Sandboxie Support

Those aren't big holes. It's just read/write access to some files.

Thanks very much.

Is it possible to sandbox various services, for example the Java updater service or one built in like the Print Spooler service or DNS Cache service?

You can run the browser and its plugins within sandbox. This is an effective way to prevent system infection through Java. Since you need to keep the browser in the sandbox you should open up direct access to the downloads folder.

I would suggest Always On.

Pretty much no programs break from DEP always on. Only old ones designed for XP that haven't updated in ages.

If you leave DEP to anything other than Always On you open yourself up to attack. Using "SetDEPPolicy()" an attacker can disable DEP in an exploited program.

Ok so it might be worth it after all I guess. Its always the damn plugins that bring down the security of the system. Usually, yes. Java was a bit of a poor example actually, Norton toolbar is a much better example. Java has to be called/ loaded whereas toolbars are loaded on program-startup. Java ...

Microsoft's ASLR is not half assed. It's actually better than both Ubuntu and BSD. That said, there's no way to fix 32bit ASLR it's like asking you to pick a random number between 1 and 3 and complaining that 2 comes up a lot, with 64bit its' more like asking for a number between 1 and 1000, the prn...

Without experimental protection you have Drop Rights enabled by default. This isn't as effective as the experimental protection but it's should work effectively. [/i]

You need a firewall. Sandboxie doesn't automatically sandbox anything. If you have an open port and a vulnerable service that service can be used to infect the computer - unless you manage to sandbox every service (can sandboxie sandbox system services?) there's nothing Sandboxie can do to protect y...

Like Tzuk said... Chrome's integrity level is kept regardless. When it comes to discussions regarding "targeted attacks", I will refer back to one of the statements I have already made: In my opinion, unfortunately, the only "experts" that can really make accurate statements about how strong Sandbox...

My only goal is to inform. Someone wants information so I'll provide it. Chrome sandboxes each tab and the renderer (and a few other things) on its own, using the Windows kernel's own integrity system. It basically blocks reads and writes to the filesystem. The recent pwnium (and older exploits, suc...

With experimental protection Sandboxie can provide the same level of security as it does with 32bit.

Without it it can not provide that level. It can still provide some protection but if the malware gains excessive rights it can potentially exit the sandbox.

Yes, that's all you would have to do.

It's unlikely that anything would really get screwed up. Without knowing more about the hypothetical patcha nd how sandboxie works I can't say for sure but it should be as simple as disabling experimental protection in safemode.

If MS updates to break Sandboxie you can boot into safe mode and
1) disable experimental protection

and/or

2) uninstall sandboxie

1) should be enough.

Patchers can be completely legit - games release patches all the time, and unofficial patches exist for many products. There are two ways that it can try to infect you (pretty much) 1) Try to write to system files or elsewhere directly 2) Try to drop files into the game folder, drivers, or patch the...