Ideas for enhancements to the software
-
TNT
Post
by TNT » Thu Apr 10, 2008 1:38 pm
Well, is it possible?
I currently use Sandboxie to capture malware in the wild and it would probably extremely useful (maybe as an option) to hide the existence of Sandboxie's processes, files and registry keys to anything that is running sandboxed. As of today, not much malware detects it (but some apparently do), but in theory any sandboxed process can easily check whether Sandboxie is currently running and terminate itself if it finds it (much like many do with VMWare).
-
wraithdu
- Posts: 1410
- Joined: Fri Jun 29, 2007 2:54 pm
Post
by wraithdu » Thu Apr 10, 2008 3:11 pm
It's been asked before, and no it cannot be done.
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Thu Apr 10, 2008 3:56 pm
wraithdu is right -- can't be done -- not reliably anyway.
tzuk
-
emider
- Posts: 105
- Joined: Fri Sep 21, 2007 6:43 am
Post
by emider » Fri Apr 11, 2008 8:28 am
When we are here i would like to mention that the game Audiosurf may be using some of these techniques to discover that is sandboxed. All of my games run successfully sandboxed except this one. I've tried moving out of the box and running sandboxed but no sucess. Anyone can check this with the demo.
http://www.audio-surf.com
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Fri Apr 11, 2008 2:49 pm
Emider you're jumping to conclusions.
tzuk
-
emider
- Posts: 105
- Joined: Fri Sep 21, 2007 6:43 am
Post
by emider » Mon Apr 14, 2008 8:13 am
tzuk wrote:Emider you're jumping to conclusions.
I said it
may be using. And if it's using then that technique is not a direct one. The program is trying o access something that it's blocked or something like that. When i am here, i forgot to run trace and see if something is really blocked and the game detects that. I'll report.
Who is online
Users browsing this forum: No registered users and 1 guest
