Hi,
First of all, this is a great program!
I've read through many threads, and the topic of encrypting the sandbox has come up a couple of times. However, while it is true that TrueCrypt could be used (i.e. create TrueCrypt container, then install the sandbox within that) - I'm hoping for a less intrusive, and certainly quicker approach. Why not instead offer the possibility that every file written to the sandbox is encrypted on the fly, and possibly the filenames jumbled up so it would be hard to understand what the files contained if browsing to the Sandbox folder?
In practical terms, when someone would try to open a app that is sandboxied in this way, they would be asked for a password. Only then could they browse the contents in a special Sandboxie file explorer, or run the Sandboxed app.
To me, this is a lot more convenient than having to first start TrueCrypt and keep that open for the whole session, and then run Sandboxie when opening apps. This could either be added as a new base feature to Sandboxie, as part of "Deluxe pay" version or as a plugin (free or at a charge).
Keep up the good work!
Include encryption within Sandboxie?
-
Iron Man
Re: Include encryption within Sandboxie?
I was thinking that if you encrypt files on the fly, then de-encryption would also be required, right? And all this would just reduce the performance/speed of applications.tomes wrote:Why not instead offer the possibility that every file written to the sandbox is encrypted on the fly, and possibly the filenames jumbled up so it would be hard to understand what the files contained if browsing to the Sandbox folder? In practical terms, when someone would try to open a app that is sandboxied in this way, they would be asked for a password. Only then could they browse the contents in a special Sandboxie file explorer, or run the Sandboxed app.
HI,
for me this are two different aspects of security (system security (sandbox, av, fw ...) vs data security (encryption, backup ...) and I cannot see the added value in combining both in one product.
I dislike "suites" because they tend to origin from one (good) product and combine it with other mostly not so good products.
Sandboxie works well with TrueCrypt, TrueCrypt is an exellent product, as is Sandboxie, so why blow Sandboxie up with functionality that it probably cannot provide as efficiently as TrueCrypt does?
If "ease of use" is an issue, I would be in favor an install option like "use encrypted sandbox" that automatically sets up an truecrypt encrypted sandbox (technically this would be easy enough, since Truecrypt fully provides a command line interface, about 3 commands would do) and perhaps a checkbox "start truecrypt with sandboxie"
Mike.
for me this are two different aspects of security (system security (sandbox, av, fw ...) vs data security (encryption, backup ...) and I cannot see the added value in combining both in one product.
I dislike "suites" because they tend to origin from one (good) product and combine it with other mostly not so good products.
Sandboxie works well with TrueCrypt, TrueCrypt is an exellent product, as is Sandboxie, so why blow Sandboxie up with functionality that it probably cannot provide as efficiently as TrueCrypt does?
If "ease of use" is an issue, I would be in favor an install option like "use encrypted sandbox" that automatically sets up an truecrypt encrypted sandbox (technically this would be easy enough, since Truecrypt fully provides a command line interface, about 3 commands would do) and perhaps a checkbox "start truecrypt with sandboxie"
Mike.
Thanks for the responses. Yes, I'm sure this is not for everyone, but having encryption has it's advantages. I understand the primary goal of Sandboxie is to keep your system safe from clutter and damaging programs/viruses - but I also think there are quite a few people that would like to keep their data safe from the prying eyes of bosses, spouses etc.
Obviously there is a certain amount of performance hit by on the fly encryption (depending on the algorithm used) - but with today's machines, it is hardly a big issue anymore. (heck, I used PGP Disk abou 8 years ago, and that was working ok at the time)
I currently do have Sandboxie installed in conjunction with TrueCrypt, but since it is a hassle to first have to mount the "volume" from TrueCrypt before I start using Sandboxie, I tend to skip using it all together.... So ease of use is the big thing for me. Also, one should expect that quite a few of the people that want this functionality may not even know what TrueCrypt is / how to install or use it etc.
Maybe it would be possible to do some kind of partnership w/TrueCrypt, where if I have it set up properly, Sandboxie knows which container I would like to open in TrueCrypt and simply prompts me for the password (and passes it along to TrueCrypt)? If the documentation directs the people to TrueCrypt (for more info), if they want this added functionality, that seems like something TrueCrypt would be interested in.
Come to think of it, maybe someone who knows Sandboxie and TrueCrypt enough can show me how I can make a .cmd file that first calls TrueCrypt with the right parameters (so the GUI doesn't pop up expect for password), then directly afterwords it launces Sandboxie with the correct app/sandbox? This would work for me too.
Obviously there is a certain amount of performance hit by on the fly encryption (depending on the algorithm used) - but with today's machines, it is hardly a big issue anymore. (heck, I used PGP Disk abou 8 years ago, and that was working ok at the time)
I currently do have Sandboxie installed in conjunction with TrueCrypt, but since it is a hassle to first have to mount the "volume" from TrueCrypt before I start using Sandboxie, I tend to skip using it all together.... So ease of use is the big thing for me. Also, one should expect that quite a few of the people that want this functionality may not even know what TrueCrypt is / how to install or use it etc.
Maybe it would be possible to do some kind of partnership w/TrueCrypt, where if I have it set up properly, Sandboxie knows which container I would like to open in TrueCrypt and simply prompts me for the password (and passes it along to TrueCrypt)? If the documentation directs the people to TrueCrypt (for more info), if they want this added functionality, that seems like something TrueCrypt would be interested in.
Come to think of it, maybe someone who knows Sandboxie and TrueCrypt enough can show me how I can make a .cmd file that first calls TrueCrypt with the right parameters (so the GUI doesn't pop up expect for password), then directly afterwords it launces Sandboxie with the correct app/sandbox? This would work for me too.
Just a follow-up for those that are interested: It's possible to create a batch file that at least makes it easier to use the two programs together. My .cmd file looks like this (some pathnames etc are fake but other than that..):
"C:\Program Files\TrueCrypt\truecrypt" /v C:\TrueCryptFiles\archive01.tc /lq
"C:\Program Files\Sandboxie\Start.exe" /box:DefaultBox "C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk"
What this will do is open the TrueCrypt program. All you have to do is press "Mount" and the password dialog comes up. After inputting it. Press Exit and then the Sanboxed Firefox comes up. I store the actual Sandboxie application on my c drive (unencrypted), but the Sandbox (DefaultBox) is stored on "Q" drive (which is the TrueCrypt drive)
"C:\Program Files\TrueCrypt\truecrypt" /v C:\TrueCryptFiles\archive01.tc /lq
"C:\Program Files\Sandboxie\Start.exe" /box:DefaultBox "C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk"
What this will do is open the TrueCrypt program. All you have to do is press "Mount" and the password dialog comes up. After inputting it. Press Exit and then the Sanboxed Firefox comes up. I store the actual Sandboxie application on my c drive (unencrypted), but the Sandbox (DefaultBox) is stored on "Q" drive (which is the TrueCrypt drive)
-
Iron Man
I know what you mean. But here, it seems that you're asking for a software developer to make sandboxie do something that's irrelevant to its sandbox purpose. It's like asking a company that makes toasters if they could include a DTS decoder in the toaster. I can understand it if sandboxie was a data bank. But it's a sandbox program that is meant to prevent the registry and normal environment (except generally for c:\sandbox) from getting modified........not a data bank. This is just my view of it anyway.tomes wrote:but I also think there are quite a few people that would like to keep their data safe from the prying eyes of bosses, spouses etc.
I have difficulties to see, why it is of advantage to encrypt a sandbox, since one can always set the sandbox to auto delete and even use a third party tool such as "eraser" to delete the content. This being said...
I would go for :
- truecrypt formated usb stick that auto-mounts (TrueCrypt has a wizard for this)
- start sandboxie + browser from the autostart.inf of the usb device
- for 100% (data) security you could configure truecrypt to use a keyfileson the host , that way the stick can only be used with this one computer or any other computer you copy the host keyfile to...
or
- write a small batch that mounts the truecrypt drive, fires up sandboxie + sandboxed browser.
Both solutions allow for 1click encrypted sandboxed browsing.
I would go for :
- truecrypt formated usb stick that auto-mounts (TrueCrypt has a wizard for this)
- start sandboxie + browser from the autostart.inf of the usb device
- for 100% (data) security you could configure truecrypt to use a keyfileson the host , that way the stick can only be used with this one computer or any other computer you copy the host keyfile to...
or
- write a small batch that mounts the truecrypt drive, fires up sandboxie + sandboxed browser.
Both solutions allow for 1click encrypted sandboxed browsing.
-
xellos
I would also like to see an encryption option with sandboxie, (an option to check to enable or disable encryption) so people who dont like the feature can have an option not to use it....one main reason i would like encryption is so someone doesnt browse to the sandboxie folder and run a program that might be in that folder (overriding sandboxie), also is nice for improved security...
another option is the delete/recover function maybe have an "option" to write over the data a few times or zero fill the files so they can't be recovered after you either recover or delete them..
other then these features missing i think sandboxie is a great program
i understand there are external programs that can do this (like bcwipe for deleting and truecrypt for encryption) but i think its a hassle and would like to see it under one great program.
another option is the delete/recover function maybe have an "option" to write over the data a few times or zero fill the files so they can't be recovered after you either recover or delete them..
other then these features missing i think sandboxie is a great program
i understand there are external programs that can do this (like bcwipe for deleting and truecrypt for encryption) but i think its a hassle and would like to see it under one great program.
Dude!! Never gonna happen!! Do you have any idea how much of an undertaking an on-the-fly encryption program is? Look at companies like PGP and SecureStar, and see how much they charge for their software. Even TrueCrypt is a whole development TEAM! How in the world do you expect tzuk to develop an entirely different software platform and include it inside Sandboxie for no extra charge? I could imaigne it would take one person years to develop a product from scratch on par with TrueCrypt or PGP, et. al.
Sorry man, but you guys gotta think about these requests first.
Sorry man, but you guys gotta think about these requests first.
-
xellos
well i mean just a basic encryption nothing advanced maybe something even as simple as a rar/zip file container with its built in encryption., just because a company pgp and securestar change means nothing there is plenty of companys that do the same thing for free... look at "encfs" for linux on the fly compress / decompression in userspace. and its very fast also opensource.
even windows has ntfs encryption built into the os - there is plenty of ways to encrypt/decrypt files on the fly.
anyways just putting it out there maybe if enough people request it then it can be done, im sure developing sandboxie was no easy task either, it doesnt mean it cant be done.
even windows has ntfs encryption built into the os - there is plenty of ways to encrypt/decrypt files on the fly.
anyways just putting it out there maybe if enough people request it then it can be done, im sure developing sandboxie was no easy task either, it doesnt mean it cant be done.
tzuk wouldn't have to write all coding from scratch, there are enough libraries available he could use, but.. still a load of work!
I don't think it's going to happen and i can understand why, though i can see one advantage, or two..
- the data isn't accessable from outside the sandbox by, eg, scanners av/mallware or prying eyes.
- i always get traces of data from sandbox programms in my registry (windows does this, not the programm!) maybe this could avoid this effect.
whenever i run a program sandboxed there are no traces found anywhere but... the registry, it finds the executable names and data on filetype extensions.
I don't think it's going to happen and i can understand why, though i can see one advantage, or two..
- the data isn't accessable from outside the sandbox by, eg, scanners av/mallware or prying eyes.
- i always get traces of data from sandbox programms in my registry (windows does this, not the programm!) maybe this could avoid this effect.
whenever i run a program sandboxed there are no traces found anywhere but... the registry, it finds the executable names and data on filetype extensions.
-
PrittyGood
Sandboxie, TrueCrypt, CCleaner, Firefox are such amazing free of charge applications we all use today.
Of course, it could be outstanding to combine those apps into one-single application.
However, technically it is too hard to achieve.
Who knows, maybe the next vital competitor of Microsoft will be the programmer(s) who could manage to combine all those apps' wonderful jobs into one!
Of course, it could be outstanding to combine those apps into one-single application.
However, technically it is too hard to achieve.
Who knows, maybe the next vital competitor of Microsoft will be the programmer(s) who could manage to combine all those apps' wonderful jobs into one!
Who is online
Users browsing this forum: No registered users and 1 guest
