what about hooks

[street011]

well it got clear to me sb doesn't prevent hooks, so i wonder, what if i build a piece of software that does everything with hooking? say...

- i hook to the start menu, pop it up, point to "run..." enter a website with malicious scripting, and 'hook-hit' the OK button...

looks to me the script will run unsandboxed and will effect your real system.

tzuk... am i right here or is that preventd?

for all i want i could call up notepad to code a script very fast using hooks, or download a trojan using ftp.

[SnDPhoenix]

Grrr, why has everyone been so hooked on hooks lately (lol, no pun intended) if you are really that worried about being able to block hooks and w/e else you can think of, than use an H.I.P.S software like System Safety Monitor http://www.syssafety.com/ (i know i have brought it up a few times on this forum the last few days, but its because ppl keep bringing up "hook blocking" programs). but it is not and should not (at least i hope not) going to be incorporated into SBIE, so just use SSM. Btw if you are gonna use SSM, use the final build not the beta versions, they are too buggy.

[tzuk]

From http://www.sandboxie.com/index.php?DetectingKeyLoggers:

If the executable files for the program requesting the hook, are located inside the sandbox, then the request is silently denied. Otherwise, the request is silently allowed.

This behavior is not adequate and will be revised in future version of Sandboxie.

[street011]

stupid me... i actualy knew this in the back of my head...

tnx tzuk

[street011]

From http://www.sandboxie.com/index.php?DetectingKeyLoggers:

If the executable files for the program requesting the hook, are located inside the sandbox, then the request is silently denied. Otherwise, the request is silently allowed.

This behavior is not adequate and will be revised in future version of Sandboxie.

tzuk, it seems not all hooks are denied,
i ran my famous "Spy and Capture" from inside the sandbox space, and i was still able to control applications outside, closing it, disabling it, making it invisible etc.

[tzuk]

Good, then you are in a position to easily confirm or deny, that the replacement SbieDrv.zip from another topic, is securing Win32 hooks as well as message sending.

[street011]

Good, then you are in a position to easily confirm or deny, that the replacement SbieDrv.zip from another topic, is securing Win32 hooks as well as message sending.

CONFIRMED!!!

great job tzuk!

will this driver be in the next release/beta?

[Unknown_User_384]

Good, then you are in a position to easily confirm or deny, that the replacement SbieDrv.zip from another topic, is securing Win32 hooks as well as message sending.

i tried this new drive and when opera is sandboxed i was unable to do copy /paste operations with texts.

1-run opera sandboxed
2-navigate to any site
3-select any part of a text from the site with mouse
4-right click and select copy
5-try to paste it to address bar or any other text box.
6-nothing happens

also the default mouse icon(an arrow) does not change to hand icon when it's over url shortcuts.

i know that the driver is premature atm, but these are the annoying issues which i just wanted you to know, tzuk. thanks for this great software.

winxp home sp2,sanboxie running along with prosecurity 1.30

[street011]

I also have a few problems...

what was mentioned above... copy/paste is impossible.

+ my mediaplayer classic just wont work...

+ my mousecursor-type gets stuck, if i go inside the sandboxed firefox area my pointer stays like <-> and when i happen to be at a text box first hand i get a "I" as my cursor constantly :p

+ i noticed i can run an explorer process in the new sandboxie driver, look slike it takes over the existing explorer process and makes it a sandboxie process. after that every thing i do is sandboxed, i cant even unsandbox it cuz even sandboxie is sandboxed... well you get the idea :p
(i see something good and something stupid here )

[SnDPhoenix]

Omg, i was actually about to try out the new driver, now im afraid to

[tzuk]

Like I said in that other post, the driver blocks way too much stuff.

It's similar to how Sandboxie 2.71 started blocking access to all unknown resources, except allowing access to a few known ones.

Which was the other way around with respect to 2.64, which was allowing access to all unknown resources, except blocking a few known ones.

Now it's almost the same thing with blocking windows and hooks.

It's going to take a while to sort out the stuff that should still be accessible.

In other words, this driver is just proof-of-concept, it's really not ready for even 'beta' use.

[street011]

I also have a few problems...

what was mentioned above... copy/paste is impossible.

+ my mediaplayer classic just wont work...

+ my mousecursor-type gets stuck, if i go inside the sandboxed firefox area my pointer stays like <-> and when i happen to be at a text box first hand i get a "I" as my cursor constantly :p

+ i noticed i can run an explorer process in the new sandboxie driver, look slike it takes over the existing explorer process and makes it a sandboxie process. after that every thing i do is sandboxed, i cant even unsandbox it cuz even sandboxie is sandboxed... well you get the idea :p
(i see something good and something stupid here )

found two other problems with the new "alpha" driver,

+ i'm unable to access network resources in sandboxed applications.
+ sounds are not functional in some applications, MSN for example
+ icon's are not put in tray, wich makes programs unaccessable when minimized to tray.

[tzuk]

This is an update on what I've been doing recently.

will this driver be in the next release/beta?

As it turns out, no.

I was looking some more into this specific type of blocking for GUI resources, and it's no good. It's way too restrictive. The sandboxed program can't even access cursor images unless these cursors were defined in the sandbox.

(For example, in IE 7, with this driver, you will see the cursor frequently disappear. That's because the cursor is trying to become the textual cursor ( | ) or a hand cursor, and these cursors are simply not there.)

But, I spent a few weeks looking for an alternative approach, and by now I am fairly confident that I found the way to go about this.

[tzuk]

And now I can say it's working perfectly.

[Unknown_User_384]

congratulations tzuk! can't wait for a beta/update