Sandboxie's kernel protection for 64bit Windows

What exactly does it do that patch guard does not? I don't know a lot about the feature itself.

edit: Is there any way to get this kernel protection from another program? I don't really need to sandbox anything. I'm pretty confident with Chrome's sandboxing.

 

To my understanding, it doesn't protect the kernel, it only circumvents it in a way that allows it to sandbox programs properly under 64-bit systems. So you don't get protection for anything outside the sandbox.

 

I'm gonna need to hear more about that. If that's the case I have very little use for sandboxie.

 

-http://www.sandboxie.com/phpbb/viewtopic.php?t=10201

 

You can apply restrictions, which are whitelists for internet access, start/run access, etc. That's not covered by Chrome, or your setup.

 

m00n, that doesn't really explain whether it applies to just sandbox'd programs or if it enables that protection system-wide.

J_L, why would I need to sandbox something chrome just to whitelist it for internet access? Same goes for start/run access.

 

You don't, but your setup doesn't include that yet. Sandboxie can work for more programs than just Chrome as well.

 

I could use it for Digsby I suppose. I don't use many internet facing programs other than my browser except for when they check for updates -- even then, I'm not so worried about getting malware that way.

 

You only mentioned:

* Which is called Experimental Protection.

What do you mean with system-wide Experimental Protection?

What this Experimental Protection does, is allow Sandboxie 64-bit to provide protection at the same level (according to Tzuk) of Sandboxie 32-bit version.

That's what it means.

Experimental Protection is not there to replace Patch Guard; it actually goes around it, to provide Sandboxie 64-bit users the same level of protection that Sandboxie 32-bit offers.

Anyway, I pointed you the thread where you could get more info straight from Sandboxie's author.

If it didn't explain you what you wanted to know, why don't you express your doubts at that thread? That was the reason why I gave you the link.

 

I suppose I'll make an account. Saying "it allows it to protect you teh same was as the 32bit version" doesn't actually explain how it protects you.

 

Which is why I provided you the link. I don't run 64-bit, hence not really concerned how it works, at the moment. Whenever I switch to 64-bit, I'll be interested to know more about it... until then, I got other stuff I'm more interested to learn.

 

I'm asking about what the kernel protection itself does, the 64bit isn't actually relevant, it's just that I'm on 64bit.

I'll use the link you sent -- thanks.

 

Actually, the 64-bit is relevant. The Experimental Protection is provided only in Sandboxie 64-bit. So, why are you saying it's irrelevant?

It's irrelevant for Sandboxie 32-bit. Which is the version I use, hence not really caring about what Experimental Protection does or doesn't do.

 

Because it's the same form of protection save for three features. It's experimental and will be left off for default because patch-guard updates may break it. They do nearly the same things (Again, save for those three features.)

I simply want to know what it is that they both do.

 

... No. I know what sandboxie is "all about."

Sandboxie is about sandboxing. Great.

I'm asking what kernel modifications it makes and whether those modifications will only apply to programs that are sandboxed. I'm asking for a summarization of what these kernel modifications do.

"Experimental Protection enables protection from kernel mode for IPC objects and named named pipes"

As in -- what does this ACTUALLY mean for the user?

 

For the user, it means that the protection is 99 % comparable to the 32-bit version. I don't think that there are any kernel modifications, as PG would block them. About the more technical part, you should ask tzuk himself.

There is no info pointing to system-wide protection, so one should assume that the protection is only for the sandboxed programs.

 

The kernel itself isn't modified. Sandboxie just acts as an "in between" for software and the OS. If Sandboxie fails to function correctly, your sandboxed programs might fail to run, but you should be otherwise OK.

 

This is all I Wanted to know.

I'm not going to just assume that it only applies to sandbox'd programs since I don't know what the hell it does. It is not unreasonable to think that a security program might have extra features.

 

Should PG get an upgrade...........resulting in BSOD on reboot.........there's a known way to turn off this feature so you can again boot your system?

Thanks in advance

 

Sandboxie doesn't load in safe mode from what I remember, so you can always just boot into safe mode and uninstall..

 

Or just change the settings.

 

Changing the settings wouldn't work because..........you'd have blue screen, no access to windows in normal mode.

Safe mode: i'll try to ask the developer, since the workaround, basically, load before the OS starts to go unnoticed by PG so i'm not so sure it still works, also if i hope so