your initial post (and frankly, it's mostly over my head anyway).

Besides, you said before in the past that Plus and Classic have virtually the same functionality. My thoughts were more with the physical aspects of the UIs themselves. Now this is a design thing. I mean, the UIs are about as different as can be. Like stapp said, it requires some thought on what and how to integrate the design features of the two. Not an easy thing.

 

Respectfully curious,
Does Sandboxie+ Roadmap include "Open / Select File".

 

what is open/sellect file?

 

i still use classic because i dont need a bloated UI and a lot of switches for this and that. the classic has it all for me to try out unknown or new software. boxes are isolated by default from host (incoming only).

If David is going to abandon the classic build i am going to abandon sandboxie, simple as that as there exist fallback solutions for me.

 

@Brummelchen unless you are editing your ini a lot,
you really are missing out on a lot of functionality, the situation is that while booth flavors use the same core components, the classic UI does not offer any options to use all the great new plus functionality, other then editing the ini by hand that is.

Functionality like privacy enhanced boxes and much more, see the plus feature list: https://sandboxie-plus.com/plus-features/
All that can work in classic but you need to set all option using a text editor.

And there there are the UI specific features that are only in the Plus UI:
you have a much more usefull and customizable box run menu, so instead of starting the same 5 commands since 2000 you can configure own entries to be run in each box.
The trace log functionality is literally infinitely better than in classic, you have various filters and a full text search at your disposal, you can sort, etc... what does classic has a text box with all the entries.
The browse content view in sandboxie plus offers you a full explorer context menu for each file, instead of just a few boring options like classic.
Sandboxie Plus shows you the size of each sandbox, and in a soon build will even offer start menu integration for box installed apps.
etc, etc, etc...

The plus UI is not bloated, the classic UI is archaic.

 

https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-20.445081/page-2#post-3081170

 

Ah now I remember yea that's in in the 1.3.xx build

 

Okay, 1.3.xx build. Thanks - Regards w Respect -

 

i do net edit my ini files, i just backup them. all i need is inside the classic build.

you should start a worldwide (!) (not only here) decision what users want.
if you do not share this idea then abandon the classic build and live with the results.

BTW if you need to make money to develop sandboxie you really should announce this wide open.

 

I have used ImDisk with SB for quite a few years: if a sandbox is run in ram, after a restart what traces can remain? And if I delete/clear a ram sandbox without restarting does that not remove everything?