Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by bo elam, Apr 22, 2020.
It is your file signed?
It is your file free of malware?
I wrote about what you are wondering a few months ago, in a post in which I defended Curt from a vicious attack that targeted him. Fortunately, the posts attacking Curt and others developers were deleted and mine was also deleted.
Most of you guys don't know this but the struggle for keeping Sandboxie alive was an everyday fight that started on day 1 after Tzuk left. The struggle went for years, it happened during the Invincea tenure as well as after Sandboxie was taken over by Sophos. There were meetings all the time, in this meetings half of people wanted to kill SBIE and the other half fought to keep it alive. If only for a few extra months. It hurts to see the people who struggled and fought for Sandboxie, and for us users, be attacked by some of you, including you platt (don't take this bad, I love you) This people not only developed SBIE, they loved SBIE and fought for it to be kept going and later, to be released as open source. It was not only Curt and Tom, but also Barb and Craig and others. This people are humans. Some were optimistic about Sandboxie's future, others were pessimistic.
In a post yesterday, I think it was yesterday, you complained about why Sophos didn't do anything about this nothing POC. Read this. That was at the end of SBIE being part of Sophos. Sophos had already announced that the software was to become open sources. But there were lawyers and the lawyers did not want the software to become open source. Their advice was not to release SBIE as open source. By this time, the Sandboxie team had only one member, Curt. So, let me ask you Platt, what was more important at that time, to continue the fight for SBIE to be released as open source and to release a final version or to fix a nothing POC?
Curt did the right thing, got Sandboxie released as open source and released 5.33.6.
You guys and gals who attack Curt and the rest of developers, know that is because of this peoples struggle that went for years is that we still have SBIE (5.33.6 and Plus). They deserve better from you.
Thank you, for allowing me the right to choose.
Regarding, the "accusing" part of the quote. Is common sense. If you make changes to the code, the chances are something will open a hole. And when I see him changing so many thing that make no sense at all changing, is bound to happen. Something somewhere is gonna give. I am sorry Cats, is just a matter of time, if it hasn't happened yet.
Being perfectly honest, I go and check the Plus threads everyday but as soon as I read some stuff that's purely related to Plus, I skip it, and continue. So, I am not sure how much is David giving in to get software that has historically not worked with SBIE to work now in the sandbox. Believe me Cats, is not magic or because he is a super developer. If its happening time and time again, he is opening holes. There is no way around that.
Sandboxie is a restrictive software, and you as a developer can get any software to work in SBIE, is just a matter of how much you want to open up the sandbox. I know tzuk and Curt had a limit and they did not compromise it. They preferred to take insults and hear complains than to open up. Is David opening up or staying put when users want this software or that software to work in the sandbox? You, and the rest of the people using his version look and see how he responds and what he does. My advice to him is to be strong. He should not compromise security for praise.
Thanks for explaining your line of thinking. There is no evidence David has ever, or will ever do that (open holes or compromise security for praise). If anything the evidence points to the exact the opposite. He has made changes to the code that have patched holes and made it more secure. To say otherwise, without actual evidence, is simply slander.
To quote David "I am not opening any security holes, I would never knowingly weaken the isolation without making is a switchable, off by default option. I mean you can poke holes in your sandbox with wrong configuration as much as you want, so that's fine. What counts are the default presets. I even go as far as to warn users in the plus ui if one of their boxes has a particularly insecure configuration."
I considered not replying because you clearly hold fixed beliefs that even the facts won't change. That's OK, it's your life and your machine. It's no skin off my nose and I wish you well. In the end I chose to reply to your comment for the sake of others who are interested in making informed choices about how they will protect their computers.
Cats, you are a gentle person. That gives you a license to throw at me all you want, and I ll take it willingly time and time again.
I just asked a polite question about the rational behind using something obviously insecure.
And instead of a justifiable reason I got a response on the lines of not only, "I don't believe you", but one the lines "you are laying and bragging with false claims".
Further more Bo had no basis to assess my competency in comparison to the past sbie devs, still he claimed i was not qualified enough to deliver a secure product.
That's very rude and obviously necessitates a thorough rebuttal.
That's why the thread escalated into a sort of "I'm cleverer than..." discussion.
Yes and Yes
Wonder full, thank you, so you are saying is in the end: you don't need sandboxie at all, you are not doing anything risky and using NoScript for security, hence you are fine with using a Sbie version which when push comes to shove is not guaranteeing effective isolation.
I think most users that use Sbie behave differently, they relay it providing reliable isolation such that they can run suspicious software and browse the web with all the "pleasures" of working java script.
Well that's a bit pointless of an argument given that we have seen that the original developers opened quite a few holes themselves as well as introduced other coding mistakes.
I do my best to not break anything security related and audit all changes that can possibly have a impact on the level of isolation very thoroughly.
Can I guarantee I will never overlook some critical mistake, no, but than no one can, and its on record that the original devs made critical mistakes.
That said I must note here that the biggest part of sandboxie's code basis is not security critical, no matter what one would to screw up in the SbieDll or the UI components on a technical level non of it would impact security.
It would just break compatibility, make apps crash, stuff like that.
All meaningful security guarantees of sandboxie relay on the SbieDrv, SbieSvc and the fact that boxed processes run with highly restricted security tokens.
This is simply wrong, of cause there is a way around that, as I explained earlier sandboxie provides own implementation of various windows API calls and some of them are broken i.e. not always behaving as the real API call would.
For example the implementation of NtSetInformationFile up to version 5.49.5 was mishandling FileDispositionInformationEx requests always handling them as FileDispositionInformation resulting in the opera installer failing.
Or the MSI installer issues the function Scm_GetHandleName was buggy not handling certain special cases properly, resulting in breakage of the the QueryServiceStatusEx API call, which in turn resulted in the MSI installer not seeing that the boxed MSIServer service was started hence failing.
Fixing that has 0 downsides security wise, it just corrects a misbehavior.
Or other MSI installer issue, when starting processes on windows 10 RS5 or later a new code branch was used then on earlier windows versions which omitted to clear a access descriptor, resulting in the boxed MSIServer service not being able to access its own boxed child process. On older windows platforms the other implementation without this oversight was taken and it was working just fine.
Again fixes that don't impact the box isolation what o ever they only change what is happening inside the box to make it as aligned with normal windows behavior as possible.
And yer an other MSI installer issue on windows 20H2, something changed resulting in the boxed MSIServer service fail when "C:\\Config.Msi" was not present, instead of attempting to create it it just failed, the workaround here was to add a special case to NtQueryFullAttributesFile which creates a boxed copy of the directory, with it the access is successful and the installer works correctly. Note here that the original Sbie code is full of various special case workarounds so I'm not doing anything new here.
Or yet an other nice bug fix all the broken electron apps that did not want to start with GPU acceleration enabled. The workaround for this issue is to add "--use-gl=swiftshader-webgl" to the command-line when we detect that the GPU worker process is being spawned, injecting this parameter solves the issue. And again has 0 security implications it does not open any holes or anything.
There are surely plenty more issues like the above which make Sbie misbehave and fail to run various applications and which can be fixed by improving the implementations in SbieDll.
As explained a lot of software can be fixed without opening up anything whats o ever.
And for the software which needs to be able to access something there is no foul in providing the user with an, off by default, setting that opens him a hole he desires.
I mean with the normal Open*=... resource access settings you can with any version of sandboxie make it as
holey as Swiss cheese, so there really is no point in complaining that if a user adds OpenXYZ=y to his sandboxie.ini he will trade in isolation for functionality, as that's how sandboxie always worked.
Now paradoxically aside of debug settings (not meant to be used by users) all the newly introduced OpenSomething=y options don't open new holes but in fact open holes to things that the original sandboxie was entirely open to in the first place (allowing to delete users, uninstall drivers, install printers, etc...). Meaning I have added a hack of a lot of additional isolation and filtering and to be sure that users can fall back on less secure legacy behavior added all these options.
So as it should be apparent I'm not compromising on security, despite the many advancements with compatibility.
@DavidXanatos - As a malware analyst for many moons im very well aware that its almost never no easy task to take, especially, a useful security program from source and literally piece by piece and line for line, refine-adjust code-and fashion or lets say refashion instruction/commands to fit every circumstance, and still model it to function stable given Microsoft's, and indeed now Browsers newly introduced changes. To that end I have one question to offer. Where do you find the time to exercise your obvious ambitions and efforts to keep at it to present an end release that must be such a monumental effort and undertaking.
Please understand that I personally harbor no opinion either way except to say that like many others encourage you to continue those efforts when and where you find time to improve on a project that you took the bull by the horns to make it every bit a reliable containment program (as it's predecessor's reputation intended) and more.
I still run old versions on 8.1 simply because they worked enough with results but am not so naïve to think it can't rise above and return to it's former popularity again. And it's not like you need to even bother with it at all to begin with, but its clear that you are actively developing with expectations it can once more rise to the same prominence once held around the globe. And that you can be proud of.
I simply have no personal life.
In a manner of speaking at home base i can relate. My own social life was much similar when working these machines to help dislodge and return to working order a global audience of internet folks most continuously pleading for help in expectation to see their good machines recover from malware intrusions while i was Mod and HiJackThis online technician with Ad-Aware Lavasoft back in 2003 onward.
But you can and should take courage and good stock in that your efforts, massive and time consuming as they must be for you, that you are going forward in those efforts with a program that almost certainly would by now had been taken for granted as abandoned and left to twist in the wind had not been for your interest in it, and those good folks, most who have a new found reason for encouragement courtesy your efforts to date.
Thanks and appreciation are well deserved and in order.
It's sad to read this thread. I am a long term user of Sandboxie and am grateful as many here are also for David's work. The project under his expertise has progressed much better than I had anticipated. All this expert development has been free for a program I would gladly have paid for.
I am saddened to read of David's expertise being slighted and criticized without any substantive evidence or plausible basis. I am also concerned to read that David has no personal life as all his time is taken up with work and development of Sandboxie.
And then has to put up with the carping criticism here. I wouldn't do it if I had his skills.
David, maybe you should consider charging for your work and set aside time for recreational and social activities. I hope you can take some comfort from the many posters here who depend on Sandboxie and have praised your work.
You can send some dosh if you like for suport him.
Some off topic posts removed.
Let's keep things on topic and not get too focused on other things.
This thread is rapidly turning towards a stalemate by the way
Hiopefully, the attacks on Sandboxie 5.33.6 are winding down, and we who want to keep using it, are left in peace.
But I am goint to reply to what I quoted because it is important. You are wong David. Sandboxie was not developed for running suspicious software. That is your perception of what Sandboxie is for. Running suspicious software like keygens or cracks is not only stupid but illegal.
Sandboxie was initially developed to be a 2nd line of defense once your internet explorer gets inevitably compromised, or later some other browser.
A sandboxie version that is holey like a sieve does not fulfill this function anymore, as soon as someone powns your browser you are screwed and sandboxie can not guarantee to protect you.
Sure you can gamble on the malware authors not caring about the sbie users and choosing not to implement a exploit for an old leaky sbie, but than its so easy why not any additional victim is a win.
Legality never stopped the internauts from anything, you can not change what people are using sandboxie for, one can only try to make them as safe as possible whatever they are doing.
It can be installed but it will not start any process as some in the driver hard coded kernel data structure offsets have changed
That's what I meant.
10/05/2022 end of support for Windows 20H2. 5.33.6 R.I.P.
For doing illegal things people do not deserve providing them safety. (Generally spoken, not only concerning software.) So (to my mind) the needs of such people should not be taken at all into account concerning the functionality and development of Sandboxie.
That is going off topic, but not everything what is illegal is also unethical, and the Intellectual Property field is especially highly contested, hence the best course of action here is to remain a neutral technology provider.
O.k. In general I can agree. To discuss it more in detail would indeed be off topic.
If nothing else shall we say, this informative "lively" discussion on Sandboxie almost makes me want to dabble in coding again. As the Dev is made some brief mention of, trying to address code terms/instructions built into our famous Windows can often times be a brain busting ordeal. But a satisfied end result is some reward if not a relief.
People here who use the old version are doing so out of informed choice, but that's not be the case for all users of the old version out there, who at this point are using the product with a false sense of security. So for the sake of those out there still running Sophos 5.33.6 who are not members at Wilders,or have not caught up with the fact that there is a new fork that is being maintained elsewhere, I personally am relieved that this old insecure version will not work with Windows 11, especially now the POCs are being made public (as they should be). Hopefully those folk will find their way to Wilders eventually.
For the sake of clarity I am not attacking anyone here, not attacking Sophos, not attacking previous versions, not taking sides, not hoping the vulnerabilities will be exploited by anyone, not after any drama. I can't help how my comments are received, but you can at least be clear about my intent. Also for the sake of clarity - I am not taking delight in the knowledge that 5.33.6 is not compatible with the next version of Windows for anyone still using it on here. My relief is only for those who are not tech savy, and not aware of the vulnerabilities, and therefore not able to make an informed choice.
Wait, that's not off topic. Remember, when you interrupted the conversation I was having with Easter about 5.33.6 (The topic of this thread), who by the way, it is still using 5.33.6, you asked my rationale for not moving away from 5.33.6, and I told you the most important reason for not moving away from 5.33.6 is that I don't trust your version.
And your way of thinking is one reason why I cant trust it. Is not that I don't trust you personally, I know you are a decent man, but I don't feel at ease with your kind of thinking on how to reinvent Sandboxie. And this is exactly the sort of thing why I cant trust your version. If now, you approve, and encourage people to use SBIE to run keygens and use it for running illegal programs, what are you gonna do later when gamers start pushing you to hide the Sandboxie driver. Are you gonna give in and do it. You ll make this users happy, they ll call you a champ, but antiviruses and other anti malware programs won' be happy. And later, when this programs start flagging SBIE as malware, this would be Why.
Best regards, David. I really hope the best for Sandboxie Plus. I wish you the best.
That's part of what I called the "ideological" (or you can say "philosophical") aspect of the interesting discussion here: "What should be the main functions and which users should be the target group of Sandboxie?" Bo is in this respect obviously much more conservative (or restrictive) than David.
Personally I would even be more conservative/restrictive than Bo is (who uses Sandboxie for all his programs as far as I know): I use Sandboxie exclusively for running my browsers. I do not even need it for testing (legal ) software, as for this purpose I have Shadow Defender. So David's intentions to make Sandboxie compatible with as many programs as possible (or to add new functions etc.) has for me personally no relevance.
But my difference to Bo's opinion is: The fact that David tries to expand the functionality and the range of possibilities to use Sandboxie did not undermine my trust that his software is reliable. I understand Bo's reservations and doubts. But as far as we can judge the situation, they are - at least for the time being - completely abstract. Up to now there is - fortunately - no concrete scenario with David's versions of Sandboxie that would have confirmed Bo's fears. And as long as this situation will remain, I clearly prefer his (David's) version(s) of Sandboxie to the old one 5.33.6.
Concerning Bo's specific consideration:
Well, in this respect I think that David will be so wise and responsible to draw a strict and clear line in the (theoretical) case that this would become necessary - for the sake of security and for the sake of Sandboxie's reputation.
Separate names with a comma.