Sandbox Perfect for TrueCrypt

[Donnie]

Sandbox is a great idea. I dont bother using anti virus programs anymore because they dont work. Sandbox can possibly be a terrific solution to the virus problem.

Sandbox can also be a solution privacy enthusiasts and users of Truecrypt have been looking for.

A first defense to privacy abuse is to not have any evidence of an encryption program such as Truecrypt being run on your computer. The portable use of Truecrypt is an almost no traces program except for the registry entries that cant be reliably wiped after TrueCrypts use.

Sandbox intercepting those registry entries, and porting them to ram where they disappear upon computer shutdown would be of great interest to TrueCrypt users.

Just because TrueCrypt is open source, and free doesnt mean TrueCrypt enthusiasts dont contribute. We do. Open source is essential in privacy software because we need to know there are no back doors to it which we can check by looking at the open source. Free accepting donations brings in knowledgeable users who stopped buying on line software years ago because it never lives up to its hype, and who want too much money.

TrueCrypt users are regular people with jobs who consider themselves the goodguys who would be thrilled to donate to whoever can close down this last vulnerability in their software.

Now the bad news. Sandboxie and Truecypt do not work together! I get "the handle is invalid," and "Unable to connect to the TrueCypt device driver." " TrueCrypt cannot work if the device driver is not running."

Can anything be done to get these two software products to work together? Sandbox would be contributing to the power of the free world, admiration, and appreciation of the Truecrypt forums, and some extra bucks to pay for that upcoming Vista install. Both the latest beta, and stable version have been tried.

So what do you say Sandbox. Are you in?

[tzuk]

(Initially posted in Positive Reviews but moved here where it is more appropriate.)

I'm all for privacy, but if you also need to hide the fact that you have taken some privacy measures, then you must be a spy.

Sandboxie and TrueCrypt do work together. In a sandboxed program you can access a TrueCrypt volume. And you can place the sandbox itself onto a TrueCrypt volume.

If you're asking to be able to install TrueCrypt into a sandbox, that just makes no sense. But it's also technically impossible.

[Donnie]

Truecrypt is free so maybe you can duplicate this issue without much trouble. When unzipped, there is a TrueCrypt.exe. A user doesnt have to install TrueCrypt but can use the portable method of just clicking on TrueCrypt.exe. When I try to run TrueCrypt.exe from Sandbox either by right click menu, or from within the control box I get the above errors.

Can Sandbox run stand alone executables, or is something else going on particular to TrueCrypt.

The TrueCrypt forum is clinging to a cliff in anticipation of your answer. We're not spies, but we are all being spied upon. Really just ask our invisible friends.

[OwenBurnett]

TrueCrypt used in portable mode have to install a driver when started, this is blocked by sandboxie for obvious reasons,
however you can enable it
by
BlockDrivers=n
and you may need:
OpenKeyPath=truecrypt.exe,HKEY_LOCAL_MACHINE\System\*
but I'm not sure about the second.

Owen

[tzuk]

Owen, if you enable it like you say, then Donnie's system will show traces of the installation of TrueCrypt. I think his point was to install TrueCrypt in a way that leaves no trace.

Donnie -- why don't you (plural) just use password protected zip files? (Or stronger encryption; whatever). If you (plural) insist that your (plural) privacy store must be in the form of a usable drive letter, then the cost is a tracable installation of a Windows driver.

[Donnie]

The block drivers tip alone didnt work, and the registry entry is what trying to avoid.

[Unknown_User_451]

First of all, tzuk, I beg your pardon for the off-topic here.

Why not to take the opposite approach?

Why does TrueCrypt need to modify the registry in the first place?
I'd rather try to make TrueCrypt to use the hardware tokens (like Aladdin's USB eToken PRO) to store keys, etc.

Also, I am very much disappointed with TrueCrypt's demand of being an admin to use it's "mobile" mode.
And I do not really that adamant about it's "plausibility", I'm quite sure - a real pro will be able to see the second volume presence signs|traces.

[OwenBurnett]

TC needs to write to the System Key in order to be akle to load a driver, booth actions requirers administrativ privilegs.

Sandboxie can not solve this problem: when it let the entries outside the SB the driver can be loaded but traces are left behing, if it keeps the keys sandboxed the windows kernel can not load the driver.

OWen

[Holla]

(Initially posted in Positive Reviews but moved here where it is more appropriate.)

I'm all for privacy, but if you also need to hide the fact that you have taken some privacy measures, then you must be a spy.

Sandboxie and TrueCrypt do work together. In a sandboxed program you can access a TrueCrypt volume. And you can place the sandbox itself onto a TrueCrypt volume.

If you're asking to be able to install TrueCrypt into a sandbox, that just makes no sense. But it's also technically impossible.

Could you please, test Rohos mini (encryption software) with Sandbox for me. I do already have Rohos but wonder if I could use it with Rohos mini. I thought that if it works with TrueCrypt it should with Rohos too. But do not want to risk. By the way, Rohos mini is free. Thanx.

[Guest]

Sandboxie can not solve this problem: when it let the entries outside the SB the driver can be loaded but traces are left behing, if it keeps the keys sandboxed the windows kernel can not load the driver.

@OWen, Thanks for the info

[primetard]

I have sandboxie configured to create a sandbox in a TrueCrypt device-mounted encrypted partition. Now what? How does this protect me from online attacks? I understand the advantage of sandboxie, but how does truecrypt make the sandbox more secure or private from an online attack like XSS or clickjacking?

I understand that it protects me from local analysis of my hard drive, but I am more interested in remote attack mitigation.

[fr33d0m]

A TC drive will not protect you from any type of online attack. All that TC does is the same as your OS does/and what sandboxie does in a way. But an encrypted file container for it

Say you install firefox in the encrypted container.
All files firefox creates are encrypted. But can still be accessed by firefox/a process created within the true crypt container.

[Peter2150]

Truecrypt is free so maybe you can duplicate this issue without much trouble. When unzipped, there is a TrueCrypt.exe. A user doesnt have to install TrueCrypt but can use the portable method of just clicking on TrueCrypt.exe. When I try to run TrueCrypt.exe from Sandbox either by right click menu, or from within the control box I get the above errors.

Can Sandbox run stand alone executables, or is something else going on particular to TrueCrypt.

The TrueCrypt forum is clinging to a cliff in anticipation of your answer. We're not spies, but we are all being spied upon. Really just ask our invisible friends.

While totally off topic to Sandboxie, assuming you don't have to reboot to use the standalone truecrypt exe file, you want to use something like Shadowdefender or Returnil. Shadow the system run what you want put the container on the disk or maybe it's there, run Truecrypt, exit, and commit the container to the real drive. Reboot and all trace is pretty much gone. Someone would have to forensicly explore the disk

Pete