Page 1 of 1
My Documents Protection
Posted: Sat Aug 19, 2006 10:15 am
by TerryWood
As I understand it If you are running Sandboxed there is still nothing to stop access to Personal files. If this is correct why not include a protection feature to stop remote access to My Documents.
Currently I am using True Crypt to stop access, but its time consuming mounting and demounting and apart from backing up.
Just a thought?
Terry
Posted: Mon Aug 21, 2006 10:45 am
by mizzmona
My Documents Protection
Posted: Mon Aug 21, 2006 4:03 pm
by TerryWood
Many thanks for the post referral. I just want to be absolutely sure I am on the same wavelength.
If I go on the web, say to "Shields Up" site or any other security test site that shows vulnerability of files. I want to be sure that My Documents is not hackable. So:
If I use: ClosedFilePath=C:\Documents & Settings\User Name\My Documents
I will be protected from ANY PRYING EYES to the contents of My Documents? In addition if I have three browsers then the additional code is
ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%
If this is correct where do I insert this code in the Sandboxie .ini file
Thanks for your help
To everyone
Terry
Posted: Tue Aug 22, 2006 3:37 pm
by tzuk
ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%
If this is correct where do I insert this code in the Sandboxie .ini file
It's not correct. The example copied from the other post deals with
Favorites and you want protection on
My Documents. Different folders -- so you need different configuration.
But effecting this protection means that PRYING EYES
but also you cannot open documents from or save them into the
My Documents folder or anywhere below it, when running Internet Explorer sandboxed.
Are you sure that's what you want?
Posted: Sun Sep 10, 2006 7:05 pm
by Guest
tzuk wrote:ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%
If this is correct where do I insert this code in the Sandboxie .ini file
It's not correct. The example copied from the other post deals with
Favorites and you want protection on
My Documents. Different folders -- so you need different configuration.
He wrote
"If I use: ClosedFilePath=C:\Documents & Settings\User Name\My Documents
I will be protected from ANY PRYING EYES to the contents of My Documents?"
Posted: Mon Sep 11, 2006 4:22 pm
by tzuk
Right, sorry, I missed that. In this case the answer is yes. Just one tiny note though: It's probably better to say ClosedFilePath=%Personal%
My Documents Protection
Posted: Fri Oct 06, 2006 7:07 pm
by TerryWood
I have tried out the ClosedFilePath=%Personal% method of protecting My Documents as suggested by tzuk (for which I thank him). In Opera, IE6 and Firefox, My Documents is inaccessible IF ATTEMPTS TO OPEN MY DOCUMENTS ARE MADE THROUGH THE BROWSER INTERFACE ie File Open.
HOWEVER, IT IS POSSIBLE TO OPEN MY DOCUMENTS and all files through Windows Explorer, even when the browser is open and sandboxed with the ClosedFilePath command operational.
I now have number of questions:
1) Is it intended that one can open My Documents via Windows Explorer (When the ClosedFilePath command is operational)?
2) Given 1) above, does being able to open My Documents via Windows Explorer expose a security risk ie "Prying Eyes" when the browser is open and Sandboxed with the ClosedFilePath command operational. Or does the OpenFilePath command block any attempt look into My Documents when on line, Even if My Documents is opened via Windows Explorer?
3) Assuming the answers to the above represent a secure My Documents is it possible that you can incorporate a simple switch for this feature in a future version?
Thanks
Terry
Posted: Fri Oct 06, 2006 8:17 pm
by SBIE User
Terry,
As I understand it, the ClosedFilePath= setting only blocks programs that are running in the sandbox from accessing the specified documents directory. So, using that setting in Sandboxie's config file should (nothing is every certain) protect that documents directory from unauthorized prying eyes that might access your computer via the browsers or email programs you are running in sandboxed mode, but that will not protect you from other means of getting access to your documents directory.
There is a new free Microsoft program that will allow you to password protect any directory under Windows XP. That would protect your documents directory unless a keylogger or some other device were used to get your password. (I didn't download it or save the link, because I don't normally associate Microsoft with security or privacy!)
I can't remember where I saw that program, but if you're interested I'll see if I can find the link again.
SBIE (Happy) User
Posted: Fri Oct 06, 2006 8:21 pm
by SBIE User
Terry,
Oops! I found the link, and it is not a Microsoft product after all.
You can view the free directory locking program at
http://www.fspro.net/folder-lock-box/ .
I'm not sure this would be any less trouble than TrueCrypt, and that is heavily tested and well-respected security program. I'd probably stick with TrueCrypt myself.
Anyway, let us know what you do and if you find a solution to this.
SBIE (Happy) User
Posted: Fri Oct 06, 2006 8:29 pm
by SBIE User
Terry,
Oops! I was wrong again! There [b}IS[/b] a new free Microsoft Program ("Microsoft Private Folder") that password-protects folders.
You can see the reviews and links at
http://fileforum.betanews.com/detail/Mi ... 52200243/1 .
Some of the reviews are not very encouraging.
SBIE (Happy) User'
Protecting My Documents
Posted: Fri Oct 06, 2006 10:31 pm
by TerryWood
SBIE User
I knew you would respond thanks.
I was surprised at your reply because tzuk gave the impression that the CloseFilePath command would protect you from unauthorised prying eyes.
Nonetheless, I have installed the Folder Lock and its quite straightforward. Its simpler than Truecrypt to operate although I am sure not as belt and braces.
I had some problems with TrueCrypt, corruption ocurred along the line and some applications wanted to use the virtual drive letter TrueCrypt was set up for. Thats the reason I removed it. t Folder Lock ogether with ClosedFilePath command should keep prying eyes away.
Anyway many many thanks for you help.
Terry
My Documents Protection
Posted: Fri Oct 06, 2006 10:44 pm
by TerryWood
To SBIE Happy User
ps I forgot to say you can't lock My Documents with Folder Lock it would not accept it. It has to be a sub folder it appears.
I come back to what I said earlier. What about a Sandboxie built in protected folder security feature for a future wish list. The Idea surely is not incompatible with the concept of Sandboxie. If I recall GesWall has a protected folder.?
Regards
Terry
Posted: Sat Oct 07, 2006 6:44 am
by tzuk
What about a Sandboxie built in protected folder security feature for a future wish list. The Idea surely is not incompatible with the concept of Sandboxie.
If you're asking to lock a folder so that sandboxed programs can't get to it: I think ClosedFilePath should do the trick.
If you're asking to lock a folder from any program, sandboxed or not: That IS incompatible with Sandboxie. One of the principles of Sandboxie is that it shouldn't interfere with non-sandboxed programs.
But if you make it a point to run all untrusted programs in a sandboxed, then ClosedFilePath should be enough protection, no?
Posted: Sat Oct 07, 2006 7:20 am
by SBIE User
tzuk wrote:One of the principles of Sandboxie is that it shouldn't interfere with non-sandboxed programs.
But if you make it a point to run all untrusted programs in a sandboxed, then ClosedFilePath should be enough protection, no?
Tzuk and Terry,
I think the basic concept of controlling selected (perhaps highly dangerous or vulnerable) programs by choice by limiting their access to the system via SandboxIE but allowing non-sandboxed programs to operate normally. For general threats, solutions such as password-protected folders or TrueCrypt-type encrypted volumes or individually encrypted files make sense to me.
In fact, I don't think Sandboxie is capable of sandboxing Windows Explorer, because it is an integral part of the operating system -- so it would not be possible to truly lock down all disk access with Sandboxie.
Also, I would note that locking folders with passwords or encrypting volumes only protect those folders while they are locked or encrypted. For example, after you open a TrueCrypt volume its contents are just as available as those of any other regular directory. Those contents can be protected somewhat by limiting access from programs running in a sandbox, but not from non-sandboxed programs.
My general position is that I don't think SandboxIE can or should be an all-encompassing solution. If Tzuk tries to make it do everything, it will become bloated and probably buggy. I'd rather use an ala carte approach to privacy and security, in which SandboxIE fills the needs it currently serves -- that is to limit and cordon off access to a system from programs running in a sandbox. For other privacy and security needs, I use other solutions (e.g., firewall, anti-virus, anti-spyware (with keylogger protection), script blocking, etc. For ultimate security I ghost my machines every night, so I can always get back to the previous day's system if some security problem does occur. Of course, that does not protect my privacy, but I keep all sensitive data encrypted before ghosting my system.
SBIE (Happy) User
Create New Sandboxie Crypted
Posted: Sun Nov 24, 2013 6:52 am
by nezic
I was going to suggest this as a future request, but I do not have the rights.
e.g. Each file will be stored encrypted and unusable if is not opened by Sandboxie.
If the file live the box (crash box) will be unrecognizable to Operating Systems, because it will be encrypted.
If the file begins to spread through LAN connection, copy it self to other devices, it will be unrecognizable to receiver due encryption.
Even someone spoofing your traffic, he will got encrypted contents.
cons: slow traffic, more resources...