Support

[btm]

This is a good place to start to learn about Windows messages https://msdn.microsoft.com/en-us/librar ... S.85).aspx. The WM messages are the most important.

Of course, applications can define their own messages which most likely are not documented anywhere.

Like buster I always wondered what the implications could be but my searches never turned up much aside from programmers facing issues that didn't seem related. The shatter attack page might help as well but I haven't glanced over it yet. The ms link will take some time for me to sort through since I'm no programmer and quite a bit of it is greek to me. Either way thanks for sharing the links, at least I have a place to start finally!

[Curt@invincea]

It is ironic to suggest to use a feature only with trusted programs in a software which has as slogan "Trust No Program".

It is ironic that, when I answered the question that, according to you, got you banned by Ronen, who you claim was far better at support than Invincea, your response is to mock the slogan that Ronen came up with.

[Buster]

It is ironic to suggest to use a feature only with trusted programs in a software which has as slogan "Trust No Program".

It is ironic that, when I answered the question that, according to you, got you banned by Ronen, who you claim was far better at support than Invincea, your response is to mock the slogan that Ronen came up with.

Ok, I will do exactly what Ronen did. Consider the last quote from me as well.

Glad to see you changed your mind about that!

When is Norm back from conference?

[Bellzemos]

Thank you for shining some light on the matter, I finnaly understand the risk now, at least to a certain degree. I don't really want to use the * solution since it's not too safe. The only reason why I'm using OpenWinClass=* is this:
http://forums.sandboxie.com/phpBB3/view ... 11&t=20859

Do you know what the OpenWinClass=# would do in terms of lessening Sandboxie's security compared to OpenWinClass=*? I'll try with the # instead of * when I get the tablet back in my hands again and see if it works.

Can you think of any other workaround to make Sandboxie work properly on a 32-bit Windows 8.1 tablet computer? I'd like to have as much security when browsing the web with a sandboxed Firefox as I have on my regular laptop (working without a problem, 64-bit Windows 7).

Thank you for the help!

I finally got the tablet back and tried disabling the OpenWinClass=* and enabling the OpenWinClass=# feature and I got errors again when starting up Firefox and Firefox didn't work. So I switched back to OpenWinClass=*. Is there any other (safer) workaround for using Sandboxie on a tablet PC?

Thank you!

[Curt@invincea]

I finally got the tablet back and tried disabling the OpenWinClass=* and enabling the OpenWinClass=# feature and I got errors again when starting up Firefox and Firefox didn't work. So I switched back to OpenWinClass=*. Is there any other (safer) workaround for using Sandboxie on a tablet PC?

Thank you!

You can run the resource access monitor and take note of which window classes are being blocked. That might tell you which classes you need to open.

[Bellzemos]

I don't really know how to do that. How do I start?

[deugniet]

I don't really know how to do that. How do I start?

See Using the monitor: http://www.sandboxie.com/index.php?Reso ... essMonitor

[rpljhun]

Bellzemos, using OpenWinClass=* in Windows XP is risky. For Windows Vista and above, the UIPI, UAC and the Untrusted Integrity Level(Lowest Level) of sandboxed application should prevent shatter attacks but that depends on how sandboxie handle application with manifest entry UIAccess="true" and passed UIPI requirements. If sandboxie removed this entry then shatter and shatter like attacks will be prevented while using OpenWinClass=*. Although without it being removed the risk is very low because malware will unlikely pass the requirements but still possible.

[Bellzemos]

Thank you very much for the explanation. I always disable the UAC and run Windows in admin mode. But I use the drop rights feature in the sandbox so that deals with that. Would a Windows 8.1 tablet with "OpenWinClass=*" still be relatively safe by having UAC disabled then? I don't have my tablet at hand at the moment, to run the Resource Access Monitor and am also too busy at the moment but I really think that a safer solution should be presented, to enable usage of Sandboxie on Windows tablets.

[rpljhun]

I did a second look on this and I realized that it will not pass one of UIPI requirements which is the application should be in Program Files directory/sub-directories or Windows directory/sub-directories. At first, I thought it will when an application is installed in a sandboxed in C:\Program Files directory. The application running in the sandboxed can see that it was running in this location but I forgot that the Windows is seeing differently, it sees the real location which cause it to fail in UIPI requirements.

Disabling UAC is not recommended, it's another layer of defense.

[Bellzemos]

So that would mean that it's still pretty secure, regarding the UIPI, even with the "OpenWinClass=*" enabled?

I know what you mean about the UAC but I've made this decision 5 years ago, I can't stand UAC and I have never ever had any problems so I'm sticking with it disabled.

[rpljhun]

So that would mean that it's still pretty secure, regarding the UIPI, even with the "OpenWinClass=*" enabled?

Yes for Windows Vista and above.

[Bellzemos]

Thank you. I've enabled the * on a Windows 8.1 tablet so I guess I'm still safe and secure then.

Curt, what do you think about this, do you agree?

[rpljhun]

Bellzemos, quoting tzuk post.

The process in the sandbox is still running at untrusted integrity level even when OpenWinClass=* so the UAC/UIPI mechanism prevents it from accessing window objects that have a higher integrity level. And most window objects outside the sandbox should have at least medium integrity level.

This means that on systems where UAC is enabled, OpenWinClass=* doesn't really mean the process in the sandbox has more access to window objects. However it can "see" and "read" window objects outside the sandbox directly without going through SbieSvc. Whereas without OpenWinClass=*, it cannot see or read window objects outside the sandbox directly, and has to go through the SbieSvc helper process.

If UAC is disabled, and on Windows XP, integrity levels don't come into play for window objects, and OpenWinClass=* does give the process in the sandbox full access to window objects outside the sandbox.

[Bellzemos]

Thank you for the quote, I don't believe I've read it before. It really clarifies my question. So having the Drop Rights feature enabled in the sandbox with the "OpenWinClass=*" is not enogh then, right? I should re-enable the UAC on the tablet computer then? Again, thank you.