Sandboxie Technologies (SBIE Open source)

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by bo elam, Apr 22, 2020.

  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,478
    Location:
    UK
  2. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    409
    Location:
    Austria
    I am not sure too. But i think it always worked this way.

    I think it happens the following:
    - You open Youtube outside of Sandboxie (and you allow cookies). ---> A cookie is set.
    - Then you open Firefox and Youtube inside a sandbox and you start to play there video XY. ---> This information (that you opened video XY) is now saved on your (outside) cookie and kept there (as long as you keep the cookie) - though all other traces concerning your behaviour while being in the sandbox (cache, history, ...) are deleted (e.g. by closing the sandbox if this is its configuration).

    No guarantee that this explanation is correct. But it seems to me the most logical one.
     
    Last edited: Oct 28, 2020
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    Hi Bellzemos. Firefox saves Bookmarks and History in the same file (places.sqlite). So, if you allow Direct access to Firefox bookmarks in Sandbox settings as most of us do, history gets saved also.

    The solution (to get rid of history automatically but still save bookmarks) is to set Firefox in Firefox Options to Never remember history or to Use custom settings for history. I always done this, and it works well.

    Bo
     
  4. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    409
    Location:
    Austria
    Hi Bo,

    Should this explain the phenomenon with Youtube? I do not think that this phenomenon has to do with the history (but only with cookies). Because concerning myself, I do not allow Direct access to Firefox bookmarks in Sandbox settings and I assume that the same applies to Bellzemos as he writes:
    So history (in our cases) should not be saved for a session within Sandboxie. Nevertheless Youtube "remembers" which videos we have seen while using Youtube sandboxed.
     
    Last edited: Oct 28, 2020
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    If you dont allow Direct access to Bookmarks in Sandbox settings, neither Bookmarks or History gets saved out of the sandbox.

    History gets saved only if you allow access to Bookmarks in Applications>Web browsers, or by allowing Direct file access to file "places.sqlite".

    Regarding YouTube. Perhaps you guys are seeing what you are seeing because you sign it to YouTube when you visit the website.I don't know if you are being shown related videos when you visit YT because of cookies or history. My cookies are set in Firefox Options to be deleted when closing Firefox, and I dont allow cookies in Sandbox settings. I never get offered videos related to what I seen earlier when I revisit YT in a fresh browsing session Also FWIW, I hardly ever sign in, I did it a couple of days ago, time before that was probably more than a year earlier.

    Bo
     
  6. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    409
    Location:
    Austria
    Thanks for your explanations, Bo.

    As far as I remember, at some time YouTube offered me two alternatives what its cookie should save: a) my behaviour (visited videos etc.) only for the time when I am signed in or b) my behaviour in general (that means whenever I go to YouTube, either signed in or not). Unfortunately I do not remember where exactly I got to see these alternatives neither which was my decision. So this setting may also play a role if Youtube remembers the videos I have seen. But this is something independent of using a sandbox.

    Quite often indeed I am signed in to YouTube, but during my last test (the one described above) I definitely was not.

    ---> One more indication that it has to do with the cookies. ;)
     
    Last edited: Oct 29, 2020
  7. Jim1cor13

    Jim1cor13 Registered Member

    Joined:
    Aug 4, 2012
    Posts:
    473
    Location:
    US
    Personally, the only time I run browsers without being sandboxed is to update them. I am using Sandboxie 5.31.6
    on windows 10 pro, 1909, and have had no issues with it until Chrome/Edge updated to 86 and I had to use the workaround posted here.

    Otherwise, 5.31.6 has been rock stable for me with my browsers, Firefox and Chrome/Edge, but I do have a pretty simple setup, and only 1 extension on both browsers.
     
  8. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    148
    Thank you all for replying. I never sign in to Youtube/Google, except to read Gmail email and then I log out and terminate+empty the sandbox.

    I have direct access to Bookmarks and History disabled in the FF sandbox. It's enabled only for the Phishing database. I've experimented a bit and it seems like something Peter is saying is going on - cookies.

    Why Sandboxie allows cookies to be saved outside of the sandbox, I don't understand. Now that I've deleted the Youtube cookies in unsandboxed Firefox, the log-in nag and the cookies nag screens on youtube are back.

    I'd like to find a way to remove those two nag screens and then stop cookies from being saved outside of the sandbox (or whatever is going on). I could set cookies to be deleted by Firefox itself upon closure but that will bring back Google's nag screens...

    If someone has an idea how to make it work and if you know of any source where I could read/watch about how cookies are saved to better understand why they go outside of the sandbox, I'd be grateful.

    Have a nice weekend you all! :)
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    I think it's more of a "whatever is going on" kind of thing than Sandboxie allowing cookies out. Sandboxie doesn't alllow cookies out, unless you allow them out. You could try a new sandbox with default settings (History and cookies dont get saved), but this sounds to me like a Google YouTube thing and its coming from them tracking you and knowing about you.

    Bo
     
  10. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    148
    I've tried it with a new sandbox. Forced FF, nothing allowed direct access except for the phishing database (as it is by default), drop rights, empty sandbox after termination. The problem stays.

    It's definetely not a Google/YT thing because it doesn't happen unless I do this: open unsandboxed FF, got to YT just to say no thanx to logging in and agree with the cookies warning, then close FF (without seraching or clicling on anything on the YT site).

    After that it acts like it has a permission to save YT cookies outside of the Sandbox. Like, if that first YT cookie is saved outside, then it will keep saving all I search/watch on the YT (with sandboxied FF), after every termination and deletion, it remembers it all, the new searches too. But I never sign in to YT/Google.
     
  11. Sandboxer

    Sandboxer Registered Member

    Joined:
    Sep 22, 2020
    Posts:
    19
    Location:
    Sydney
    I have been following and appreciating developments on this thread for a while, and being a Vivaldi user (the old Sandboxie does not work for Vivaldi any more), I decided today to jump in and install David Xanatos' SandboxieInstall64-v5.43.6 --- I installed as an update, keeping my old settings. I am running Windows 10 2004 19041.610 on a 64-bit desktop, with ESET Internet Security. I thought I could handle the missing certificate problem because others were not troubled by it.

    When I try to run Firefox sandboxed, I get the error message:
    SBIE2331 Service start failed: [22 / 5] Access is denied. The description is:
    - - - - - - - -
    Message: SBIE2331 Service start failed: [yy / xxxx] text
    Logged To: Popup Message Log.
    Explanation: Sandboxie Control has detected that the Sandboxie service component (SbieSvc) is not running. Sandboxie Control then tried to start the service, but failed to do so. This message specifies the error code that prevents the service from starting.
    For example, if the detail is [22 / 5] Access is denied, it indicates that the service SbieSvc is not running, and that Sandboxie Control is running in a user account which does not have the authority to start the service.
    - - - - - - - -

    I therefore opened ESET --> Setup --> Computer Protection --> Settings --> Configure --> Processes Exclusions --> Edit (ESET's other name is Tardis), and added C:\Program Files\Sandboxie\SbieSvc.exe. No luck.

    Then I added successively C:\Program Files\Sandboxie\SbieCtrl.exe and C:\Program Files\Sandboxie\SbieIni.exe and C:\Program Files\Sandboxie\Start.exe. Still no luck.

    I paused ESET protection. Still no luck.

    I have rebooted several times doing all this. The System Tray icon remains the error icon with exclamation mark inside a yellow diamond.

    The error popup says: 'The Sandboxie driver (SbieDrv) is not available to sandbox programs.
    Make sure both the driver and Sandboxie service (SbieSvc) have started successfully.'
    But the driver file SbieDrv.sys is not an EXE file, so I cannot add it to ESET.

    I have no idea what the error message means when it talks about my user account not having suthority to start the service.

    I have been running Sandboxie for many years with no problems at all, but this has stumped me completely. Does anyone know what further action I should be taking?
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,613
    Location:
    The Netherlands
    What I meant is, I don't know if Tom is cool with David posting new versions of Sandboxie Classic. Actually, I don't even know how this open source thing works to be honest. For example, let's say I'm a developer and make some changes to Sandboxie, can I then say: "Hey guys I have just released Sandboxie v5?" Who decides which version Sandboxie is on?
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,478
    Location:
    UK
    Make sure that in Windows Services SbieSvc is running.
    Also install 5.43 over the top of itself (so run 5.43.installer over the top of the 5.43 that you have) and then restart machine.
    If no go check in Services again and then reboot.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,613
    Location:
    The Netherlands
    BTW, here is an example of a Chrome "remote code execution" bug that was probably combined with another unknown Chrome "sandbox escape" exploit or a Windows kernel exploit. Sandboxie on top could have mitigated the attack unless it was also targeted. So attack surface is only a concern when Sandboxie is the target.

    https://www.trendmicro.com/vinfo/us...th-kitsune-tracking-slub-s-current-operations
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,613
    Location:
    The Netherlands
    I don't think the lifetime license is relevant anymore now that Sandboxie has become open source. The developers of the Sandboxie fork(s) are allowed to charge a yearly fee if they want to. :p
     
  16. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    409
    Location:
    Austria
    Yes, that's what I assume too. I could imagine that it has to do with the IP-address of the user.
    You describe correctly the behaviour (at least on my PC happens the same). What I set in your quote in bold letters is an indication that it has to do with Google/YouTube.
    I could imagine that Google/YouTube watches/saves on its cookie all behaviour (on YouTube) coming from your IP-address. And as the IP-address is the same outside and inside of Sandboxie this could be an explanation. So you could try to experiment with a different IP-address (proxy server or something like that).

    ----------

    But as you write by yourself: Sandboxie has become open source. So Tom does not have a monopoly to develop a new version of Sandboxie Classic (the more when he has disappeared for such a long time).

    This question would have to clarify any competing developers among them. But at the moment for Sandboxie this is only a theoretical question because for the time being we have only one active developer (= DavidXanatos) - without any competition. ;-)
     
    Last edited: Oct 31, 2020
  17. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    148
    I've tried an experiment. I've cleaned the cookies so that sandboxed Firefox showed no recommended vidos on Youtube. OK. Then I run unsandboxed FF, went on YT and clicked on "no thanx" in the login nag screen and "OK" on the cookies warning screen. Then I closed unsandboxed FF. Then I used a VPN and connected to the other side of the world, I checked my external IP, it was different than before. OK. So I started sandboxed FF, went to YT, searched for a video, opened it, then closed FF - which also termianted the sandbox and emptied it. OK. I then disabled the VPN and quit the VPN program, checked my external IP, it was my country's IP, same as I had before connecting elsewhere with the VPN. OK. I then again run sandboxed FF, went to YT - and there were recommendations based on my search which I did when I had an other external IP. Both times sandboxed. I don't think it's IP address/Google/Youtube related? Can you reproduce?
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    I missed saying this in my post yesterday. FWIW, I never see those two nag screens you mentioned. I dont know what they are, or what they look like. Also, I don't know if this is something most people see or are nagged with.

    Regarding cookies. You can prove yourself that Sandboxie doesnt allow cookies by doing a simple test. 1. Run CCleaner and clean all cookies. 2. Run Firefox sandboxed and visit YT, search and watch videos. 3. Close Firefox and delete sandbox. 4. Run CCleaner.

    As long as you dont run Firefox unsandboxed at any time after running CCleaner the first time, you can go to YT sandboxed as many times as you want, and CCleaner won't find any cookies the second time you run CCleaner. This test can help you prove that perhaps what you are experiencing is not caused by cookies.

    Bo
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,003
    Location:
    .
     
  20. Radagast70

    Radagast70 Registered Member

    Joined:
    Oct 31, 2020
    Posts:
    13
    Location:
    Germany
    Are you sure, that they are allowed to charge a fee? When i look at the original website of Sandboxie (www.sandboxie.com), there is this statement listed:
    "Are there any restrictions to using the source code?
    We are releasing the source code under the GPL v3 license (https://www.gnu.org/licenses/gpl-3.0.en.html)"​

    I always thought, that the forks of the original source code are also bound to this GNU license?
     
  21. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    409
    Location:
    Austria
    I have no experience with VPN programs, so I better do not experiment with it. ;) But you described very well what you did and what your results are. So it seems that indeed it has not to do with the IP address. Strange ...

    You can see them for example here (in the first posting): https://www.computerbase.de/forum/threads/youtube-nervt-mit-pop-ups.1968831/

    (And a similar third nag screen - concerning Google - appears at least on my PC too [not so often but it happens]. You can see it [in its German version] in the above link in posting # 10.)

    Yes, I do not doubt that Sandboxie doesn't allow cookies. But our situation (Bellzemos' and mine) is different: We allow a cookie (for Youtube) outside of Sandboxie. And obviously this cookie registers what we do (on Youtube) afterwards when being inside the sandbox. This is Bellzemos' concern.
     
    Last edited: Oct 31, 2020
  22. Sandboxer

    Sandboxer Registered Member

    Joined:
    Sep 22, 2020
    Posts:
    19
    Location:
    Sydney
    @stapp, thank you for your reply. Unfortunately, the problems remain. I checked again this morning in Task Manager that SbieSvc was stopped. Then I re-installed SandboxieInstall64-v5.43.6 over the top as you said.
    * This time I paused ESET before the final step, and the full installation worked. Even with ESET turned back on, the browsers were working in Sandboxie --- including Vivaldi (Cheers!), and SbieSvc was running.
    * I rebooted, and ESET jumped on a 'virus' and forcibly rebooted again before I could get the details. Sandboxie was now crippled as before, with SbieSvc stopped.
    * I then added C:\Program Files\Sandboxie\SbieCtrl.exe and C:\Program Files\Sandboxie\SbieDrv.sys to another location, at ESET --> Setup --> Computer Protection --> Settings --> Edit Exlusions (this location accepted the SbieDrv.sys file).
    * I then reinstalled Sandboxie over the top, pausing ESET as before, and all was well, even with ESET restarted.
    * I rebooted, and all was well. Then I scanned the file C:\Program Files\Sandboxie\SbieDrv.sys with ESET, and ESET complained. SbieSvc was stopped, and Sandboxie was cripped.
    * I rebooted, as ESET was commanding. Now SbieSvc is stopped, and the file SbieDrv.sys has been deleted.

    So telling ESET to ignore the program has beaten me, I'm afraid --- ESET is well-known for having settings that are obscure to non-techies. David, do you have a webpage telling us experienced but non-techie people how to beat the no-certificate issue on the various internet security programs, or should I go back to the earlier version --- if I can --- and wait patiently for the certificate?
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,985
    Location:
    Nicaragua
    Thanks Peter, I never seen those screens and would feel extremely annoyed if I was constantly seeing them. The only screen I get from YT is the one we get when clicking to view an age restricted video.
    Then, this is a case of you having to choose what you want and act accordingly, you can't save the cake and eat it too.

    Bo
     
  24. Radagast70

    Radagast70 Registered Member

    Joined:
    Oct 31, 2020
    Posts:
    13
    Location:
    Germany
    When you create a cookie outside of Sandboxie, your browser is able to read it, when started inside of Sandboxie. After this, when you look a video on Youtube inside the sandbox, i assume it will be stored into a database on Youtube-servers, which is connected to this cookie ID - i don't think that every watched video is stored inside of the cookie, because it would become very large over the time, so i think the cookie only stores an ID, and all things connected with this ID will be stored on a database on YouTube-servers.

    So when you go to Youtube outside of Sandboxie, the same cookie ID is used to look into this database, and your watched videos are known.

    In Sandboxie you can block the access to files outside of the sandbox (which prevents the program into Sandboxie to read it), so probably you can avoid this problem by blocking the access to the folder which contains the cookies. In Sandboxie this setting can be found at "Resource access / File access / Blocked access".
     
  25. Wabe6666

    Wabe6666 Registered Member

    Joined:
    Jul 5, 2020
    Posts:
    15
    Location:
    Germany
    Hi Sandoxer,
    I used ESET too until a few weeks ago. But it always made problems and often reported false positives. Since my license would have expired in february anyway, I uninstalled ESET and use the Windows Defender now. It doesn't need so many resources either, is recommended by many experts because it is now just as good as paid programs and free too. And the Defender does not give a false positive with Sandboxie 5.43.6.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.