sandboxie v4 out Jan 10, 2013

Discussion in 'sandboxing & virtualization' started by soccerfan, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    Thanks! Although I think I missed Sandboxie :D
     
  2. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Now this is what I've been waiting on :D
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
    Maybe your issue and mine are similar. When I click on a Excel file, the file runs in the Office sandbox, the file opens but nothing gets displayed. Using the file that's open, if I navigate to any Excel file in the computer, it displays properly when I click on it. Same situation for Word.

    Bo
     
  4. chris1341

    chris1341 Guest

    Yes, very similar. Runs fine from the 'send to' right click which I believe is invoked by start.exe (same as the search via explorer you describe) but not from direct double click on the file which is not invoked by start.exe. That may be the difference.

    Also only happens on Excel for me. All other Office 2010 pro plus apps run fine on .04.

    Cheers
     
  5. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
    Upgraded to version 4.01.04 in Windows 7 and 8 – everything appeared to work just fine! I then discovered that I could not copy\paste anything from any sandboxed browser into an Open Office document (OO is my office suite) – I would get a 'Requested Clipboard format is not available' message.

    Couldn't find anything on this issue in Sandboxie forums or on the net – and since this function is important to me - it's back to version 3.76 (again!)
    First time in 2 and a half years that I've ever had any kind of issue with Sandboxie! (I guess there's always gonna be a first time!) :p
     
    Last edited: Mar 26, 2013
  6. chris1341

    chris1341 Guest

  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
    Testing it now.:cool: .......feels pretty good.

    Bo
     
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,595
    I am still using Sandboxie 3.76 on all of my Windows XP Pro SP3 32 bit PC's. I realize that Version 4 is still in Beta, but how stable is Version 4 on Windows XP? I am thinking about giving Version 4 a try on one of my Windows XP Pro PC's.

    If I decide to give Version 4 a try, should I uninstall Version 3.76 before installing Version 4?
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
    Hey Kid7, I am testing .05 in my 32bits W7. It feels outstanding so far. Tonight, I ll try it in XP. Up to .04, the only issue that I have/had in XP SP3 32bits is Excel and Word not running properly as a Forced program, other than that, no other issues.

    For installation, over the top works just fine.

    Bo
     
  11. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    You should uninstall first because Version 4 has a very different way of doing things.:thumb:
     
  12. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    706
    Location:
    North America

    Updated here also. So far so good although...... 3.76 was also working very well with no problems.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    Have been running v4 since .03 and no issues to speak of so far.
     
  14. As a promotor of policy based containment, I noticed a stunning feature on Sandboxie, it is uses policy containment (confusingly also called sandboxes by Microsoft, Adobe and Google) to seperate virtualised processes from the rest of the system. Even Chrome broker process has practically no rights (runs normally with Medium Integrity).

    Made my compliments http://www.sandboxie.com/phpbb/viewtopic.php?t=15202

    Have no idea how he is able control system level messaging/com and still have all handles/hooks controlled by SBIE on the sandboxed Chrome. Found a small glitch (able to start through hostdll.exe even with start program limitations), but it is still a Beta.

    See pic
     

    Attached Files:

    Last edited by a moderator: Apr 11, 2013
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Where have you been? lol

    https://www.wilderssecurity.com/showpost.php?p=2201959&postcount=80

    I took a look at PE again, and something that I missed before, is that Sandboxie processes involved in sandboxing processes are run under the context of NT Authority\Anonymous Logon. So, I'm pretty sure it has something to do with Anonymous Logon. -Edit- Your screenshot also reveals it. :D
     
    Last edited: Apr 11, 2013
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not necessary. I've updated to 4 and then back and forth for testing.

    No uninstalls at all.

    Pete
     
  17. The breaks protected mode, confused me in that post. Before april 2012 update Sandboxie broke protected mode by elevating from untrusted/low to medium level. After teh Sandboxie april update Chrome used both its internal (policy) sandbox (Untrusted/Low) within the Sandboxie (virtualised) sandbox.

    I thought breaking protected mode, that is old news (M00N is looking for some BL00D again, did not read it correctly, my bad). Now I see you mentioned both broker and renderer process. To be fair I would call lowering policy from medium to untrusted not breaking but enhancing it. :cool:
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, I believe that, before, Sandboxie's author only made both Chrome and Adobe Reader's sandbox to work under Sandboxie? I don't think Internet Explorer Protected Mode ever worked? I may be wrong, though. I truly don't recall.

    Well, it effectively "breaks" Protected Mode. The same way it effectively "breaks" Chrome's sandbox. :D

    Anyway, previously (and currently) and now I'm just going to mentioned Chromium, and in my specific config., I had/have the broker chrome.exe running at low integrity level and the renderer chrome.exe at an untrusted integrity level.

    In this scenario, even if something manages to break out of the renderer, it will only be able to execute under low integrity level, which pretty much gives nothing in my system (I'm thinking of reading other objects/containers). (I'm also excluding kernel exploits.)

    But, I've been thinking that if I run Chromium under Sandboxie, yes both broker and renderer will run with an untrusted integrity level, but the interesting part of it is that Sandboxie processes that allow all of this great sandboxing are running with NT Authority\SYSTEM, or in other words, running as SYSTEM. So, if something escapes from Untrusted (under Sandboxie) to SYSTEM, then you're (_O_), even without a kernel exploit. Granted, bugs will need to be found. But, so would they need for everything else. Oh, life is wonderful... :D

    But, I believe I'll still stick with low <-> untrusted, instead of system <-> untrusted :p
     
  19. Nice one well constructed argumentation.

    Chrome is in same job as the SBIE processes which it communicates with (that is how it is done) DCOM/RPCL/Crypt svc. Calls originating chrome are handled by SBIE components within job. Limitations of sandbox are controlled by medium level SBIE process, before it is passed to SBIE service at System. So I think there are a few more rivers to cross as you are suggesting.

    Stick out tongue indeed made me doubt in terms of risk surface.
     
    Last edited by a moderator: Apr 11, 2013
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    According to Process Explorer there's only one Sandboxie process running with a medium integrity level, and that's SbieCtrl.exe.

    The rest is as follows, and as I'm typing this, I'm actually running two applications sandboxed, one of which I actually installed within a sandbox container:

    Parent process SbieSvc.exe (Running as System) <-> SbieSvc.exe (Spawned from parent SbieSvc.exe) (Running as System) <-> SandboxieRpcSs.exe (Spawned from parent SbieSvc.exe) (Running as Untrusted) <-> SandboxieDcomLaunch.exe (Spawned from SandboxieRpcSs.exe) (Running as Untrusted) <-> Your application process(es) (Running as Untrusted)

    I don't see any other Sandboxie process involved, and that could be running with a medium integrity level (except for SbieCtrl.exe as mentioned above, which I'm not sure how much security it would impose within the system <-> untrusted design?).
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    Possible bug ver 4.01.05

    OS XP SP 3 Home - Browser Opera

    Copy/paste link tabs Opera not work
    Please check Chrome,Firefox,Internet Explorer.
    Th.
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I really hope that Sandboxie's author implements what has been discussed in this thread, and something that I also mentioned a long time ago: -http://www.sandboxie.com/phpbb/viewtopic.php?t=3492

    I still find it a bad choice not to have implemented this already. Version 4 "required major changes to underlying architecture" (I'm quoting the author's own words), so it would had been the perfect time to implement this user privacy concerns/protection as well...

    I hope it gets implemented soon(ish)...
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I installed latest beta (.05) of Sandboxie on my netbook that runs Windows 7 x86. When I tried to start Internet Explorer 10 and Chrome 26 the computer froze and Sandboxie gave me GUI error popups. Anyone had a similiar experience?
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Have you posted it on the Sandboxie forum. If not, it won't be implemented.

    Pete
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.