Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by bo elam, Apr 22, 2020.
I hope so, but the tell tale signs, from my perspective, are pointing the wrong direction.
Perhaps that's the main difference between us:
Some (like you) are pessimistic about David's approach and Sandboxie's future. And others (like me) are optimistic (at least for the time being). Some trust the new pilot and his machine, some don't.
PS: But I admit that with these "ideological" considerations and arguments I understand better why you avoid David's versions.
Hi Cats. Think about this. Before writing this post, I searched Google to see how many people that are using Windows are using W7. In numbers, 100 million users that are using Windows are using W7, and in percentage, 8.5% of the people that are using Windows are in W7.
How many of us are using SBIE 5.33.6? The number is likely a joke. So, regardless of the perspective you use to analize, it doesn't make any sense worrying about us. We are a bunch and no more than that. But Windows 7 users? That is a lot. 100 million persons, and I bet, that includes a lot of the guys that hate 5.33.6.
One hundred million users, thats a lot of people that (according to your way of thinking) need help and have to be protected from themselves and should not be using an unpatched system. You can do more with this 100 million users than with the few who are using 5.33.6.
It's nothing like people still using Windows 7. I'm sure they have their reasons for using an outdated OS, but they won't include not being aware of a newer version of Windows that is being maintained. The same cannot be said for users of Sandboxie 5.33.6 who have not stumbled upon Wilders and have absolutely no idea that the product they are are using is not providing them with the protection they think it is, and unaware there is a safe and effective alternative (regardless of what you personally choose to believe about it). Of course there are very few users of Sandboxie 5.33.6 versus Windows 7 users, but I don't think that matters and isn't the point I was making. That's of cold comfort to those few users if Sandboxie 5.33.6 fails them.
Also I don't see anywhere where David is "encouraging" people to use SBIE to run keygens and cracks. That's a massive leap from his ACTUAL words and yet another false claim you are making about him.
To avoid a dispute about this matter just a short explanation:
Bo obviously interpreted in this way David's following remark (with which David had commented Bo's statement "Running suspicious software like keygens or cracks is not only stupid but illegal"):
(bold letters in the quote by me)
For me too this "whatever they are doing" sounded a little be strange. So I commented the statement and David answered (see posts #1069 and 1070).
Maybe that David's formulation was not the best one, and maybe that Bo exaggerated in its interpretation. But I think we should not start a conflict about this detail.
Fair point Peter123. Bo's interpretation of David's words should be for David to speak to, if he feels so inclined. I'm definitely not after conflict either.
I hope my trial for mediation will help that David himself will take it calmly too.
Here (look at Case A)
and here (at the end of the post)
Neither tzuk, Curt or anyone in any security company that sells their products to the masses or services regular people like we are would ever say something like that.
I'm back from 2 blue screens. My 8.1 NEVER blue screen me in years. The latest Task Explorer DOES issue a warning of a rogue certificate and sure enough POP went my unit to that blue screen. There's got to be a better way.
Last evening I actually overwrote, not uninstall sandboxie from Sophos final 5.33.6 and POW blue screen. Now that one I can assume an uninstall would been the better choice.
But nothing infuriates me more than a buggy driver with bogus cert found on the internet to sign a driver only to get Blue Screened for the effort.
O/S is 8.1 I ran those on. Everybody of course is all to do with 10 but Windows 8 isn't exactly a nobody and is held its own strongly in comparison to 10 in my view.
Which build of Sbie were you trying to install?
Sbiedrv.sys is digitally signed by the way and doesn't use a bogus cert.
Hah ha. I ran plus to overwrite 5.33.6 and Poof! Like I mentioned it likely required full uninstall first.
Ya wanna know something really funny? After the blue screen and reboot the sandboxie plus ran but the credentials had both DavidX AND Sandboxie Holdings in the same title box.
I'm known for reckless abandon sometimes when confronted with so many releases.
On the Task Explore it really was ok the first few releases but the latest one from GitHub blue screened me. Arrgg
That's the one with the advise box of it using a certificate found on the internet as stated.
Just my quick 2 cents. Don't most people here say not to run outdated, unsupported programs and that it is vital to always use the most up to date version of any software program? So I think Bo is being stubborn but that,s no concern to me, he's helped dozens of people here with Sandboxie, his tips have been invaluable to many.
Thanks Bo. Yes I had read those posts already, but just re-read them to make sure I didn't skim over something. I didn't; it just seems you and I interpret David's words differently. Let's not argue though. As above, it's up to David to explain what he means, if he feels so inclined. Peace.
I meant what I wrote, how I wrote it, no hidden meaning no subliminal endorsement of any behavioure,
I simply picked two cliché use cases of the top of my head how most people get infected, and made a case that in these cases a unreliable sbie wont be of use.
Instead of case A I could have went with an old grandma clicking on cats_video.mp4.exe LOL.
I'm not encouraging risky behavior, but I'm saying if people are going to do risky things anyways than they at least should use protection.
Be that helmets and knee protectors, condoms, sandboxie, or a full hazmat suit, depending on the use case. LOL
First: I'm not encouraging any risky behavior! I'm just advocating for best protection for any behavior.
What do you mean with "hide the Sandboxie driver"?
I mean I can speculate what you mean; me implementing something that will make any application running on the system not being able to detect that sandboxie is installed. That would be the type of rootkit behavior which anti-viruses and other anti malware programs would not approve of.
And that is something I would never do because its completely and utterly unnecessary, further more it would be quite useless.
What would be useful however is to ensure that programs that have been started under the supervision of sandboxie won't be able to tell that they are running in a sandbox. But this is not something any reputable anti malware programs would have an issue with. In fact many of them bring their own insecure sandboxing solutions and any sandbox developer tries his best to make programs running within said sandbox be oblivious to the presence of a sandbox.
Think about it. Their use case is to start un trusted software in the sandbox observe if its behaving harmlessly and if so allow it to be run on the system un sandboxed, and if it miss behaves submit a copy for analysis to the respective anti-virus vendor. And for that the sandbox must be as undetectable as possible, otherwise the malware will see "a... I'm in a box so lets present my best behavior and wait until I'll be let out to start doing malicious things".
Trying to have a undetectable sandboxe oneself and not allowing any other vendor to do the same would be hypocritical to say the least.
Now that said there is one more thing to say:
It is quite a different thing to fix bugs, flawed or incomplete API implementations and other issues what is often needed to get things (also games) to run with sandboxie,
and going into an arms race with a software vendor which is determined to make his product not function under sandboxies supervision.
It's already time consuming to keep up with the moving goal post of Windows and chrome continuously changing and breaking things.
I don't need an additional battlefield with some unimportant games developer who does not like sandboxie.
Also I may want to add that I'm as of now not aware of any game that would purposefully be incompatible with sandboxie.
There are plenty unintentional incompatibilities to fix in that field though.
I may also want to add that I don't see why games developers would not want their products to run under sandboxies supervision. Sandboxie has 0 facilities to help the users cheat in any way, its just an security product providing isolation and containerization.
Its clear to me that you don't know enough about sandboxies inner workings to be able to assess the changes I'm making.
You just see I'm making things work with sandboxie which historically did not work and you assume without any merit that if the old dev's couldn't do that than how possibly could some random bloke from some obscure corner of the internet, and than you think: that is "haHA... unless this bloke is breaking something to make it work". You are cumming up with this conclusion without any technical basis, what you are basing your assessment on is your subjective opinion of the dev's involved.
But do you know if the old dev's even tried?
After tzuk left before I came the only people working on sandboxie were 9-5 employees probably not even solely dedicated to sandboxie but to other projects of their company. They may not had have enough time to hunt down more obscure issues which did not target the core audience of the product. They may have been tolled by their boss: "Don't fix that, go do something else that makes me more money" LOL
I mean they may have spent only a couple hours every few months on sandboxie, who knows... I mean they did not even head time to fix critical issues some of which could be fixed with a line of code or two.
I'm really shocked to see that in conclusion you are trying to make the case that if I make sandboxie work smoother, more compatible that it did in the past this must be some sort of evidence for it being made less secure. This is simply so very wrong on all levels.
@DavidXanatos Pardon my interruption and i'll end my elementary comments after this.
But as talented as you obviously are, im in a very different line of position in comparison, But i must ask this once just for sake of curiosity. With the tightening that has been applied into Sandboxie Plus courtesy those longs hours and days of doing your best to strenghten Sandboxie this im compelled to ask. I know you must test, test and then retest it with every positive change you surely apply to it with series of test files etc. And it is NOT a antiransonware by any stretch. That's understood. But have you or do you might on occasion or have tested your skills of enhancement in it enough that you tested it with ransomware samples. That may be a stretch but the curiosity is too much for me not to ask you if you indeed have, No need to reply with your results but i believe its a fair enough question. And there's no expectation to it but to learn if ransomware can be contained within it securely and safely. At least some that are not quite notorious.
No I have not tested it with real malware only with targeted proof of concept exploits, but real malware would just execute the same exploit strategies, if they are implemented.
Also I would need to run all the malware tests once against the old 5.33.6 first to see if they are implementing any sort of sbie escape and only if they do than test them against my hardened builds.
I think Bo might be right with one thing that most of the malware authors will not put in extra work to add sandboxie exploits if they are targeting a mass audience. So I would need to run a huge buttload of individual tests to find some specimens that actually at least attempt to escape sandboxie.
Also I would need to get my hands on a lot of malware first.
What might be interesting though is to ask the guys from the page that shell not be named here which is very totalitarian about viruses, to add sansboxie to their repertoire of tests so that they run every sample submitter do them also once under sandboxie and then compare the VM image with the base one if there are any changes aside of the sandbox location.
No no that's quite alright. And in all fairness you have im sure a good deal of ironing matters out for awhile with it regarding the common issues of it performing satisfactory and keeping up with browser and other changes first. But i lay odds, only to myself, once those quirks get sorted out to your user's satisfactions and you yourself get free from the occasional user's complaints and issues that it may eventually be something to explore. That is depending on the type of malwares, which are many but not always as easily undefeatable as some would have you believe. Of course im not speaking of specifically targeting sandboxie but rather in-the-wild droppers and such.
This entire discussion, minus the bickerings, is been very enlightening for me personally and i hope may encourage you and those users of sandboxie regardless of whichever brand suits to their satisfaction. Thanks and again it's all the point i wanted to raise if it can be called that.
Sandboxie is an overall well designed isolation solution, I would be very surprised if any malware which is not targeting it and leveraging known unpatched weaknesses would accidentally escape from it.
That said modern malware is often not hand crafted but created with toolbox like frameworks and of any of those adds support for one of the known 5.33.6 vulnerabilities you will have of the shelf droppers and such popping up in-the-wild like mushrooms after heavy rain.
And the more users stay on a vulnerable version the more incentive there is for said frameworks authors to add a old sandboxie escape module to their product.
So in that sense if everyone except 0.0001% of all sbie users moves to new sandboxie builds this will have also a security benefit for those stuck with 5.33.6 as then being a small percentage of an already small demographic will make them even more uninteresting as potential targets.
EDIT: I really should stop answering in this thread, I think I said enough and its weekend I should work on sandboxie and not write essays...
David, you've explained your position, what changes you've made and why, and pretty much everything asked of you thoroughly and (when needed) repeatedly. Speaking for myself, I feel completely comfortable with what you've said and with your forks of Sandboxie. After a while if people are going to keep bringing up the same concerns you've already addressed, or seizing on things you've said and finding meaning in them which isn't there, then you won't be writing essays - it'll be a novel or three. And possibly start to feel a bit like poking yourself in the eye with a fork.
At the end of the day people can either use your product or not, use the old version or not, and believe what they want to believe. Time to go have a wine and enjoy your weekend!! Thanks for the time you've spent here. Like Easter said - very educational and informative! Peace to ALL.
If you want a person doing some testing with sandboxie maybe bribe "Cruelsister" (of course I mean her cat she would never do such things) on the site that should not be named.
Has anyone else experienced the issue where enabling the drop rights option makes chrome crash?
It does it 100% of the time, and disabling this immediately solves the problem.
Not sure if that option enhances my security much, as it only affects items in the sandbox which are isolated anyhow.
Running latest Chrome and latest Win 10 Pro.
Hopefully this back and forth discussion" is done. To each his own!
Amen to that. Use what ever floats your boat and move on.
Hmm....I have "Drop rights..." check'd. I do run several SbieCtrl_HideMessage= ________ [Chrome]
I'm not seeing Chrome box crash with "Drop rights..." check'd.
Spoiler: related pic
Sandboxie+ v0.8.2 & Chrome 91.0.4472.114
Sbie+ Chromium 90+ compatybility analysis
Intel 11 Gen and AMD 5900X compatybility Issue
Separate names with a comma.