Sandboxie safe to run Active X control?

You got some GIGANTIC balls, man. Tzuk doesn't care about your opinion.. He just wants you to be fair and is asking you to quit badmouthing an application you know nothing about.

Why should he give YOU a registered version? You crack me up, man.

 

If Tzuk is correct then I would think that he would be proud to have someone examine it.

 

I care about steve's opinion. If steve can find a vulnerability I'm interested as to what it is and what type of malware can evade sandboxie so as I can make sure my is system protected in that area.

 

Is that so? Interesting. Because I have never known or heard of a single instance that happening.

Do you have any reliable sources where a malware has "jumped" or broken out of a virtual machine, e.g Sun Virtualbox running Ubuntu Linux?

Can you provide a specific example of this so others can test and verify?

I would love to hear about a single occurrence a malware has been able to "jump" out of Linux running in a Virtualbox machine.

I await your reply with keen interest. Because as far as I knew, malware cannot tamper with Linux at all, and cannot "break out" off Sun Virtualbox and infect the host, Windows.

 

If you have any evidence, proof or sources where a malware has broken out of a virtual machine such as Ubuntu Linux running through Virtualbox, then please post your evidence. Thanks, as I am really keen to see that.

 

Is that a fact?

 

Hey, are you dudes going like fight, or something. Because if you are, I want to get some popcorn, and my money is on Tzuk in 2 rounds or less.

 

Well how could he or anyone else? You have it as closed source. Open the source.

P.S Remember me from Sandboxie forum? You didn't like my challenging questions and couldn't answer them, so you began to edit my personal posts, which shocked a lot of people.

 

Good idea Never thought of that. That's clever, by adding as many security layers you can.

Run Ubuntu on Virtualbox which is running inside Sandboxie. Can't hurt I guess

 

You use the words "pretty much" which indicates you cannot be 100% certain. Would you admit that?

So be honest tzuk, are you 100% certain that Steve is wrong and that nothing can "jump" out of the sandboxie?

And do you believe that Sandboxie falls into your saying "Trust no program"?

 

Sure. Just for example, malware could be designed around any of these breakouts in VMWare:
http://secunia.com/advisories/18162/
http://secunia.com/advisories/31707/
http://secunia.com/advisories/30556/
http://secunia.com/advisories/29117/
http://secunia.com/advisories/26890/
http://secunia.com/advisories/25079/
http://secunia.com/advisories/32612/
http://secunia.com/advisories/30476/
http://secunia.com/advisories/31709/

These are just a few i found in a cursory search. There are many many more.

 

But I see none for Sandboxie........

http://secunia.com/advisories/product/14888/?task=advisories

 

I found a flaw in Sandboxie and posted my concerns on the sandboxie forum.

But to my shock, tzuk was not willing to maturely discuss my concerns, instead he attacked me and even edited my posts.

tzuk seems very defensive about sandboxie, and if anyone dares to bring up a concern, he demands people stop talking about his program and even attacks the persons character.

 

The bottom line folks is, one side or the other is going to have to supply some proof for anyone here to see the picture. You can throw barbs all you want, but in the end it will take proof. We went through this once before, different scenario, and nothing ever got produced. So save yourself some typing and bring the proof forward. Otherwise, it is all conjecture.

 

Works beautifully. I can't wait to get it all up and running on my much more powerful new system.

Acadia

 

As I said, just because nobody's trying to find holes and report them doesn't mean you don't have them. Yours might be a good example. There are a world of undiscovered vulnerabilities out there, most of them aren't worth finding, or aren't searched for. Hackers who find them have incentive to use them, not report them for fixing. Software vendors in general don't want to pay to have someone tell them they have holes in their software. This is especially common among closed-source vendors.

 

That's my point exaxtly. Tzuk doesn't care about anyone's opinion IF it is regarding any security or privacy concerns with sandboxie.

Tzuk seems very very insecure (excuse the pun) about sandboxie and cannot stand anyone who challenges the program.

 

Good point.

If Tzuk is so confident in sandboxie, then send Steve the source code. Tzuk should have nothing to fear right?

 

But Steve, with all due respect, what does this have to do with Sandboxie. If there is a hole, show us. I mean saying and demonstrating are on 2 different levels and I think you would not argue with that.

 

It's so easy not to use sandboxie really.If u don't trust it fine,just don't lie,you made personal insults against the developer and remarks which got nothing to do with the product and you are surprised that your post was edited.

 

Tony, you are attacking a persons character for events that did not happen at this site. Therefore I personally appealling to the site admin to put a halt to this, until some viable proof is brought for. Otherwise it is just slander.

 

Right. So how do we begin to take an objective look? We need the subject it's self, and it's components, which I've asked for.

 

My money is on Steve finding a problem in sandboxie if Tzuk has the guts to put his money where his mouth is, and send Steve the source code.

My money is on Steve.

I respect Steve, because he challenges people and programs and does due-diligence, unlike so many others who just blindly accept what Tzuk says and trusts sandboxie. Which is ironic, because Tzuk himself says "Trust no program"

 

How much will your new PC have? RAM? etc?

 

well now, isnt that the fat cat. Because if Tzuk doesnt want to send Steve the cheese, then that is not only his right, but also the end of this thread in reality.

Steve, part of me thinks you could demonstrate something if he did, but lets be real, he isnt, I know I wouldnt. So at the end of the day, reread all the posts here and ask yourself. In the end, I got my point across in my viewpoint. And for Tzuk, life goes on.

Lets just be men and realize there isnt a pot of gold at the end of this thread. Fair enough my firends.