[.05] Things that don't work in 4.01
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
User Anonymous
Just received windows update and Sandboxie now showing as user is anonymous. Using Beta 4 on windows 7
Version 4.01.08 should fix the problem with minimizing Firefox as discussed in the last few posts here.
Also, the Recent Documents behavior should be like in version 3.76, I think. Sandboxed Windows Explorer itself will not record Recent Documents, but you can get other sandboxed programs to record files in that recent list, using the settings from your other post:
http://www.sandboxie.com/phpbb/viewtopi ... 3771#83771
Also the Administrator/Drop Rights problem should be fixed in version 4.01.08.
Thanks for the problem reports!
Also, the Recent Documents behavior should be like in version 3.76, I think. Sandboxed Windows Explorer itself will not record Recent Documents, but you can get other sandboxed programs to record files in that recent list, using the settings from your other post:
http://www.sandboxie.com/phpbb/viewtopi ... 3771#83771
Also the Administrator/Drop Rights problem should be fixed in version 4.01.08.
Thanks for the problem reports!
tzuk
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
I was a couple days late checking out this release and it's taken me longer to reply. Anyway, yeah, Recent Documents seems to be working again now! (Of course, regular unsandboxed Explorer logs them after being "signaled" by programs...) That's good, but I disabled my settings again, since as I mentioned in the slowness topic, it's a big performance impact!
Yep, Drop Rights seems to be protecting Administrator-only files/reg. keys again! I'm getting "Access denied," etc. where I'd expect and did with 3.76.
As a reminder: the links from outside the sandbox still don't work, as I referenced in the other topic about opening MHT files.
Firefox is mostly fixed, and seemed good for awhile, but found another scenario where it's not refocusing. Focus: unsandboxed; sandboxed Firefox; and another unsandboxed. Minimize that last unsandboxed window, and then Firefox -- the next unsandboxed window is there, but not focused. (That's what would happen before if any other sandboxed windows were already minimized.)
Yep, Drop Rights seems to be protecting Administrator-only files/reg. keys again! I'm getting "Access denied," etc. where I'd expect and did with 3.76.
As a reminder: the links from outside the sandbox still don't work, as I referenced in the other topic about opening MHT files.
Firefox is mostly fixed, and seemed good for awhile, but found another scenario where it's not refocusing. Focus: unsandboxed; sandboxed Firefox; and another unsandboxed. Minimize that last unsandboxed window, and then Firefox -- the next unsandboxed window is there, but not focused. (That's what would happen before if any other sandboxed windows were already minimized.)
I think the performance impact due to OpenWinClass=* is probably due to every windowing-related API call has to go through SbieSvc (the GuiProxy instance). That is a call over a communication channel across process boudaries, so is considerably slower than a direct GUI call.
Usually a process only has to go through SbieSvc (GuiProxy) for few windows as most of the windowing stuff it does is for objects it created itself, so the performance impact is much smaller.
I don't think there is anything I can do about it, I'm sorry to say.
Usually a process only has to go through SbieSvc (GuiProxy) for few windows as most of the windowing stuff it does is for objects it created itself, so the performance impact is much smaller.
I don't think there is anything I can do about it, I'm sorry to say.
tzuk
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
Sounds like that reply would be better in the performance topic than here. But, quick reply before I have to leave... I'll see if the small remaining focus problem with Firefox and/or opening links from outside the sandbox has changed later.
About what you just said about speed, no, as I detailed in the other topic:
OpenWinClass=* (VERY FAST, like 3.76, I assume since it completely bypasses sandboxing for windowing calls)
OpenWinClass=$:explorer.exe (with or without prefix, IIRC, SLOW; some/every thing (not sure) seems to be slowed down, totally unrelated to Explorer)
OpenWinClass=<prefix>,* (VERY SLOW, which also doesn't make sense... why isn't prefix program(s) bypassing sandboxing code or whatever like global *?)
I don't understand why opening $:explorer.exe is different than $:any_prog.exe? I mean, Explorer is "special," so maybe you're doing something different/weird for/with it... But, like I say, opening $:any_prog.exe doesn't cause "every windowing-related API call ... to go through SbieSvc," at least nowhere close (slowness-wise) to what it's like for $:explorer.exe!
I figured it would hopefully be fixable, since those instances ($:explorer.exe, and * with a prefix) are the only ones that seem to differ from 3.76... But if not, there's no way I can have that slowdown. In that case, I'd just try to intercept the Recent Docs message in the sandbox, send it to a (my) program outside the sandbox, and have it make the call as a proxy (I think, can't remember if that was going to work right last summer or not). Of course I'd rather not!
About what you just said about speed, no, as I detailed in the other topic:
OpenWinClass=* (VERY FAST, like 3.76, I assume since it completely bypasses sandboxing for windowing calls)
OpenWinClass=$:explorer.exe (with or without prefix, IIRC, SLOW; some/every thing (not sure) seems to be slowed down, totally unrelated to Explorer)
OpenWinClass=<prefix>,* (VERY SLOW, which also doesn't make sense... why isn't prefix program(s) bypassing sandboxing code or whatever like global *?)
I don't understand why opening $:explorer.exe is different than $:any_prog.exe? I mean, Explorer is "special," so maybe you're doing something different/weird for/with it... But, like I say, opening $:any_prog.exe doesn't cause "every windowing-related API call ... to go through SbieSvc," at least nowhere close (slowness-wise) to what it's like for $:explorer.exe!
I figured it would hopefully be fixable, since those instances ($:explorer.exe, and * with a prefix) are the only ones that seem to differ from 3.76... But if not, there's no way I can have that slowdown. In that case, I'd just try to intercept the Recent Docs message in the sandbox, send it to a (my) program outside the sandbox, and have it make the call as a proxy (I think, can't remember if that was going to work right last summer or not). Of course I'd rather not!
You're using caps to say VERY SLOW and VERY FAST which makes me think the performance difference would be obvious.
But I'm trying all these OpenWinClass combinations in Windows XP and I can't discern any difference in performance.
Any ideas for a performance test that I can use to see a difference?
But I'm trying all these OpenWinClass combinations in Windows XP and I can't discern any difference in performance.
Any ideas for a performance test that I can use to see a difference?
tzuk
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
I just finally got to installing .11 shortly before your reply and happened to check again if launch times had changed at all -- not really. The numbers I saw weren't quite as bad as I measured with .05 (but I checked it again, and .05 also better now). I've only done a few Windows updates and updated the NVIDIA driver since then, so I think the difference might be that I had more windows and stuff open back then...? I didn't notice a difference just now opening several UNsandboxed browsers, but opening just 8 more sandboxed IE 6 processes/windows then creates a big (disproportionate) launch slowdown... (and just a small amount with the fastest global Open=*).
Anyway, just some info and not important for what I was going to reply to your post/question... I just got the latest numbers off the clean laptop XP install again with .11 after seeing your post. On both systems I had something running in the sandbox first (IE or OE; but Notepad or anything) to remove the extra sandbox startup overhead. Like I said previously, I'm measuring with AppTimer -- forced IE 6; Cmd Line and Window Name in AppTimer: about:blank
I can easily feel like a 0.2s delay, so launch times of even 0.5 with Open=* in 4.01 (<= 0.4 in 3.76) is about the maximum I'd like to see, since UNsandboxed is < 0.2.
On the laptop, default sandbox with forced IE:
0.66 - Default settings
0.8 - Open=$:explorer.exe
1.23 - Open=iexplore.exe,*
0.59 - Open=*
On main system, usual sandbox:
0.65 - Just some regular OpenWinClass that are unrelated
0.95 - Open=$:explorer.exe
2.33 - Open=iexplore.exe,*
0.5 - Open=*
Anyway, just some info and not important for what I was going to reply to your post/question... I just got the latest numbers off the clean laptop XP install again with .11 after seeing your post. On both systems I had something running in the sandbox first (IE or OE; but Notepad or anything) to remove the extra sandbox startup overhead. Like I said previously, I'm measuring with AppTimer -- forced IE 6; Cmd Line and Window Name in AppTimer: about:blank
I can easily feel like a 0.2s delay, so launch times of even 0.5 with Open=* in 4.01 (<= 0.4 in 3.76) is about the maximum I'd like to see, since UNsandboxed is < 0.2.
On the laptop, default sandbox with forced IE:
0.66 - Default settings
0.8 - Open=$:explorer.exe
1.23 - Open=iexplore.exe,*
0.59 - Open=*
On main system, usual sandbox:
0.65 - Just some regular OpenWinClass that are unrelated
0.95 - Open=$:explorer.exe
2.33 - Open=iexplore.exe,*
0.5 - Open=*
BTW, no, these still remain. Is the external links problem DDE-related like opening MHT files?DR_LaRRY_PEpPeR wrote:I'll see if the small remaining focus problem with Firefox and/or opening links from outside the sandbox has changed later.
Nice utility.
For me OpenWinClass=* and OpenWinClass=iexplore.exe,* both behave in a consistent fashion
and take twice as long the case without any OpenWinClass settings.
I.e. roughly ~1.0 with OpenWinClass compared to 0.5 without.
This is what I expected and what makes sense to me, and that was the basis for what I wrote earlier,
that every windowing-related API call has to go through SbieSvc (the GuiProxy instance).
Can you double check your results with OpenWinClass=* ?
For me OpenWinClass=* and OpenWinClass=iexplore.exe,* both behave in a consistent fashion
and take twice as long the case without any OpenWinClass settings.
I.e. roughly ~1.0 with OpenWinClass compared to 0.5 without.
This is what I expected and what makes sense to me, and that was the basis for what I wrote earlier,
that every windowing-related API call has to go through SbieSvc (the GuiProxy instance).
Can you double check your results with OpenWinClass=* ?
tzuk
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
Yeah, AppTimer is neat, although sometimes it acts weird/inconsistent for me (timing). Especially if it tries to do multiple runs or close windows -- I just use single runs, multiple times.
Not really anything to double check, since I've been getting generally the same consistent results since I've been testing -- especially since I discovered that simply removing Open=<group or not>,$:explorer.exe speeds things up nearly to the point of global Open=*
Your results are interesting in that a global Open=* slows things down compared to defaults! *shrug* That's the opposite of what I'd expect. I expected that Open=* would be a bit faster (as it is slightly in 3.76 also, otherwise no differences), as a result of completely skipping any windowing sandboxing (presumably). So my 2 extremes speed-wise behave the same for you... What about comparing with 3.76?
I'm starting to wonder about checking the Win 7 system again (or others in VirtualBox) to see how things are there (never used AppTimer before).
Not really anything to double check, since I've been getting generally the same consistent results since I've been testing -- especially since I discovered that simply removing Open=<group or not>,$:explorer.exe speeds things up nearly to the point of global Open=*
Your results are interesting in that a global Open=* slows things down compared to defaults! *shrug* That's the opposite of what I'd expect. I expected that Open=* would be a bit faster (as it is slightly in 3.76 also, otherwise no differences), as a result of completely skipping any windowing sandboxing (presumably). So my 2 extremes speed-wise behave the same for you... What about comparing with 3.76?
I'm starting to wonder about checking the Win 7 system again (or others in VirtualBox) to see how things are there (never used AppTimer before).
Well... You expect wrong.DR_LaRRY_PEpPeR wrote:Your results are interesting in that a global Open=* slows things down compared to defaults! *shrug* That's the opposite of what I'd expect. I expected that Open=* would be a bit faster (as it is slightly in 3.76 also, otherwise no differences), as a result of completely skipping any windowing sandboxing (presumably). So my 2 extremes speed-wise behave the same for you...
In version 3, windowing objects inside and outside the sandbox live in the same space, so what OpenWinClass=* does is inhibit the filtering checks, and thus increases performance a bit.
In version 4, windowing objects inside the sandbox live in a separate space, and the process only has access to that space. Any request to windowing object outside the sandbox has to go through the SbieSvc middle man. And OpenWinClass=* means everything has to go through the SbieSvc middle man.
Having said that I should also say that I am fairly satisfied with this aspect of Sandboxie and probably will not spend time trying to optimize stuff further before the official release. I want to go to release relatively soon and all changes involve risks that I am not sure I want to take just now.
tzuk
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
OK, regardless, it would seem logical that in any case (3 or 4's method), additional checks of SOME sort would be skipped with global Open=* (and possibly likewise with a program prefix), right? No need to check anything if letting everything through -- whether that's through a middle man or not. So would you (not) agree that something is strange when your Open=* slows stuff down? Why, what additional stuff is happening then when, if anything, less should happen?
But really, except for the small amount of windowing stuff that tries to go outside the sandbox, there shouldn't be much, if any, difference, with OpenWinClass settings, right? Like I said in the other topic, I feel some slowness on stuff that should only be within the sandboxed program -- Save As dialog appearing in programs, New Message window in OE (or OE toolbar redrawing - visible evidence) are places where it's discernible that, for me, Open=* is faster than "defaults." (And even with fastest-for-me Open=*, it's not quite as fast-feeling as 3.76 -- fine, understandable, and Open=* is good enough for me -- I'm just saying that the tiniest amount of difference I notice. )
Yeah, again I understand about releasing (final, cool ) and risk of changes! Hopefully you agree that these results (yours and mine) don't make sense and can investigate more in betas for the next releases, etc...
Hmm, to get an identical setup, maybe we can try VirtualBox XP installs?? I haven't installed XP that way to see how Sandboxie behaves, but I wonder if things would work the same with "identical VirtualBoxes?"
But really, except for the small amount of windowing stuff that tries to go outside the sandbox, there shouldn't be much, if any, difference, with OpenWinClass settings, right? Like I said in the other topic, I feel some slowness on stuff that should only be within the sandboxed program -- Save As dialog appearing in programs, New Message window in OE (or OE toolbar redrawing - visible evidence) are places where it's discernible that, for me, Open=* is faster than "defaults." (And even with fastest-for-me Open=*, it's not quite as fast-feeling as 3.76 -- fine, understandable, and Open=* is good enough for me -- I'm just saying that the tiniest amount of difference I notice. )
Yeah, again I understand about releasing (final, cool ) and risk of changes! Hopefully you agree that these results (yours and mine) don't make sense and can investigate more in betas for the next releases, etc...
Hmm, to get an identical setup, maybe we can try VirtualBox XP installs?? I haven't installed XP that way to see how Sandboxie behaves, but I wonder if things would work the same with "identical VirtualBoxes?"
It's not the check, it's the going through SbieSvc.
Now, of course having OpenWinClass=* doesn't change the way the program behaves,
it doesn't suddenly make it access more windowing objects outside the sandbox...
But the check for a match against OpenWinClass is always the first thing that happens,
and a match means going through SbieSvc. So effectively, everything goes through SbieSvc.
This way of doing things in not set in stone of course, but like I said, I wouldn't want
to touch that right now.
Now, of course having OpenWinClass=* doesn't change the way the program behaves,
it doesn't suddenly make it access more windowing objects outside the sandbox...
But the check for a match against OpenWinClass is always the first thing that happens,
and a match means going through SbieSvc. So effectively, everything goes through SbieSvc.
This way of doing things in not set in stone of course, but like I said, I wouldn't want
to touch that right now.
tzuk
Who is online
Users browsing this forum: No registered users and 1 guest