Sandboxie version 2.78.5 Released

[tzuk]

Anyone with an outstanding problem with Sandboxie ... please try this version.

[OwenBurnett]

Hi, I saw there is an win 64 installer, does this mean oyu finaly found a way around the evil patch guard?

Owen

[tzuk]

Yes. I noticed your post in the x64 topic in the other forum. But you didn't notice my post there from a couple of days ago . . .

[OwenBurnett]

I see, does it actualy bypass or siddables patch guard, or does it work in a way that is permited by patch guard?

Owen

[tzuk]

No bypass and no disable. Like I said earlier in that other topic, working against PatchGuard was never a direction that I considered. The new Sandboxie just doesn't upset PatchGuard.

[OwenBurnett]

So am I right assuming that PatchGuard is actualy not designed to fight rootkits as any rootkit could uses the way SB does and does its thing?

Owen

[tzuk]

No. Not at all. PatchGuard is designed to guard against modifications to the kernel. And it does that very well, I'm afraid. There is no way to fool it. You must either disable it (bad idea), or otherwise not upset it (good idea) -- but there is no middle path.

(There used to be, for a bit, which is how Sandboxie x64 worked a while back, but along came a Windows update...)

Anyway, it is still possible for kernel mode drivers to load and work in co-operation with the kernel to accomplish a task. This is what the new Sandboxie does. And it is very different than stomping on the kernel to accomplish a task. Which is what the old Sandboxie was doing.

And since there isn't a way to co-operate with the kernel in order to hide processes or drivers (you'd have to modify the kernel for that), then PatchGuard does its job and guarantees no rootkits.

(Unless rootkits disable PatchGuard, but if Microsoft updates PatchGuard periodically, then rootkits can only survive hidden until the next Windows update, thus greatly reducing their life span in your system.)