Sandboxie+ Roadmap

@g17this should be working i'll test that and fix if i can reproduce the issue.

 

FWIW ~ rt clk thumb drive -> Run Sandboxed -> DefaultBox (default settings)...works, for me.

 

The problem with a subscription model is that we are now inundated with them, and the total costs mount and mount. I understand the logic which is largely irrefutable, but it remains an issue for me and I suspect many others.

I have used and supported SB back to Tzuk's days, maybe not enough support(?), and would almost certainly continue use it if a subscription was introduced but would prefer a one-off license; or maybe a license per major version although that opens a massive potential can of worms.

 

I still use Sandboxie Classic, it`s probably one of my most used programs over many years back to the Xp days when it really was needed. Pretty much only use it to isolate my browser, anything else I`ll go full virtual or image from a totally clean system.
Nowadays it is rare to find a browser exploit and come accross it in daily use, especially if you use some ad-blocker, most of the time infections are from people running random stuff from emails, etc!

Thanks David...

 

When I do this it does nothing, meaning the window does not open, it's odd.

 

g17. Try running File explorer sandboxed. After you open File Explorer sandboxed, you navigate to the USB drive.

In Classic (I don't know what SBIE version you are using or if Plus has this option), go to the Sandboxie folder in Start Menu, and click the option to run Windows Explorer sandboxed. After doing so, a sandboxed version of Explorer will run in your Default sandbox (Note: For this option to work, default box has to be Start Run unrestricted, or add explorer.exe to the programs allowed to run in the default box.

See if that works for you. If it does, I ll give you instructions on how to create a sandboxed File explorer shortcut to run explorer in its own dedicated sandbox.

Bo

 

One of the later up comming builds will get an UI to configure/inspect exotic settings for which configuration option is yet present:




This allows to add new config quickly and takes much less space in the options window

 

Thanks for all your hard work, David. I use Classic, myself, but I would switch to Plus if Classic was phased out.

 

This is me just saying Thankyou to Mr Xanatos, the donors and everyone who files bug reports.

 

@DavidXanatos
- I didn't check the classic for a long time, but I see where the classic simple fans come from by just opening it and go in the menu or the right click context. It is less complex, less scary. Yes you have all in the plus I think, but then again, tons more, which some don't use, the simple view only switches the bottom window with logs off, but the menus stay as scary as well as the context menu.
Even the simple message in classic, IS THIS WINDOW SANDBOXED in plus it just says Window Finder. One is beginner intuitive the other is more tech. So just maybe this is what they like, simpler, to the point. So in a way, maybe the switch to simple should simply change it to the classic menues, as much as possible, hiding the extras. Should they want those, they needs to switch to advanced.
I guess the classic fans can confirm if that is what they're after, to me it sounds like it and it sounds logic.

- Difficult feature, find out what makes GOG Galaxy crash, loosing connection, then crashing after about 5 min latest.

- About the supporter license, I have a kind of headache with it, but see also why you do it. I don't like subscription models on the other hand, abo is the plague of the time, together with cloud. Not sure where the sweat spot is. And I think we all see how much time you invest in the program. I try to support the development with input, bugs, testing all versions and reporting the issues I see, ...

- Oh and before I forget, the firewall for example, I do think it is a very nice feature, which is indeed not that easy as firewall never are, but utilizing the windows one was a cool idea and works fine. Who doesn't need it, don't use it. Advanced functions in the context of sandboxing, virtualization and protection, none of the new features is short to add to it. And the option to not use it is always there. However as said before I see that the interface would need rework for simple view, in all areas.
A bit like in VLC you have simple and advanced, simple is really simplistic, advanced kills your brain. Or Kodi same idea, simple to expert. Different levels of menus.

Just my two cents.

 

Custom Font Size

 

Yes this is also my opinion.

That is why there are the medium and large certificates which for the version at the time of perches + 1 (2 for large) year of free updates don't expire. They only need to be renewed to use new releases released after 1 (2 for large) years after the date the certificate was issued.

Only the small certificate is a subscription.


About the simple view, so you suggest to make it look like the classic ui menu whise?

 

Gotcha need to read it again.


Function wise, that is what I read in the comments, simple and not overly complex. As well as the wording might be a bit more user-centered, like the example Ist this Window Sandboxed is very logic and simple. Window search mhhh what does it search? I compared them both yesterday and it makes sense, classic is more straight to the point.
@bo elam @Brummelchen would you confirm that this is it? Simple should really switch in a SIMPLE less items view. Similar to classic.

 

btw ~ Plus users may run Classic SbieCtrl UI.
Plus installer installs Plus SandMan UI and Classic SbieCtrl UI.

 

Yep, but it is to avoid having two GUIs to maintain. But by renaming some to an easier style plus options of classic as simple view and then add all the others in advanced or so, would do the trick for both I think

 

Functions wise: Sandboxie is a sandbox program. IMO, David in Plus seems to forget that. I remember Tzuk stressing the importance of the sandbox way and above all the restrictions in Sandbox settings. I clearly remember him telling us that the power of Sandboxie is the sandbox, and anything else is extra. To me, this extras are like gravy. I remember him talking specifically about Drop rights, and he said that the setting itself was not a world changer. And that's Drop rights, the most important restriction (extra) in Sandboxie. Basically, by using it, nothing will take over your sandbox as nothing will install in the sandbox. And Tzuk himself basically said, not needed. I can only imagine what he would say about the stuff that is being added to SBIE now.

So the point is, Old Sandboxie already came with plenty settings, plenty overkill, from my point of view, we need no more. More is undesirable as it is overkill and shifts Sandboxie from being a mature program to something else.

The language: Old Sandboxie came with a good language. The labeling or names used for the features and settings.were well thought. Easy to understand. For no good reason David threw all that away to the garbage can. It is like he tried his best to avoid using the old lingo.

The UI: The old UI looks serious and it is a serious UI. The new one (I am sorry to say this) looks like a toy for a toddler. You don't believe me, look below.
https://www.google.com/search?q=thr...HUS2CKwQ_AUoAXoECAEQAw&biw=1366&bih=607&dpr=1

So Survivor, my problem with Plus is not that looks scary or complex but it just doesn't looks like SBIE anymore. Plus is like a program that doesn't know what it is. It forgot that it used to be a Sandbox program. Now, a firewall with SBIE. What is next, AV? And he keeps adding stuff.

But regardless, David has kept Sandboxie alive and that is worth plenty. I thank him for that.

Bo

 

Plus features/enhancements/settings/changes are not added to Classic UI. DavidXanatos has commented numerous times that Classic UI is not extra work. Security & Compatibility fixes are under the hood. Security & Compatibility fixes are not UI dependent.

 

A lot of people use sandboxie for software compartmentalization that is keeping software installed in a box or to run multiple instances of programs which otherwise don't want to, or to trace what software is doing, etc...

This use case was at some point supported, or else why would Tzuk have added provisions to run the MSI installer in a box, windows update service and the trusted installer. But after Invincia took over this use case seemed to get more and more forgotten.

Now since every browser already comes with its own sandbox (even though not one that secure), and every PC has enough ram to run a VM to test suspicious software, these non security related sandboxie use cases are IMHO becoming more and more important.
Hance it is justified to expand on this functionality to ensure sandboxie will remain to be useful in the decades to come.

From my point of view the more settings the better, and it has nothing to do with maturity, the less settings the more it means the corporation thinks it knows better than the users whats good for the users and forces them to do things their way in total disregard of their individual needs and circumstances.
The Modern Windows Settings app has much fewer settings then the control panel, is it because of that more mature?! I don't think so its just patronizing to the average user, and borderline useless to advanced users.

Well I changed "Write Only Path" and alike to "Box Only Path" as write only sounds like a sort of well write only/dropbox behavior, box only is clear in that its a path that exists only in the box.

Then "Disable Forced programs" to "Pause forcing programs" was changed by an other contributor to facilitate better translation, and to be more explicit, some new users were confused by the wording disabled they thought than the programs would not run at all.

this is the extent of intentional changes, the rest like "Is window sandboxed" -> "Window Finder" is just the result of doing things and not looking how it was worded in the classic ui.
Provide me a list of what language to change in the plus UI to use the old one and I'll look into it.

So no icons in simple view mode...

First of all this firewall works for sandboxed applications only, I did not add a firewall for all process or alike.
Second This functionality had to be integrated into sandboxie, as sandboxie knows to which box a process belongs and hence can apply firewall rules on a per box basis.
Third the original sandboxie had this BlockPort functionality which already is kind of a firewall in its beginning, but it was badly implemented, by only implementing this block in user mode any malicious application could bypass it if it wanted to. So properly implementing this feature in the driver using WFP was required and since I'm on it I could add not only Port but also IP based rules and make them configurable per process.
Fourth sandboxies default block internet access implementation is so blunt that many programs when blocked with this method simply crash, using WFP instead allows to block the internet access without crashing applications, a major improvement imho.

I hope it is now clear why this functionality needed to be added and why its not an unmerited feature creep or alike, but in fact was very much needed.

Please clarify what other added functionality you think has no place in a sandboxing tool?

 

Thank you @DavidXanatos for such a brilliant explanation. Thank you very much.

I do, on a daily basis, constantly.

Wow, thank you, I love your long term vision.

 

Custom Font Size:



I would go for % values
25
50
75
100
125
150
175
200
225
250
275
300
350
400

 

@DavidXanatos My first answer was more emotional in direction kindergarden, I want and what I want is enough. We would still live in caves, they were so comfortable and gave you all you need.
I totaly agree to your statements. And Fontsize in % might have advantages with bigger screen sizes over pixel size.

 

Just to be sure, the only way to get this extra data protection is by buying a certificate to access this feature?



Also is 'Process/Thread handle filtering (obCallbacks)' a setting or is it built into Sandboxie Plus? If it's a setting, then where is it located?

Is 'Win32 syscall hooking' a setting or built into Sandboxie Plus?

'WFP (Windows Filtering Platform) support' is the setting located in the Internet Restrictions tab?

Will there be an updated Wiki or guide for Sandboxie Plus that explains each of the settings and/or gives examples?

Sorry for so many questions but I'm switching from Sandboxie Classic to Sandboxie Plus which has a lot more settings. I'm trying really hard to find everything and know what it does. More features, more settings, more questions! Thanks to everyone for the help!

 

In the next build the browse files dialog will be integrated as a side panel to the normal sandbox view, it
on start it will be hidden and will have to be enabled using the shown view menu option




The browse content menu option from the context menu has beem renamed to browse files and moved into the box content sub menu

 

Yes you need a certificate to use these box types. You can buy one, you can how ever also earn one by contributing to the project
for example by creating a new translation, or writing documentation, fixing outdated/broken templates would also be quite great.


about the other settings they are not per box but global and to be found in the global settings