Hi,
It would be cool if SBIE was able to auto-sandbox all executables (and other files) except for the ones in C:\Windows and C:\Program Files, unless you use the "forced folders/programs" feature, of course.
This would mean that people/noob-users can download apps and other files to any location on the real system, without the risk of infection. There should also be a "Run unsandboxed" entry in the context-menu when people really need to install trusted apps. Should be easy to implement, what do you guys think?
Sandboxie needs an "Auto-Sandbox" feature
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
Re: Sandboxie needs an "Auto-Sandbox" feature
Call me silly [yet again] but I rather like the idea of this being a feature which people can 'enable' if desired.
The logic behind this request might initially seem to be antithesis of Sandboxie yet at the same time - having a hard-coded option to force everything except (this directory or that outside of required areas) on the OS/SYSTEM drive simplifies protection of the most exposed area(s) and instead EVERYTHING other than the System (Windows OS) areas can be forced unless we add an exclusion. Would it be viable for the every day user? Likely not...
That being said I'd also not vote for "Program Files" directories being included in such an initial hardcoded exclusion without [an extra selection] for this area but so long as extra exclusions within here were also respected I suppose that wouldn't be a deal-breaker either way.
This actually makes a lot of sense to me. Maybe it's just because I'm one of those people tasked with protecting users (eg employees or maybe even children), who won't normally be reporting the creation of a 'new directory' in a location that doesn't already fall within a forced folder to the person responsible for the system (namely me, and yes I know NTFS perms and policies can help here but ffs embedding an option like this in SBIE would make things so much easier).
Adding such an option would also require allowing for the checking of excluded [sub]folders (which would need to be able to be set by the user/admin) which in turn causes what might seem to be a simple 'addition/request' into a highly extensive rewrite wrought with potential holes that would require extensive thought and testing.
So, in short, I like the idea yet I understand why no one on your end would want to be responsible for trying to add it in while also retaining compatibility with the current schemes and keeping the security at the same level with such a change...
The logic behind this request might initially seem to be antithesis of Sandboxie yet at the same time - having a hard-coded option to force everything except (this directory or that outside of required areas) on the OS/SYSTEM drive simplifies protection of the most exposed area(s) and instead EVERYTHING other than the System (Windows OS) areas can be forced unless we add an exclusion. Would it be viable for the every day user? Likely not...
That being said I'd also not vote for "Program Files" directories being included in such an initial hardcoded exclusion without [an extra selection] for this area but so long as extra exclusions within here were also respected I suppose that wouldn't be a deal-breaker either way.
This actually makes a lot of sense to me. Maybe it's just because I'm one of those people tasked with protecting users (eg employees or maybe even children), who won't normally be reporting the creation of a 'new directory' in a location that doesn't already fall within a forced folder to the person responsible for the system (namely me, and yes I know NTFS perms and policies can help here but ffs embedding an option like this in SBIE would make things so much easier).
Adding such an option would also require allowing for the checking of excluded [sub]folders (which would need to be able to be set by the user/admin) which in turn causes what might seem to be a simple 'addition/request' into a highly extensive rewrite wrought with potential holes that would require extensive thought and testing.
So, in short, I like the idea yet I understand why no one on your end would want to be responsible for trying to add it in while also retaining compatibility with the current schemes and keeping the security at the same level with such a change...
Goo.gl/p8qFCf
Re: Sandboxie needs an "Auto-Sandbox" feature
As an optional feature, it sounds exciting.
If I understand it right, it would turn SBIE into a default/deny solution, for all intents and purposes, by utilizing core components of SBIE that already exist. Could be a strong selling point.
If I understand it right, it would turn SBIE into a default/deny solution, for all intents and purposes, by utilizing core components of SBIE that already exist. Could be a strong selling point.
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
Re: Sandboxie needs an "Auto-Sandbox" feature
Guys, totally forgot about this thread, but thanks for the support. I wonder why nobody from the support and developer team responded?
And yes, this would be an extra option, that you can enable and disable with one click. It would be cool for noob-users on a locked down system that might be tricked into downloading malware. But it would also be cool for a user like me, who almost always first install software sandboxed, before running them on the real system. So I would like to hear from the developers!
Who is online
Users browsing this forum: No registered users and 1 guest