Version 4.01 - Major changes to underlying architecture

Listing issues addressed in beta version 4.01
bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Wed Feb 27, 2013 10:33 pm

Hi Tzuk, I tested 4.01.02 on my XP SP3 32 bits computer, this is what I found. All programs run sandboxed by right clicking on a file or as a forced program as long as Drop Rights is not enabled. If Drop Rights is ticked, I get message 2203.

The only programs that I have as Forced that did not work for me were Excel and Word (Microsoft Office Professional Edition 2003). This programs run fine sandboxed if I right click on a file but the file wont open if I attempt to run it forced.

Bo

Whositit
Posts: 1
Joined: Thu Mar 07, 2013 9:57 am

Post by Whositit » Thu Mar 07, 2013 9:59 am

Any chance we could get this added for extra privacy on shared computers? http://www.sandboxie.com/phpbb/viewtopi ... 9973#79973

I think the fact that any user can open any persons sandbox-folder is a terrible privacy hole. Only person X should be able to open person X's folder.

Labak54
Posts: 5
Joined: Fri Mar 08, 2013 5:16 am

Post by Labak54 » Fri Mar 08, 2013 5:41 am

Hi,

I have a problems with the new sandboxie versions and Internet Explorer 10. If I open a new tab right-click all ok is. But when this first tab is closing, no new one tabs can opened with a right-click; sandboxie hangs. Has someone a solution? Thanks !

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Fri Mar 08, 2013 7:31 am

Please don't report problems in this topic. Instead start a new topic in the Problem Reports forum. Thanks.
tzuk

DSAnd
Posts: 58
Joined: Tue Mar 23, 2010 6:03 am
Location: CCCP

tzuk

Post by DSAnd » Thu Mar 21, 2013 3:17 am

What causes slow performance applications in new beta versions in differing from the stable version? Can I turn off anonymous access may be a problem with this?
Thanks.

OS: Windows XP SP3

ad18888
Posts: 68
Joined: Sat Jan 19, 2013 1:37 pm

Post by ad18888 » Wed Apr 24, 2013 9:46 am

I have a quick question for tzuk. Does the 64 bit Windows 7 version of Sandboxie 4.01 need the drop rights feature enabled? Does it provide a big security difference? Thank you for any clarification.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Apr 25, 2013 4:13 am

This is discussed in the first page of this topic I think.
tzuk

ad18888
Posts: 68
Joined: Sat Jan 19, 2013 1:37 pm

Post by ad18888 » Thu Apr 25, 2013 8:54 am

Thanks for the reply tzuk.

nicknomo
Posts: 89
Joined: Mon Aug 02, 2010 3:15 am

Post by nicknomo » Fri May 31, 2013 3:23 am

I just got a chance to read this. It sounds like the new implementation in v4 is more secure by impleneting a default deny philosophy.

My concern, and I think part of the problems I've already experienced, is that I'm not always using Sandboxie as a protection against malware, or for security. Some times my goal is to simply virtualize the writes to the file system/registry/etc, while not being concerned about what it does from a security perspective. In other words, to use it as a way to do something without having permanent changes applied to the disk. For instance, my flight simulator often has updates that are half baked. I typically use Sandboxie to update the software and see if that update is worth keeping. If not, I just delete the contents of the Sandbox. I don't really care about being "breached" or about system security in this case. My main concern is really that the software is able to run and function.

The way I see it is that the two different uses seem to have very different ideologies, and sometimes they are opposed to one another... and to be honest, I'm pretty amazed at the level of support you've been able to provide so that the use of Sandboxie can be so flexible... It sounds though like the new implementation might make it harder for the latter of the two uses.

I guess my concern is the that new approach might harm usability in some instances where the extra security is not really wanted.

Have you ever considered implementing a "compatibility mode" option in the Sandbox settings, that is more along the lines of "default allow" rather than "default deny"?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Fri May 31, 2013 6:09 am

Well it's really just the DDE thing that is getting in your way, I think. And I may be able to figure out some way to make it work, at least for some use cases, later on. If not, perhaps I will consider this compatibility mode that you're suggesting here. In any case, it wouldn't be a small change, and right now I want to move towards releasing a stable version v4 so I don't want to make any risky changes.
tzuk

Cruise
Posts: 24
Joined: Mon Oct 08, 2012 1:14 pm

Post by Cruise » Fri May 31, 2013 10:04 am

tzuk,

Any chance you could post the changes/fixes that have been made to each beta build? :idea:

Thanks,
Cruise

nicknomo
Posts: 89
Joined: Mon Aug 02, 2010 3:15 am

Post by nicknomo » Fri May 31, 2013 10:57 pm

tzuk wrote:Well it's really just the DDE thing that is getting in your way, I think. And I may be able to figure out some way to make it work, at least for some use cases, later on. If not, perhaps I will consider this compatibility mode that you're suggesting here. In any case, it wouldn't be a small change, and right now I want to move towards releasing a stable version v4 so I don't want to make any risky changes.
Well, I've had a few other problems too that I posted, but all in all I can't knock your approach. From a security standpoint, I want the restrictions to be heavy. The harder the sandbox is to bypass, the better it is for everyone... Like I said though, some times I don't mind liberal access if it means the program just doesn't write to disk.

I wasn't sure if this was a big change or not, but from your response I guess it is. I know you have a lot on your plate trying to get 4.01 ready for release, and that is definitely where your time should be spent. I was just throwing the idea out there...

Either way, I can't really complain. Sandboxie has to be the most useful security software I've ever used, so I'm definitely happy that you are still actively developing this product.. Thanks for all your work..

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun Jun 02, 2013 6:46 am

Thanks, I appreciate the kind words :)
tzuk

Jake

Post by Jake » Sat Jun 08, 2013 7:42 pm

Hi,

I have to partially agree with nicknomo: Sandboxie is an insanely useful tool in that you can shield your real system (files&registry) by installing updates to apps inside a sandbox and rolling it back at will with absolutely no consequence whatsoever on the real system. Many other tools that are not perfect in this area, in my experience.

You can also install an app in a sandbox and move that sandbox from computer to computer, effectively turning the app into a portable app. It's pretty cool when you are restoring the system regularly; you don't lose the registry keys and C: files that were added in between because they are nicely stored within a sandbox. You don't have to waste disk space imaging incrementally, not to mention that it's a modular approach whereas incremental imaging is linear and so, much less flexible.

Unfortunately not all apps can be successfully installed in a sandbox, but that's still pretty awesome.


So I agree with Nicknomo, these ways to use Sandboxie are half of its awesomeness. However I still DO care about security when using Sandboxie this way, so I'm not too fond of the default allow idea.

But then again I don't understand why it poses a problem with v4...if anyone cares to explain that would be super nice :)

Either way, looking forward to v4 ! Though now I'll be careful and do some research before installing it, see if it supports my use cases. :)

Marc05
Posts: 6
Joined: Tue Jun 18, 2013 4:38 am

Post by Marc05 » Tue Jun 18, 2013 4:49 am

PiwPi wrote:But how does Sandboxie decide what kind of permissions to grant to a program ? (i.e. whitelist or heuristics ?)
What kind of permissions will the default configuration grant ? (i.e. disk operations and everything else that can be allowed or blocked)
Can a malicious program within a sandbox take control of a more trusted program in the same box and abuse of its permissions ?
Could we please get an answer to this? I've had Sandboxie for so long, this new update made me think of finally buying it, but I'd like to know a bit more on how it works.
Jake wrote:Though now I'll be careful and do some research before installing it, see if it supports my use cases. :)
Perhaps you should install it in some sort of *sandboxed* mode to try it out . :lol:

Locked

Who is online

Users browsing this forum: No registered users and 0 guests