I rarely feel the need for sandboxie but the times I do, I feel that I'd be better served by a full VM. Got burned once because I misjudged risk level and the thing I ran within sandboxie managed to grab my browser's saved passwords.
Sandboxie (by default), does not restrict access to existing files in your user directory (or anywhere else).
It stops malware etc. From persisting because it catches writes. Basically it kind of mounts an overlayfs over your drive.
You can configure this differently, and iirc the paid donation version has an option to make your user directory private.
I agree that this probably isn't the best default, but that likeöy was a case of not rtfm'ing, andlnot misjudging the risk level. I was confused by this at first too.
I like the Sandbox app / feature built into Win10/11 (very fast to boot). I wish it'd allow saving snapshots and being automated. I want to set one up with a full dev environment for example.
Full HyperV VMs are significantly slower to boot and run.
snapshots would be nice. it is actually a container of sorts underneath, with RDP support, so they could do it if they desired. (they don't, it seems, unfortunately.)
Windows containers gaining RDP is probably the bigger wishlist item, for me. Windows containers with a GUI would make some things extremely trivial and other things much easier.
I documented how to set up RDS in containers back in 2018 [1] then Microsoft swooped in and killed it. They are weirdly sensitive when it comes to terminal services. Could perhaps be licensing/financially motivated. I get emails almost weekly to this day asking for updates. Wish I had one.
VirtualBox keeps teasing proper Hyper-V support "any release now", but given how many releases have teased that and also Oracle's lack of incentive to actually make it happen (because they want you to buy their servers) who knows if/when it will ever happen. Ball is definitely in Oracle's court, though.
Yeah, the earlier versions of SandBoxie used SSDT hooks and offered much better protection. You can completely bypass some SandBoxie protections today with a direct interrupt 0x2e or SYSENTER call. SandBoxie offers very little protection.
You probably want a VM on separate physical hardware on a separate network connection, to avoid it burrowing into the hardware and avoid it burrowing into your network.
Yeah I will usually just spin up something on a public cloud, if I am running an executable of questionable safety.
A lot of people were using sandboxie for less than noble purposes, like multi boxing in matchmaking games in low population regions, so they’d end up matching all their clients w/ each other.
I'd have to agree. Windows Sandbox is built into the OS and is a much better option - it takes your existing Windows install and within literal seconds, creates and starts a clean VM whose contents will be burned on close. It's an insane technical achievement and it doesn't get enough kudos imho
That's the reason why I hate it. I want my sandbox to persist.
Use case: Filling once in a year tax forms with turbo tax that i can't seem to file in a single sitting
Don't use browser password saving. I presume a third party app like bitwarden would have been better. though if the browser auto syncs and installs the extension your risk is a little higher.
I was already almost entirely migrated to keepassxc but had kept using the browser feature out of habit. Quickly disabled that and had a really fun few days changing absolutely everything's password.
Oh? I always assumed the Firefox feature would be fine with a master password and 2fa set up , but is a third party manager really a substantial upgrade security wise?
edit: 2020. Awesome. I remember having to rely on reverse engineering to understand wtf it was doing. Now I can check!
When I was younger I wanted to start a company around automatic sandboxing very similar to Sandboxie, but dealing with Windows Kernel Drivers was miserable. Having something open source to derive inspiration and design from would have been so helpful.
We are working on traditional Windows apps, with an installer (NSIS or Qt) and Sandboxie is a great way to test it.
During development, we can't trust that the installer won't leave a ton of crap that will break future installs, and running it under Sandboxie is a simple and effective way of starting with a clean slate every time.
Also, by inspecting the content of the sandbox, it is also possible to see what the installer has done exactly and identify what wasn't properly removed during the uninstall so that it can be fixed.
Sandboxie is pretty great. This is how I've managed to multibox Elite: Dangerous ever since Frontier changed how they issue game keys in 2019. I can have multiple versions of Steam and multiple versions of the game running side by side. The only thing that can get a little wonky is the Steam Controller, with both the desktop and game-specific bindings getting activated simultaneously in some cases.
I would never use it for security-sensitive process isolation, like malware analysis. It's safer to use a dedicated computer or virtual machine for that sort of thing. But for gaming? chef's kiss
Used it way back in my Windows 7 days, it was a great solution to keep system directories clean from all clutter that installed programs add and fail to remove during uninstall.
I remember this from my Windows XP days (spent another two years on Win 7, before switching to and being happier with Linux). No interest beyond nostalgia but indeed here I am reading at least the comment thread :). Gotta agree that I'd also not use it for anything serious, like it's perhaps useful as hardening for your browser because no regular exploit will expect it, but that's about it. I was already weary of it with my limited security knowledge back in the teen days, and reading of someone whose browser password was stolen, I'm happy that I didn't trust the claims that I seem to remember it making back then. It's a bit similar to containers I guess: probably even safer but even as a security person I don't trust myself to configure those malware-proof.
