1. add a "yes to all" overwrite function when recovering (this can be annoying when it has to overwrite alot of files :X).
2. encryption
3. a file wipe option (dod,zero,Peter Gutmann..etc) on delete / recover.
4. maybe a quicker access to get to the sandbox startmenu (like rightclick on the icon select the sandbox and have a < arrow that goes directly over to that sb start menu,desktop..etc).
also when sandbox or a program in the sandbox deletes a file it gets replaces with a 0byte file, maybe add something to remove these 0byte files.
other than this i think this program is nearly perfect, some other useful functions would be allow a program to run more then one instantce , this works now but unfortunitly you have to run the program under another sandbox it would be better if you could keep them under one.
keep up the good work!
a fer sugestions / requests
These two have been discussed and rejected repeatedly, and one is also listed in "Common Feature Requests". My feeling is that each of those technologies is less than 100% even by those that devote entire programs to them. Why dilute a pristine program like SandboxIE just to feed into user paranoia?2. Encryption
3. a file wipe option (dod,zero,Peter Gutmann..etc) on delete / recover.
Tzuk has stated somewhere in here that he is looking at the StartMenu in its' entirety in terms of solutions. Whether or not that particular idea is on his mind, I can not say.4. maybe a quicker access to get to the sandbox startmenu (like rightclick on the icon select the sandbox and have a < arrow that goes directly over to that sb start menu,desktop..etc).
Wouldn't this also undermine security, allowing malware to impersonate allowed programs?other than this i think this program is nearly perfect, some other useful functions would be allow a program to run more then one instantce , this works now but unfortunitly you have to run the program under another sandbox it would be better if you could keep them under one.
-
xellos
on the wipe/encryption issue, to be honest this is how i found out about sandboxie by looking for security programs, anyways i don't see it as a foolish idea maybe in your personal case it is, but when its used for sensitive data its not so foolish..anyways as you said its been discussed repeatedly (isn't this what this section is for, for users to ask for things they would like to see implamented?) seems like people keep requesting it...and its not user paranoia for example on a notebook if its stolen alot of information can be easyaly recovered even if its been deleted months before, for desktop users its not so much a useful thing, for enterprise / corporate / developers users discarded hard drives can have a ton of company information (like source code) or customers personal info.
another thing is when a user on another user account browses to the sandboxie folder can run the programs that might be in there , and end up infecting the system or sandboxie program.
anyways just me 2 cents.. i don't see how it would dilute a program if anything it would answer alot of requests and make a good program even better, for the basic user have a check box to disable it to keep previous functionality so its a win win case.
I'm also not talking about sever encryption like 256 bit aes encryption with generated keys, maybe something simple like scrambled file name and blow fish encryption or even a rar /zip container for each file with no compression but using its encryption technology (probly can't use rar due to license issues)...
anyways the reason i wanted it was so if i wanted to run a program that saves sensitive data it could be in sandboxie (without outside influance) but also encrypt the data to keep it safe from anything outside sandboxie.
im just throwing the idea out there obviously you use sandboxie in a way very differnt then what i use it for so in your opinion its a user paranoia option.
maybe a poll could be created for the features to be added next like
1. quick start menu
2. hot keys ..etc
and people could vote..
another thing is when a user on another user account browses to the sandboxie folder can run the programs that might be in there , and end up infecting the system or sandboxie program.
anyways just me 2 cents.. i don't see how it would dilute a program if anything it would answer alot of requests and make a good program even better, for the basic user have a check box to disable it to keep previous functionality so its a win win case.
I'm also not talking about sever encryption like 256 bit aes encryption with generated keys, maybe something simple like scrambled file name and blow fish encryption or even a rar /zip container for each file with no compression but using its encryption technology (probly can't use rar due to license issues)...
anyways the reason i wanted it was so if i wanted to run a program that saves sensitive data it could be in sandboxie (without outside influance) but also encrypt the data to keep it safe from anything outside sandboxie.
im just throwing the idea out there obviously you use sandboxie in a way very differnt then what i use it for so in your opinion its a user paranoia option.
maybe a poll could be created for the features to be added next like
1. quick start menu
2. hot keys ..etc
and people could vote..
This isn't a democracy.xellos wrote:maybe a poll could be created for the features to be added next like
1. quick start menu
2. hot keys ..etc
and people could vote..
As for the encryption feature request, in my opinion it adds little value to Sandboxie. There are projects out there that employ encryption/cryptography experts and create robust solutions. If you really care about your sensitive data, would you
(1) Put the sandbox on an encrypted volume that is managed by proven, dedicated encryption software such as TrueCrypt.
(2) Trust my unproven implementation of an encrypted sandbox.
If you go for (2), then you shouldn't be asking for encryption in Sandboxie anyway. If you go for (1), which is what you should do, then you don't need Sandboxie to encrypt anything.
tzuk
xellos, you misinterpreted my comment. By 'user paronoia' I did not mean that specifically directed at you. What I meant was that, let's say that however you use your computer - you need encryption. That is of course fine. Now let's say that we took a vote and 100 users replied that they also needed it. The 'user paranoia' refers to the percentage of those users that did not actually need it, but thought it would be kind of nice to have if they ever needed it.
I see that Tzuk has addressed the issue, I just didn't want you to think I was just blowing it off. (The startmenu thingy isn't bad.....)
I see that Tzuk has addressed the issue, I just didn't want you to think I was just blowing it off. (The startmenu thingy isn't bad.....)
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
-
Guest
tzuk, i noticed a option in the options , under delete -> Command i liked how you had it to be able to specify a external command to remove the sandbox, would it be possible for you to add a specific delete / recover command like this for indiv. files / folders and not the whole sandbox?
this would be an easy way for users to setup a file wipe program (through a 3rd party program).
maybe even something similar for open & closing files or just specific files / folders.
..also to add to the start-menu idea maybe have a option to enable showing just whats installed in the sandbox and not show the default system start menu combined with the sandbox ..this could also speed it up and avoid some confusion for what you actully installed in the sandbox.
another thing i noticed when copying something to the clipboard in the sandbox it is allowed to bypass the sandbox and interact with the system (this is ok for me, i actully need it to interact out of the sandbox) but im not sure if you designed it like this since keyloggers or other loggers? might be able to access or watch the clipboard..maybe another option to allow/disallow clipboard interaction.
just throwing some ideas out there, id like to see this program get even better.
, under delete -> Command i liked how you had it to be able to specify a external command to remove the sandbox, would it be possible for you to add a specific delete / recover command like this for indiv. files / folders and not the whole sandbox?this would be an easy way for users to setup a file wipe program (through a 3rd party program).
maybe even something similar for open & closing files or just specific files / folders.
..also to add to the start-menu idea maybe have a option to enable showing just whats installed in the sandbox and not show the default system start menu combined with the sandbox ..this could also speed it up and avoid some confusion for what you actully installed in the sandbox
.another thing i noticed when copying something to the clipboard in the sandbox it is allowed to bypass the sandbox and interact with the system (this is ok for me, i actully need it to interact out of the sandbox) but im not sure if you designed it like this since keyloggers or other loggers? might be able to access or watch the clipboard..maybe another option to allow/disallow clipboard interaction.
just throwing some ideas out there, id like to see this program get even better.
Boy, Amen to that statement! I usually make a daily visit to Wilders (they do have some good threads too). But it seems like many posters there spend more time defending themselves against cyber nuclear attack then just enjoying their pc's.SnDPhoenix wrote:...this secure deletion crap is just pure paranoia fed to people through sites like Wilders, where people spend more time "layering" their PC for defense, then actually using the frigging thing...
-
xellos
why are all you using sandbox then? you are contradicting your self isn't sandboix just pure paranoia that every program has malware / spy-ware or is virus-ed..
sandboix is just another security tool to protect the computer from harm, just like encryption is meant to keep the data from unauthorised persons.
there are company's that spend millions on encryption technologies for a reason.
but i can see your point from a beginner PC user prospective, its useless for a gamer/ casual / web surfing user for example. but when working with source code / business documents on a notebook computer its essential.
anyways enough with the paranoia replies, just like sandboxie is use full for some its just paranoia for others. and btw I have never even been to Wilders.
tzuk already gave a response so maybe an alternative would be a better way to work with 3rd party programs on open/close - delete/ recover.
sandboix is just another security tool to protect the computer from harm, just like encryption is meant to keep the data from unauthorised persons.
there are company's that spend millions on encryption technologies for a reason.
but i can see your point from a beginner PC user prospective, its useless for a gamer/ casual / web surfing user for example. but when working with source code / business documents on a notebook computer its essential.
anyways enough with the paranoia replies, just like sandboxie is use full for some its just paranoia for others. and btw I have never even been to Wilders.
tzuk already gave a response so maybe an alternative would be a better way to work with 3rd party programs on open/close - delete/ recover.
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
No Sandboxie isn't paranoia, cause simply put, it isn't used by the paranoid nor does it make you paranoid either. Also people dont use Sandboxie because they are afraid every file is a virus, they use it to keep junk off their PC, including viruses, so it is just trapped in a sandbox. I mean, hell I've purposely installed viruses/malware before in a sandbox and been perfectly relaxed doing it. What other program can you say that about?xellos wrote:why are all you using sandbox then? you are contradicting your self isn't sandboix just pure paranoia that every program has malware / spy-ware or is virus-ed..
sandboix is just another security tool to protect the computer from harm, just like encryption is meant to keep the data from unauthorised persons.
there are company's that spend millions on encryption technologies for a reason.
but i can see your point from a beginner PC user prospective, its useless for a gamer/ casual / web surfing user for example. but when working with source code / business documents on a notebook computer its essential.
anyways enough with the paranoia replies, just like sandboxie is use full for some its just paranoia for others. and btw I have never even been to Wilders.
tzuk already gave a response so maybe an alternative would be a better way to work with 3rd party programs on open/close - delete/ recover.
What is paranoia is things like secure delete and encryption.
Like you said, yes it is useful for corps and governments, I agree, and that is also who secure deletion as well as encryption was/is originally intended for. However, it has no use though for regular home PC users who just want to shred that folder of MP3s cause they are paranoid someone will steal their HDD and report them to the police for having music on their HD (since the music could be pirated), or because they want to encrypt that notepad file titled "My social security number" so that if (or in their minds, when) someone breaks into their house specifically for the HDD, they can't read it without a pass.
All this aside, I would take tzuks advice and use the time proven TrueCrypt. Is is small, light, fast, free, opensource, has lots of work put in to it, has been developed for years and has even proven to be MORE secure then over half of the other encryption software out there.
Truth be told, you shouldn't really need to look to hard into this, all you do is install TC, then create a new virtual disk, mount it and just change the "Container Folder" in Sandboxie settings to point to the virtual disk. Thats it, everything put into the sandbox will go inside the virtual disk and be encrypted.
-
Guest
Who is online
Users browsing this forum: No registered users and 1 guest
