Advanced Desktop Application Sandboxing via AppContainer

  • Thread starter Thread starter hjlbx
  • Start date Start date
SHvFl said:
Doesn't experimental feature of Chrome has that? Pretty sure it's the same thing. Issue is when you enable it no hooking of any program like an antivirus is possible.
Chrome & AppContainer Tweak
Click to expand...

To be honest I am not sure.

There is AppContainer and then also Windows Integrity Mechanism.

I do not know if Windows Integrity Mechanism can be used to apply restriction to app executed within AppContainer.
 
Chrome's sandbox and Windows' sandbox use similar approach;. they profit from the Windows' Integrity mechanism created since Windows Vista. Chrome does it only for webpages and plugins.

AppContainer is another level of integrity introduced in Win8.

Each process has given a Token (containing its informations , integrity level, privileges)

AppContainer differs lightly with those integrity levels in the way that it implements the "Lowbox" token, which assign "capabilities" to the app ; capabilities are areas (internet access, picture/music/etc.. libraries, webcam, microphone, removable storage, etc...) the app may access or not (decided by its dev).

In Win8-10 , a broker check the original token of the process, and if possible, transform it to the Lowbox token.
 
Last edited by a moderator:
  • Like
Reactions: hjlbx
AppContainer is one of the subsidiary component for Sandbox and literally they act same to each other; however they operate in such different angle and not so much observe by users much.

Hence it reduce the possible vulnerability risks from the long run.
 
You must log in or register to reply here.

You may also like...