Sandboxie Support

Recently a tremendous flaw in Intel processors was discovered. In order to address the issue, Windows is expected to redesign their kernel for additional security, patching the flaw.

Updates to the Windows Kernel typically don't play too nice with Sandboxie in my experience. Is this an issue that is currently on the team's radar? Can I expect to see bluescreens after Windows patches the kernel? Or will there be an update in advance to address this upcoming issue?

Hello Nitrile,

It is too early to know what are the changes going to involve, but the devs are aware of the situation and we will monitor/test updates to see how they affect Sandboxie (if they affect it at all).

Regards,
Barb.-

According to the articles I have read, this fix for Windows 10 went into the Fast Ring in Nov. & Dec. There have been no problems detected with Sbie thus far.

Wonderful to know! Thank you so much for the prompt and direct reply.

Keep up the fantastic work!

Hi,
am i secure when i run my browser inside sandboxie?

AFIK: the vulnerability effects the Kernel and is at BIOS level, so probably not.
Although it is said that private/non-cloud users probably won't be targeted by bad guyys.

Moved the posts related to KB4056897 here :
viewtopic.php?f=17&t=25290

The devs have been made aware.

Regards,
Barb.-

Sandcastle wrote: ↑

Thu Jan 04, 2018 8:23 am

AFIK: the vulnerability effects the Kernel and is at BIOS level, so probably not.
Although it is said that private/non-cloud users probably won't be targeted by bad guyys.

They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory?

shmu26 wrote: ↑

Thu Jan 04, 2018 1:46 pm

They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory?

We are still investigating these issues. Since these are hardware problems that bypass Windows entirely, I doubt they can be stopped by sandboxing. Most likely these can only be mitigated by Windows kernel patches (i.e. Microsoft).

There is no reason to panic. There is no known exploit of this bug in the wild, and MS patches are being distributed now.

Can somebody explain this? For example, some malicious process started in SB and via Meltdown exploit read my memory. If I terminate all process in this sandbox is I'm safe from this moment? can some processes exist only in memory after killing all processes in sandbox or i need restart pc?

danicx wrote: ↑

Sat Jan 06, 2018 9:24 am

Can somebody explain this? For example, some malicious process started in SB and via Meltdown exploit read my memory. If I terminate all process in this sandbox is I'm safe from this moment? can some processes exist only in memory after killing all processes in sandbox or i need restart pc?

While not exactly what you asked about, Please see: viewtopic.php?f=17&p=131781#p131781
More particularly I haven't been able to test it properly and I AM NOT A MALWARE PRO but it seems to be possible for an offending process (or script) to run [given normal limits] within the sandbox and any other 'allowed' exe to then make use of such exploits via JS. While the Spectre exploit in particular seems difficult to reproduce\achieve atm, the meltdown exploit (to my limited knowledge) is partly taken care of via the OS updates with winblows and we should just be waiting on the hardware vendors (which may never update old stuff) to enable the changes via a bios/uefi update.

I'm not normally a cross my fingers type of person but sadly without more info, that is now what I am down to at the moment like everyone else.

The spectre side still has me wondering atm but if it helps the beer hasn't been thrown too far yet.

More generally, yes, if all offending processes are killed then the threat *should be over* by that point. Please take into account I'm not a programmer and I'm tooting outta an unsecured hole....and I'm almost always intoxicated...geesh I sound rather untrustworthy all the sudden!