Allow for 'trusted' domains

[bizguy72]

Hi,

(Note: This feature request is a result of a problem report I raised located here: http://sandboxie.com/phpbb/viewtopic.php?t=816)

What would be nice - ie. a feature request - would be the ability to use the concept of trusted domains.

For example, using my scenario:

1. I specify my browser sessions (IE, firefox etc) to be forced sandboxed programs.

2. Additionally within the configuration, I would be able to specify domain 'my-intranet.com' to be a trusted domain.

Then, when the browser tries to start up on this domain, Sandboxie would recognise this as being a trusted domain and override the forced settings config thereby starting the browser up as a non-sanboxied environment.

This would be ideal for Intranet type environments. I do realise that if the Intranet then has an external link to the outside world, then you would be browsing in an unprotected environment....in this case, maybe Sandboxie could at least respond with some type of SBxxxx message to let you know this.

Thanks,
bizguy

[SBIE User]

Then, when the browser tries to start up on this domain, Sandboxie would recognise this as being a trusted domain and override the forced settings config thereby starting the browser up as a non-sanboxied environment.

I think bizguy has a great idea. The only suggestion I would make, as a friendly amendment, is that the user be asked to confirm opening a "trusted" domain before it actually overrides forced sandbox settings. That way, if malware is spoofing, the user will have the chance to stop the process before a "trusted" link (or spoofed "trusted" link) is opened outside the sandboxed environment.

Tzuk, I hope you'll consider adding this to your to-do list (or at least your to-be-considered-further list).

[tzuk]

This can be done in the form of the sandboxed process asking Sandboxie to open some link, and Sandboxie would agree only if the link appears in (the non-sandboxed) list of Internet Explorer's trusted domains. Which would mean that malicious software wouldn't be able to abuse this feature.

I think it's definately do-able, at some point down the road.

[SBIE User]

This can be done in the form of the sandboxed process asking Sandboxie to open some link, and Sandboxie would agree only if the link appears in (the non-sandboxed) list of Internet Explorer's trusted domains.

Tzuk,

That's great, but many Sandboxie users who are concerned about privacy and security are probably using Firefox or Opera for browsing. I hope you were just speaking generically and were not saying you would only have Sandboxie check the Internet Explorer's trusted sites list. If so, that wouldn't be of much value to me.

I was hoping we could just have a text file in the program directory listing trusted sites one per line.

[bizguy72]

Hi,

I second the comments of SBIE..... I use Firefox not IE so in order for this to be useful for me the solution would have to be designed in such a way to be browser independent as suggested.

Bizguy

[tzuk]

Actually I was talking about IE's trusted domains, specifically, because I know where Windows keeps them.

Does Firefox have a concept of trusted domains? Maybe it also keeps a list that could be consulted?

But if not, trusted domains can be configured from Control Panel -> Internet Options, without starting an instance of IE.

If you're thinking about Firefox, and placing the list of trusted domains outside Firefox anyway (like in a text file), then why not maintain them as part of the Windows/IE concept of trusted domains, through that Control Panel applet?

[SBIE User]

If you're thinking about Firefox, and placing the list of trusted domains outside Firefox anyway (like in a text file), then why not maintain them as part of the Windows/IE concept of trusted domains, through that Control Panel applet?

Firefox does not have trusted domains as such, although it does allow "trusted" sites for the limited purposes of placing cookies and installing add-ons.

I would never put any sites in the IE trusted domains list except for Windows Update. Even with Sandboxie, I don't trust IE and don't want to open any more holes in it than are absolutely necessary.

Would it be harder to read a simple text file with a list of trusted directories for any browser in the Sandboxie program directory instead of relying on the IE trusted sites registry entries?

I appreciate your willingness to give us an opportunity to discuss possible new features and to comment on possible approaches in advance.

Thanks again.

[tzuk]

It's not that reading a text file is particularly difficult. But, I would imagine most people would prefer to maintain this list within their browser *, and have Sandboxie see that list.

(* This is assuming the Firefox facility for this is adequate, and its list can be consulted.)

Which means the text file you want, would probably be unused most of the time, anyway.

I can understand that you don't like IE, but I think your aversion is not justified, in this case. It's really just a list of domains that you tell Windows to trust, and then IE honor that list. But if you don't use IE then how can this hurt you?

[SBIE User]

This is assuming the Firefox facility for this is adequate, and its list can be consulted.

Unfortunately, Firefox does not have such a facility. It just has settings for allowed cookies and for domains allowed to install add-ons. Perhaps you could use the add-ons domains permissions list, but I don't think that would be very clear to folks as it is for a limited purpose and does not use any language like "trusted" domain.

Because I use FirefoxPortable as my main browser, I have left IE7 as my default browser -- even though I hardly ever use IE except for Windows updates. So if I start adding trusted sites to IE7, I would be at risk when those sites are allowed to open outside the sandbox.

That is to say, that sites I would trust with Firefox may be sites I would not trust with IE -- because my Firefox blocks scripts and such.

How about a compromise? Have Sandboxie first look for IE trusted sites and then add any that are in a text file in the program directory. That's essentially the order in which Sanboxie reads the config file already, isn't it?

Anyway, I think bizguy had a good idea, but I wouldn't use the extra feature if you were to use IE's trusted sites to implement it. I'd just stick with the way I do things now.

Thanks for considering the suggestion, even if you decide to do it some other way.

[tzuk]

Then how about this compromise: That you could tell Sandboxie that your "trusted-for-unsandboxed-browser" domains can be found in the list of "IE restricted domains" (in addition to "IE trusted domains").

As far as I know, these restricted domains get even less privilege than in the normal Internet zone.

[SBIE User]

Then how about this compromise: That you could tell Sandboxie that your "trusted-for-unsandboxed-browser" domains can be found in the list of "IE restricted domains" (in addition to "IE trusted domains").

As far as I know, these restricted domains get even less privilege than in the normal Internet zone.

Tzuk,

I'm not sure if you were serious about that, but those sites are dangerous or otherwise undesirable sites, and the list comes pre-populated with (censored) sites, spammers and such -- or perhaps those were added by my SpySweeper or Spybot subscriptions.

I just looked at what is in that restricted domains list on IE on my machine, and I certainly would not want any of those sites to be accessed at any level by any browser I might use.

OK, we've kicked this horse to death. I'm happy enough with the way things are.

[Guest]

Hi,

I was thinking the easiest way would be to just make it another option within the existing configuration file 'sandbox.ini':

eg.

[GlobalSettings]
.
.
TrustedDomain=my-intranet.com
TrustedDomain=microsoft.com

...thereby removing the need for any additional file and removing the dpendency on any type of browser.

Bizguy

[tzuk]

Ah. My list of restricted sites is empty so it never occured to me that it may actually be populated with evil sites. Alright . . . I guess I'll start with just the text file (probably as part of Sandboxie.ini, as suggested here) and see where to take it from there.