Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by bo elam, Apr 22, 2020.
I agree with Special, what he said is pretty much how I feel. To be fair to David, Tom was actually wrong in his reply that Special linked.. At the time, in a PM, days later after he had replied, Tom admitted that he (Tom) was wrong in that reply. He gave some explanation but I cant remember the details. To remember what this details were, I would have to search for that email.
My friend Pete, I think suggestions sound better than objections. In a few words. Slow down a bit, and don't try to fix everything. Prioritize whats important (browsers, PDF readers, video players, office, programs that are popular). He cant fix everything and shouldn't try,. Some people are going to be angry but Sandboxie shouldn't be expected to work with programs that was never designed for.
Oh I did not know Tom was wrong then and there, so sorry to David, and credit when and where it's due, but my point still is this, old Sandboxie had a few, if not more "expert" coders that knew the inner workings of Sandboxie all working on and looking at the code from different angles, when someone misses something or makes a mistake then more likely then not someone else will notice it and fix it, David is just one guy, doing literally everything, there is no one else to look at his work at a different angle with a fresh pair of eyes to "catch" mistakes. I don't know if there is any solution to this other then work with more "expert coders", or to slow down, take a breather, come back with a fresher set of eyes, review your work, take another breather, fresher eyes again, etc.
@bjm_ : Thanks for the link and the quote. So the Classic version could be affected by a security hole theoretically caused by a compatibility improvement.
O.k. - lets call it suggestions. The important thing is to express a problem. And I think you made it in a decent way.
I'd rather have a working sandboxed browser, mediaplayers and office than a constant catchup with the latest drm problems in games and so on.
Thanks again for all the time and work you put in to keep sandboxie alive
I'm also a supporter of 'conservative' development. I don't like unnecessary superficial change. I hate 'gaudy' or 'gimicky'. I use forked software at times (if a developer is so paradigm bound or intransigent that the software can no longer meet my needs) but I am generally happier if change occurs within a framework or culture that I have grown to have confidence in because the developer is listening to his users and has a firm grip on what the software is and represents.
Tzuk's development was interactive with his members and it became almost like a mutual development but within a conservative framework. His finger was constantly on the 'pulse' but the program in essence and usability didn't stray far from a conservative parameters but had flexibility to meet inevitable 'environmental' change. I believe that when this became impossible to achieve for Tzuk (and leaving a highly developed and functional product) he decided to 'go while the going is good'.
This philosophy and application allows users (and particularly those who's livelihood depended on it) to have the confidence that any changes made were necessary.
That users have confidence in a products core values and stability of usage and development, is essential.
Tzuk once told me that he didn't like erratic or impulsive input and that is why he was not keen on moderators who often have their own axe to grind and (at times) can hinder rather than help.
A good software developer does not have to be (and often is not) a good UI/UX expert...
I like old fashioned manual user interfaces and I don't like visual change to suit the constant ever changing fads of 'modernity'. Some people don't like those sorts of UI and find them 'wooden' but I don't like 'gimmick' it unnerves me.
I remember years ago when 'blinkies' became 'all the rage' and nearly every web page was full of dizzying movement.
At first it was a novelty but soon became tiring, then irritating and eventually we were 'glad to see the back of it'.
I feel the same about overly bright and coloured software...it may have good functionality (under and above the hood) but if leaves the users psychological wellbeing out of the equation then it doesn't have true lasting functionality at all. I've seen many softwares that had potential ruined by gimmicky, 'loud' and gaudy UI.
Spelling mistakes in GUI were always a big 'put off' for me too.
Even now I sometimes contact developers to point out spelling and grammatical errors in FAQ or GUI, even, software which has obviously had a lot of effort put into the development is marred by flaws and lack of final proofreading..
'Don't spoil the ship for a ha'p'orth of tar'
Thanx Bo, I've updated SBIE to v5.33.6, I hope it will work fine for me too, after I update my Windows 10 to the latest version. If I'll face problems I'll have to decide then what to do next, revert Windows to the v1909, install David's Sandboxie fork or something else (leave SBIE - hope not!).
As for the David's SBIE fork, I am happy he took on Sandboxie after Sophos ****** up, I guess that without him there would be no SBIE development whatsoever. But as you've all mentioned already, he's just one guy, only one mind and one pair of eyes. There is no code review, no separate testing etc. And developing fast, changing things up etc. can bring flaws, of course. He doesn't own anyone anything though, he can use SBIE to learn from it's code and developing it. I wish there'd be a team that we could rely on, as I've said many times, I'm prepared to pay for SBIE, a yearly subscription would be great.
I still wonder what happened with Tom (and Curt). I guess they saw that developing SBIE further wouldn't bring in enough revenue. I use Firefox myself but the vast mayority of people use Chrome with which SBIE often had problems. As it has now (at least the Sophos version) and majority of people won't put up with disabling Chrome's internal sandbox via -switch to make it work with SBIE. So Sandboxie is a dying thing I'm afraid.
SBIE is my favourite program of all time, I love it, I've been using it for over 11 years now and I've installed and recommended it to many people. I've bought a couple of commercial licences when those were available too. What else to say? Try not to fight so much between yourselves, we're all here cause we like our computers secure.
I would just like to add a few thoughts here.
Sandboxie has been my favourite go to software for many years. It is usually the first 3rd party thing I install on any new systems or reinstalls. I am very, very grateful to David for taking it on and allowing me the comfort of the protection it offers.
I guess sbie users are feeling a bit nervous when they see the changes, such as Plus, and the many long tech words that most of us don't know anything about
It's pretty scary being told about things such as RpcMgmtSetComTimeout=n and to apply it etc when a lot of us haven't a clue what it is
Because David is so gifted, and accommodating about requests, there is always a worry that too many unnecessary and unrealistic things are being asked of him. We hope that the only features that will be added are ones that are needed by the vast majority of the users, and not just for a few of them.
There is a reason why the UI is still v 0.xx and not 1.xx+ and when writing a lot of code from scratch the focus is on advancement and not on flawlessness, especially when coding a UI that has next to 0 security implications.
It’s an objective fact that the Sophos builds have major security wholes, diversenok provided to me (https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/page-2#post-2909697), proof of concept exploits that when ran on an old Sbie version can create processes with SYSTEM PRIVILEGES outside the sandbox.
That’s pretty much a deal breaker right away, when your malware can break out of the sandbox with system rights than its game over.
No Mather what or who developed that builds, the bugs are in and the game is lost.
In addition to those reported issues I have found others that were quite severe as well
For once SbieDrv since the Windows 10 Creators Update hasn’t performed any registry filtering
For some incomprehensible reason it was thoroughly disabled for windows builds past the Creators Update , see the original code here https://github.com/sandboxie/sandbo...d2cf986621b4f27e3ed9d/core/drv/key_flt.c#L177
and here https://github.com/sandboxie/sandbo...d2cf986621b4f27e3ed9d/core/drv/key_flt.c#L191
Without the filtering done by Key_MyParseProc_2 the entire registry is basically unprotected.
Now the SbieDll.dll will normally redirect the accesses, so that missing isolation won’t be obvious right away, but the SbieDll.dll provides zero, none, no security guarantee of any sort!
A malicious application can easily bypass any hooks setup by SbieDll.dll and eider invoke the SbieDrv sys call interface on its own, or issue sys calls directly.
This is IMHO very unsettling and shouldn’t ever made its way into production code.
Another issue I found and fixed allowed to bypass IPC isolation, and they were made for the sake of compatibility. When accessing various resources like smart card, WPAD (Windows Proxy Auto Discovery), the print spooler, or the w10 GAME_CONFIG_STORE the SbieDll.dll queried the service for the right IPC path and then instructed the driver directly to open that IPC path.
That’s a major oversight, as any malicious application again can just invoke the SbieDrv interface on its own and ask for some IPC resources to be made accessible.
So, whom ever thought that it’s a good idea to allow a process inside the sandbox to be able to tell the driver what resource to open, surly didn’t have security in mind.
Let me tell you a big secret: professionals are just people, and many of them are screwing up just as bad or sometimes even worse than amateurs.
And, why the assumption I wouldn’t be an expert?
Also, please don’t measure me at my ability to create a nice UI, I’m really really bad with UI/UX, I’m more a back-end sort of guy. Paradoxically that’s the reason I re did it in Qt as its so much easier in Qt than maintaining, improving an old MFC based UI.
I understand how Sandboxie works and what mechanisms implement the security guarantees, and when working on these parts I’m very security conscientious. Most parts however, like the entire SbieDll.dll which by far constitutes the largest part of the core code base have no real impact on security, only compatibility.
About the RpcMgmtSetComTimeout=n setting, and other new settings, unless I say in the changelog that its security critical, which ever way you set it, it will only impact compatibility and have no security implications. In the particular case of RpcMgmtSetComTimeout Sophos added this to fix an issue with an RPC call by kernelbase32.dll when invoking CreateProcessInternalW, doing that messing up other RPC calls and braking a couple of other applications instead. (outlook, poppeeper, chrome installer even more)
So I'm not the first to break A while repairing B
I have investigated the issue further in the meantime and the next build will properly fix the issue by applying RpcMgmtSetComTimeout only when preparing the binding for the RPC call by kernelbase32.dll not for other RPC calls. Also, often when changing things that may break compatibility I’ll add a setting to revert to the old behavior instead of making the users wait for a fixed build. I can not test each and every application on my own so being able to undo some changes is an expedient way to mitigate this issue.
That said I’m looking forward to try to in future first release pre release builds for testing and then only final release with fixes if any.
Now with regard to the claim I'm prioritizing games more then web browsers, that's not true, what I'm fixing is mostly a product of "how easy I can fix it" with "how critical a particular issue is". The fixes for games were not that complicated and the github issues partially even came with a example c code of what exactly is failing, that's the best sort of bug report.
And I have fixed all critical chrome issues quite swiftly, I even fixed some chrome bugs known since years Sophos never cared to.
Also I spend the last weekend trying to finally to get chrome online installer to run inside the sandbox, and while I have fixed a few bugs it still fails just a bit later, so there are enough things still screwed up in urgent need of fixing.
But I don't think its ideal to now spend the next month worth of weekends on getting the chrome online installer to work, people wont see any progress and thing the project is stalling so sprinkling in a few low hanging bug fixes here and there is IMHO a very reasonable thing to do.
You are a gentleman for explaining and elaborating about your decisions. I can't say the same thing for other Sandboxies devs.
That's good to hear - I think it's the most important factor for all of us, the simple users of Sandboxie. And as long as all works fine with regard to security - I have no reason not to trust you.
You do very important and precious work. Thanks once more for it.
Thanks @DavidXanatos for a detailed and informative contribution. I think from the recent posts some users, including me, need some reassurance that there is an underlying approach and methodology behind ongoing development. Hopefully your comments are the start of a dialogue that will give the required comfort.
It must be difficult when you're doing all the work to stop and answer questions from those who don't know the depth of the efforts you make and the skill required, but most commenting are like me and have had SBIE as the cornerstone of their setup for more than a decade and only want to be sure it's future is in good hands. That might take time and more informative contributions like this I'm afraid.
Thanks for that post. It was very reassuring and informative for us users
@DavidXanatos , finally updated from 5.3.66 to 5.47.0 , running extremely well. Would just like to offer many thanks for all your hard work and dedication, much appreciated : )
OK then I misunderstood. Perhaps the topic title should then be changed. I also think there should be a separate thread for Sandboxie Classic which is David's fork, because I think it might be confusing to people.
Yes, great post by David and this also shows that he knows quite a lot about the technical ins and outs of Sandboxie. I also understand the concerns from certain people, because I was thinking the same.
LOL, I also didn't understand this comment. From what I understood, the core of Sandboxie Classic and Plus are the same. And I actually kinda like the GUI of Sandboxie Plus, but it's a matter of taste.
David's fork has two GUIs: the classic which is the same tzuk designed and the plus.
I commented that because I felt like bo think classic is not being released anymore.
Please delete or lock this thread as soon as possible. No one should be using the old Sophos version and having the thread open only generates more confusion. Tom has disappeared and seeing David's progress, I don't think he will find the motivation to develop his own version. If someday he decides to come back, he can open a new thread in this subforum. Until that happens, this thread is useless.
After installing today's W10 update KB4601382, I found a little problem related to IE and Sandboxie 5.33.6 (I don't know if it also affects Davids fork). After installing the update, I found that when launching IE sanboxed, the IE window will show at the right bottom corner information similar to what we started seeing with Edge a few months ago about extensions crashing.
In the case of IE, the messages close automatically and the browser continues to work. See here:
So, the messages about extensions crashing can be ignored but I also found a solution.
Go to Internet Options>Advanced (in Internet Explorer) and untick the option to "Enable third party extensions". The option in English shouldd be worded something like that. My W10 is in Spanish (Caned Microsoft Spanish), and the wording goes like this, "Habilitar extensiones de explorador de tercero". I believe this option is to enable or disable any kind of extension in IE. So, is probably a good idea to have it disabled even without this issue. Anyway, unticking the option to Enable extensions fixes the issue.
Seriously who cares about IE?
BTW, can you check if you can run Supremo inside the sandbox? I get some type of message about that Supremo is already running, this happens on both Sandboxie 5.33.6 and Sandboxie Classic.
IE is still part of Windows 10. That makes it a good reason for you to care, even if we don't use it. I only open 1 webpage with IE, that's all I ever do with it, but I care enough so every time there is a Windows update, I run both Microsoft browsers (IE and Edge) unsandboxed to apply anything if there is anything to apply, and a few minutes later I test same browsers sandboxed. That way I know if anything has been broken by the update.
I honestly don't care about IE, I couldn't even find it in Win 10 LOL. So it doesn't matter to me if it runs correctly inside Sandboxie or not. What about Supremo, can anyone check this out?
Separate names with a comma.