Installation of system drivers (non-Sandboxie drivers)

[gwa000]

question concerning installation of programs that install drivers in the System32 area.

i wanted to install/test a program (without polluting my system) and during install it wanted to write some files into the System32 area and SB popped up a message (sorry, don't recall the number as it was a few weeks ago). i ended up cancelling the installation as i was not sure where the drivers would be installed, in a sandboxed area of System32 or the host System32 area.

anybody know if the drivers are put in the host area or a sandboxed area?

i'm hoping that it is a sandboxed area even though it could defeat the isolation of sandboxing by corrupting things if the driver was faulty. this would allow easy cleanup is i do not want to keep the program.

thanks!

[Guest10]

Sandboxed programs are not permitted to install drivers, even in the sandbox area.
For a sandboxed program to use drivers they must already be present on your system, installed outside of the sandbox.

[qwet]

This is just an idea as a novice - some other less developed sandboxes (Like Comodo's - Comodo is a good Firewall but Virtual Kiosk part can not be compared to Sandboxie - or other sandboxes) allow drivers to be installed virtually (sandboxed) then be cleaned. This seems important because lots of software installs drivers.çI am not sure why Sandboxie can not allow this.

In addition to this - may be it will be a useless cosmetics - but why is not there a interface like the aforementioned Comodo "virtual kiosk" like a desktop, start menu icons etc?

ps. Sandboxie is the most advanced sandbox software as it seems, and interface might be some useless. But installing drivers is a must as I said, there are lots of software doing this.

[Peter2150]

Sounds like what you want is some kind of virtual machine. Sandboxie's purpose is to protect the system, and part of that is blocking installation of system components.

Personally I hope Tzuk doesn't implement anything like this.

[qwet]

Yes I see that - But can not Sandboxie install system components sandboxed (I mean the drivers).

There are similar types of less developed but well known sandbox applications that can do it (like the "virual kiosk") - so Sandboxie can easily do this.

Otherwise the driver installer software will use this to their advantage because people can not use them sandboxed and they will put some drivers to their installation that will make the software work so nobody can make them sandboxed.

[Peter2150]

Yes I see that - But can not Sandboxie install system components sandboxed (I mean the drivers).

There are similar types of less developed but well known sandbox applications that can do it (like the "virual kiosk") - so Sandboxie can easily do this.

Otherwise the driver installer software will use this to their advantage because people can not use them sandboxed and they will put some drivers to their installation that will make the software work so nobody can make them sandboxed.

No it can not. I don't see any problem or how driver software can use this to their advantage. You can install software that needs drivers and services, and then run them sandboxed. You are still protected. As I said if you really want to install something using drivers and have the install isolated, you need to look at VM machines. That other "sandbox" software can do it doesn't matter to me. Nothing is comparable to sandboxie for protection. No it isn't the best for full virtualization, as it wasn't intended to be.

Pete

[tzuk]

Sandboxie is designed to virtualize/supervise Windows applications. In the bridge between the application and the Windows kernel, where the application goes to ask Windows to do stuff, that is where Sandboxie sits and supervises. Drivers don't work this way and don't fit in this model.

[qwet]

As Tzuk replied, it is not really possible. Before his response I searched other messages on drivers and someone posted:


~quote


In order to control software Sandboxie situates itself at the deepest level in the OS, known as Ring 0. Drivers are also low level system components. They have equal footing/ power on the system as Sandboxie does, and hence the inability of Sandboxie to really control drivers. That is why they are not allowed to install in the first place.

The advantage of this is that root/bootkits are a problem of the past. They cannot even burrow deep in the system due to this blanket protection policy.

~unquote

People might not prefer to repeat this over and over. But even as a novice I understand - It is better remain this way. Drivers not possible and not secure.

[Peter2150]

The upside to all this is you can be pretty darn sure when you run something Sandboxed, you are safe. I have found this well worth the small price of occasional in convenience.

Pete

[i@mJONNY]

What about if you're using Sandboxes (to virtualise application installations) and the application wants to install a driver for, say, a virtual device?

For this there's the Sandboxie BlockDriver config option (obviously not recommended). The help files details that

Before a driver can be loaded, it must first be installed. Driver installation is not affected by the BlockDrivers setting. To allow driver installation, you should add the following OpenKeyPath setting:

OpenKeyPath=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
And you should additionally open the driver file, using OpenFilePath. This is needed because the driver path that will be set in the registry (in a key created below CurrentControlSet\Services) will typically not point inside the sandbox.

OpenFilePath=c:\program files\MyNewSoftware\SoftwareDriver.sys

Does this mean I create a DWORD/String, OpenFilePath, @ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services ?

Adobe audition wants to install pxhlpa64.sys (corel Corporation "Px Engine driver").

Ideally, I'd like to load this driver when needed, then unload.

How do I manually install a driver? Either sandboxed (if possible!) or not...

Many thanks