Sandboxie technical tests and other technical topics discussion thread

Discussion in 'sandboxing & virtualization' started by MrBrian, Oct 17, 2014.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    Me too Bo!!! lol
    On the other hand I want Sandboxie to work trouble free as version 3.76, I mean lag free, less hooking issues that causes incompatibilities/crashes, etc. but I guess this is just fantasy for me :)
    As I already said another competitor is needed which could make a program close similar to Sandboxie features but different underlying source code for better performance but again, a sweet dream for me only lol
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    You and I talk about this before in private. Like I told you then, for something similar to Sandboxie to come out, it would have to be developed by someone who thinks exactly like Tzuk and I believe, most developers use their own ideas when they create programs, they dont go around stealing other peoples ideas. So, I don't think we ll ever see anything similar to Sandboxie, unless of course, someone tries to steal Sandboxies code. There are many great developers in the world but their minds don't think alike.:)

    Bo
     
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    Exactly, they don't think alike. Programming is an hybrid (science/technology/art... yes art lol) Personally I find this as a window of opportunity for smart devs to create their sandboxing programs then look them thrive or die. As for "stealing other people ideas" it depends on the extent of the copy of features. Grab as an example media players: myriads of programs out there have exactly the same functions/features JUST different presentation, i.e., GUI and buttons locations. Or take the example of musicians that develop their own personal style: they receive precious inspiration from their favorite artists. LOL
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    You as I have used DefenseWall as well as Sandboxie. I think both programs are great and both do sandboxing. But both do it differently. The two developers created programs that achieve exactly the same but they get it done in a different manner. I personally think this programa are more similar than not, even though on the surface, they might seem that they are totally different kind of programs. Here you have a perfect example of two great developers who developed two great programs that do sandboxing but both programs were created with their own ideas on how to get the programs to work. No way well see another program ever similar in settings, etc, to Sandboxie.

    Bo
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    Why not? I can see really well as long there were devs+investors willing to do it. But Bo lets stop right in here because we are not going anywhere. If a couple of skilled devs don't share their opinion on this matter we can be discussing endlessly why yes and why not a Sandboxie quasi twin could exist. :argh:
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,651
    Location:
    USA
    Yes, that is probably the biggest misconception of all for beginner level users.
     
  7. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    194
    Location:
    Poland
    That why i use more offen VMware :)
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    What are you talking about here? In the VM, all programs run. In Sandboxie, only the programs you allow to run or connect to the internet, do.

    Bo
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Thanks for testing. :thumb:

    Yes I was clearly confused, and should have known better. After all, SBIE can't restrict apps that run outside the sandbox, so a banking trojan should have no problem hijacking a sandboxed browser. I guess I was a bit confused because so called "global/window hooks" won't work inside the sandbox. But that is something different than DLL injection.
     
  10. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I might take a couple of days off myself... nearly broke my brain trying to figure out how to restrict my C:\Users\StandardUser\AppData\* exposure in various sandboxes. May I ask, have you applied any restrictions for AppData\Local & LocalLow & Roaming for various sandboxes? My thought is that not every sandbox needs every sub-directory in Roaming. So why not block it?

    So, I was wondering if granular rules could be applied to AppData/* in sandbox settings; if so, how? Thanks in advance for any reply, Bo.
     
  11. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    lmao... fleshware!
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    Hi marzametal, I don't apply any restrictions to any file or folder in AppData, Windows or Program files. I feel is not necessary and doing so might cause errors. I use this type of settings for blocking sandboxed programs from having access to personal files and folders only. If there is a file of folder in AppData that you like to keep sandboxed programs from having access to, you can try blocking them or setting them as Read only in specific sandboxes. And if doing so doesn't cause issues running the dedicated program, then leave the restrictions in place. If I wanted to do something like what you are thinking, I ll probably tried setting files as Read only access instead of blocking them. The chances that it would work are better.
    http://www.sandboxie.com/index.php?ResourceAccessSettings#file

    Bo
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That can be tricky. Lots of programs are starting to write to Appdata and Programdata. And if you are lucky enough like me you get a program that uses the MS clickonce installer process and it scatters throught appdata. Security software nightmare.
     
  14. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Thanks guys for the input... :)
    I should've explained a bit further...

    It's one thing to custom-tailor rules/settings to prevent exposure when downloading/browsing; have a custom download folder for each browser, or one generic download folder for all internet facing programs. What I was/am trying to do is minimise directory access when I click on File -> Open File in Firefox, or any program for that matter. I mentioned the Users/AppData folder because when Explorer is loaded, the current User folder sits on top Computer -> C / D / E etc... and was hoping to restrict exposure to manual "dodgy file loads" from those folders, not just dodgy file downloads... So, it's either let this idea go, or have a buttload of ClosedFilePath entries just for AppData folder... *has something to think about while I continue to read this thread*

    Thanks again Peter and Bo.

    P.S.: I did have some fun with the read/write only sections...
    Inserting Users/Current User/AppData into read only, then loading up Firefox in a sandbox provided the same response as executing "firefox -p" from Start -> Run... without any profiles to choose from...
    Inserting Users/Current User/AppData into write only, then loading up Firefox in a sandbox provided me with a fresh Firefox (one that resembles a "first run") with all the original popups, display settings etc...

    -----------
    Another question...
    In relation to #864 and #865...

    I've seen various posts in this SBIE thread and in the generic one relating to Registry entries. Some users just put "C:\" in Resource Access -> Registry Access -> Read-Only Access. Does the "C:\" entry, in this context do anything at all? If not, does anyone have examples of Registry entries to be read/blocked?
     
    Last edited: Oct 17, 2015
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    Thats the kind of errors we get when we restrict sandboxed programs from having access to files and folders in AppData. Thats why I do none.
    Read this links.
    http://www.sandboxie.com/index.php?ReadKeyPath
    http://www.sandboxie.com/index.php?ShellFolders
    Block access to keys gives errors, setting keys as Read only works fine. Sandbox settings>Resource access>Registry access>Read only access, Click Add, add the resource name. Example.
    ReadKeyPath=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    Bo
     
    Last edited: Oct 17, 2015
  16. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Nice work Bo... thanks! You've silenced my queries...

    This is a brilliant approach! No more direct access for Bookmarks and UBlock Origin settings... marvellous!!!
     
    Last edited: Oct 18, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.