Sandboxie+ Roadmap

@DavidXanatos : Thank you for implementing this feature

 

Since there were already many many many major changes to sandboxie but the version stayed at 5.xx you may wonder if there ever be a version 6.xx or if we will just continue to triple digits 5.xxx and beyond...

Well I think on one hand we should have bumped the version already, there were plenty opportunities
when we got the driver properly signed
when rule specificity and derived functionality was added
or when sandboxie got arm64 support

On the other hand that's already 3 so what, would we be now at 8.xx ??

When we review previous major version jumps most of them were quite significant
1-2 introduction of "Open" and "Closed" paths, auto delete, quick recovery, etc...
2-3 win32 isolation (major security improvement), improvements to msi installer, support for services, Explore can run sandboxed
3-4 by far the biggest of them all, proper support for 64-bit windows, a full re design of the inner workings of Sandboxie to use token based isolation instead of undocumented kernel hooks
4-5 real not worth it IMHO just win 10 support, sounds good on paper but technically just minor tweaks

So naturally I was thinking what would be a good reason to bump the major version number, certificate - not technical enough, rule specificity - just an optional premium feature, arm64 - yea a big thing for those who have an arm64 device which are very very few LOL...

There are a lot of changes to be made under the hood some of them ore revolutionary then others but most of them won't be visible to the users.
I'm not sure about something like UWP support it will rather be not one rework that enables it but rather many incremental fixes.

So what would be a suitable mark for y 6.00 version, I think ultimately a not so happy event would be a good mark to move on, as said here: https://www.wilderssecurity.com/threads/sandboxie-roadmap.445545/page-4#post-3098132 there is some "natural" limit to how long windows 7 support is easy to provide. At some point we should move to Qt6 and soon er or later Github wont offer VS2019 any more.
Plus sandboxie currently still contains a lot of code for windows XP and even 2000 which is not required, complicates things, so I'm thinking to do a large code clean up stream lining everything for windows 7 and later only, even though at that point there probably wont be a binary release for windows 7 due to the aforementioned issues. Last but not least at some point its time to deprecate support for 32-bit OS's ... 32 bit windows 7 understandable, on old low end hardware okay, but windows 10 is almost unusable with < 4GB ram and 11 is 64bit only anyways.

So I'm thinking some time in a year from now to do a large code clean up, stream line the releases to Windows 10 64 bit or later, and at that point bump the version finally to 6.00

What I'm also considering is a rework of the sandboxie.ini format (https://www.wilderssecurity.com/threads/sandboxie-resource-access-rules-v2-0.450239/) although this probably will be switchable so not that breaking of a change LOL hence not sure if this should coincide with the 6.00 version or be independent.
Its a thing which merits a new major version as to indicate to all the user major change in configuration syntax.

PS: there is a significant up side to this strategy when continuing the main line development on 6.xx having the rest of the 5.xx version space free allows us to release every quoter or every half a year depending on the need a custom build 5.xx build for those few users still needing win 7 or 32 bit, it it will look with signature for that is a different story, but at least tehre will be options.

PPS: an other thing to clean up, remove flash plugin support LOL

 

About windows 7 support, seams firefox will keep win 7 support until Q3 2024 (https://bugzilla.mozilla.org/show_bug.cgi?id=1594270)
I think it would be prudent to try to provide the same for Sandboxie, and to hope github's worker deprecation won't get in the way...

In the end as long as there is an up to date browser for windows 7 it remains a reasonably usable OS for day to day use.

 

As a Windows 7 user, I appreciate your position on this. Thank you

 

I used to use the classic Sandboxie occasionally, and have been waiting for Sandboxie Plus to 'settle down' a bit before I invest the time to wrap my head around it, with all the enhancements, new features, etc.
But scanning the various threads, I fear that day may not come, and I shall forever be left behind!
I am a supporter though, and do feel I should dive in sometime!
One question (apologies if I've missed it): Is there now a firewall component that prevents data stealers (like Comodo FW)?

 

Just use it like you always have. Doesn't take too long to get used to the new interface.

I've given up trying to keep up - I use my old sandboxes and regularly update, but that's it.

 

Sandboxie should beeings this as it was invented for, nothing else. blowing it with a HIPS or antivirus, please dont. and i think it would take some costs and no longer for free. think before and to the end about wishes! otherwise you wont wake up in cansas again.

 

I have updated the road map change log in the first post.

Also I have a question to you when we move sbie classic version to 6.00 what should we do with the plus version number?
Bump it to 2.0 or only to 1.100 or something similar?
Given the current version number progression classic 5.100 would correspond to plus 1.45

 

Version #'s aside... there was a few threads not so long ago that seemingly wanted to dare to venture into a YouTube Tutorial of sorts that would explain how to connect points A to B to C with respect to Sandboxie plus as of late.
Apparently that's off the table and that's fine. Never expected @DavidXanatos to step up to the the batter's box with his reservation about the adequacy of his voice meeting the 1.5 to 2.0 to 2.5 hours challenge of a pleasurable and fulfilling
Sandboxie + tutorial. And again, that's fine. There's other superb YouTube reviewers out there that could fill in the void of a True Blue Sandboxie plus review. So with all due respect to @DavidXanatos, version #'s will remain arbitrary at best in context.

 

I'm looking into this point of my road map and was investigating how imdisk is implemented and how it mounts disk images.
Long story short, it would be quite easy to add means to not only use ram disks, but also use encrypted container files,
such that we would have encrypted sandboxes, which content would only be available once the user provided he right encryption key.

Actually this could be implemented even without the imdisk driver using vhdx files and windows's own bitlocker,
but then I'm not sure if that is desirable as the trust in bitlocker might be limited. And also all mounted sandboxes would appear in the disk management.
Using the imdisk driver would be more covert

what do you think?

 

Is it possible to use VHDX+Bitlocker with Windows Home editions?

 

emmm... that is a very good point.. I have no idea... never in my life I used a home edition...

I guess I'll need to test that first, and if that does not work we will have to go with a custom solution.

What I liked about the idea is that that takes care of dynamic drive space allocation, without using VHDX I'll need to cook up some own solution, perhaps just cheaply use spares files and properly handle that in the box import/export function.

 

I don't think there will be any problems with using VHDX in the Windows Home edition, but Bitlocker probably won't work.

 

I have been using imdisk with SB successfully for many years. I don't use containers (to my knowledge), everything either deletes on close or when the pc is shut down. So I suspect I'm not your audience; unless I could somehow use it on a public computer from a cloud located container - now that would be interesting.

 

Great news everyone

A new exciting feature is comming to Sandboxie-plus :

2.) ImDisk integration allowing to create RAM resident boxes to leave no trace on the actual pc
and
11.) Encrypted sandboxes using custom container files *.ebox

There is a long way to go until its fully implemented, but the main core functionality will be in included in a upcoming insider build

Code:

BOX DISK Support:
   ImBox Imdisk Proxy with Encryption   <-   DONE
   SbieSvc, Mount Manager              <-   DONE
   SbieDrv, Folder Protection           <-   ToDo
   Auxyliary box config support       <-   ToDo
   Plus UI, basic Options               <-   ToDo
   Plus UI, Mount Manager               <-   ToDo
   Plus UI, Plugin Panager               <-   ToDo
   Plus UI, Box Password Entry           <-   ToDo
   SbieSvc, Password Management       <-   ToDo
   SbieSvc, crash recovery, unmount   <-   ToDo

And let me use this opportunity to remind everyone of the insider builds available on the 10$ Patreon tier and higher https://www.patreon.com/DavidXanatos

Also please note that the Sandboxie-Plus insider builds are not like the Windows insider builds which are buggy and rushed.
The new things in the insider builds are limited to new functionality and new features.
Experimental things which may impact compatibility are tested in the public github preview channel.
The Sandboxie-Plus insider builds are based on stable final releases, and have new functionality added on top.

 

Does that mean a separate RAM Disk program will no longer be needed?

 

Well it will use the ImDisk driver so you will need to still have it installed, but you will not need to manually set up a ram disk and redirect sandbox roots all that will be done autoamtically

 

Care to give some instructions on how to set up? ATM mine is done manually.

 

Immediate plans for the upcoming builds:

1.10.0 (this week)
Will get a new troubleshooting wizard based on the new box script engine the troubleshooting scripts will be able of being updates online to always get the latest once, and it has a feature to submit issue reports through the wizard.

1.11.0 (in a few weeks)
Will get the ability to create ram disk based sandboxes users with access to the insider program can already use this feature and many more.

 

Great things comming to 1.10.0 although the release may get delayed anohter week...
kmdutill can now fix DACLs issues as encountered onwindows 11 with portable instalations
and even better I'm looking into making the troubleshooting engine monitor sbie messages and when an issue is detected offer mitigation affords if any are known.

 

Will the Sandboxie-ramdisk have optional dynamic memory management like Imdisk Toolkit?

 

yes

 

Having used Imdisk for many years and only for SB, should I change to SB ramdisk? How does the memory overhead of the 2 compare?

And you say this is already available to Insiders; from which version pls?

 

starting with: https://github.com/DavidXanatos/Sandboxie-Next/releases/tag/MAY-25-2023 if oyu get an error on that page you are not an insider.
The memory overhead is similar as it uses the imdisk driver, whats new is the user mode disk proxy process.