Sandboxie's kernel protection for 64bit Windows

Discussion in 'sandboxing & virtualization' started by Hungry Man, Jun 9, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What exactly does it do that patch guard does not? I don't know a lot about the feature itself.

    edit: Is there any way to get this kernel protection from another program? I don't really need to sandbox anything. I'm pretty confident with Chrome's sandboxing.
     
    Last edited: Jun 9, 2011
  2. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    To my understanding, it doesn't protect the kernel, it only circumvents it in a way that allows it to sandbox programs properly under 64-bit systems. So you don't get protection for anything outside the sandbox.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm gonna need to hear more about that. If that's the case I have very little use for sandboxie.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -http://www.sandboxie.com/phpbb/viewtopic.php?t=10201
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You can apply restrictions, which are whitelists for internet access, start/run access, etc. That's not covered by Chrome, or your setup.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    m00n, that doesn't really explain whether it applies to just sandbox'd programs or if it enables that protection system-wide.

    J_L, why would I need to sandbox something chrome just to whitelist it for internet access? Same goes for start/run access.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You don't, but your setup doesn't include that yet. Sandboxie can work for more programs than just Chrome as well.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I could use it for Digsby I suppose. I don't use many internet facing programs other than my browser except for when they check for updates -- even then, I'm not so worried about getting malware that way.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You only mentioned:

    * Which is called Experimental Protection.

    What do you mean with system-wide Experimental Protection?

    What this Experimental Protection does, is allow Sandboxie 64-bit to provide protection at the same level (according to Tzuk) of Sandboxie 32-bit version.

    That's what it means.

    Experimental Protection is not there to replace Patch Guard; it actually goes around it, to provide Sandboxie 64-bit users the same level of protection that Sandboxie 32-bit offers.

    Anyway, I pointed you the thread where you could get more info straight from Sandboxie's author.

    If it didn't explain you what you wanted to know, why don't you express your doubts at that thread? That was the reason why I gave you the link.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I suppose I'll make an account. Saying "it allows it to protect you teh same was as the 32bit version" doesn't actually explain how it protects you.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Which is why I provided you the link. I don't run 64-bit, hence not really concerned how it works, at the moment. ;) Whenever I switch to 64-bit, I'll be interested to know more about it... until then, I got other stuff I'm more interested to learn. :)
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm asking about what the kernel protection itself does, the 64bit isn't actually relevant, it's just that I'm on 64bit.

    I'll use the link you sent -- thanks.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, the 64-bit is relevant. The Experimental Protection is provided only in Sandboxie 64-bit. So, why are you saying it's irrelevant?

    It's irrelevant for Sandboxie 32-bit. Which is the version I use, hence not really caring about what Experimental Protection does or doesn't do.
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because it's the same form of protection save for three features. It's experimental and will be left off for default because patch-guard updates may break it. They do nearly the same things (Again, save for those three features.)

    I simply want to know what it is that they both do.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Hi Hungry Man

    I think what you need to do is understand what Sandboxie itself is all about. That is easy to do with the threads here and at the Sandboxie forum. Then the thread you were pointed to will make sense.

    Pete
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    ... No. I know what sandboxie is "all about."

    Sandboxie is about sandboxing. Great.

    I'm asking what kernel modifications it makes and whether those modifications will only apply to programs that are sandboxed. I'm asking for a summarization of what these kernel modifications do.

    "Experimental Protection enables protection from kernel mode for IPC objects and named named pipes"

    As in -- what does this ACTUALLY mean for the user?
     
  17. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    For the user, it means that the protection is 99 % comparable to the 32-bit version. I don't think that there are any kernel modifications, as PG would block them. About the more technical part, you should ask tzuk himself.

    There is no info pointing to system-wide protection, so one should assume that the protection is only for the sandboxed programs.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    On point. Hungryman, if you are asking if the protection is system wide vs just something running in the sandbox, then you really don't understand Sandboxie.

    Even in the 32 bit version, there is no "modification" of the kernel, only hooks that allow intercepts to calls to the kernel level.

    As to what they do, they do what Sandboxie does. If you understand how sandboxie works(it's features) then you know what they do.

    Pete
     
  19. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    The kernel itself isn't modified. Sandboxie just acts as an "in between" for software and the OS. If Sandboxie fails to function correctly, your sandboxed programs might fail to run, but you should be otherwise OK.
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is all I Wanted to know.

    I'm not going to just assume that it only applies to sandbox'd programs since I don't know what the hell it does. It is not unreasonable to think that a security program might have extra features.
     
  21. aieie

    aieie Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    175
    Should PG get an upgrade...........resulting in BSOD on reboot.........there's a known way to turn off this feature so you can again boot your system?

    Thanks in advance
     
  22. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Sandboxie doesn't load in safe mode from what I remember, so you can always just boot into safe mode and uninstall..
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Or just change the settings.
     
  24. aieie

    aieie Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    175
    Changing the settings wouldn't work because..........you'd have blue screen, no access to windows in normal mode.

    Safe mode: i'll try to ask the developer, since the workaround, basically, load before the OS starts to go unnoticed by PG so i'm not so sure it still works, also if i hope so :)
     
Loading...
Thread Status:
Not open for further replies.