- Dec 29, 2014
- 1,711
Thanks to the questions of smhu26 for inspiring me to look into the 360 sandbox more deeply. This trick from Qihoo as it appears to me is clever, but I would like to get some confirmation that it works for someone else too, maybe on MSO 2010 or 2013. I decided to go into detail here, in case any are new to sandboxing and have questions about how it works. Nonetheless, it does appear to me that there is some specific support for MSO in the 360 sandbox. Maybe this works with other document programs, although I do not know.
First, some background on this issue of 360 sandbox and MS Office. When I run an MS Office app, say, OneNote from the 2007 suite that I have and use, there are some challenges to do with files that occur to me could be possible for the security writers. "Where should the file be placed?" and so on. If I recall from previous trials of the 360 sandbox, there may have been some previous issues with the sandbox and MSO in this way, e.g. MS Office 2007 could not access the sandbox to open a file if the file had been created or edited and saved inside the MSO app running in the sandbox.
So, at any rate, here is the story. Today, I saved a OneNote notebook into the sandbox and then thoughtlessly switched to another notebook. OneNote opens by default the last Notebook opened, a fact that did not jog my mind before closing ON. After some time, I opened the application again later to the other project that had been open when I closed ON. OK, at this point, I suddenly realized that I would not have a faculty for opening the newer recently created notebook, because ON 2007's file/open dialog in would look for it in the Documents area. Well, I was thinking too hard based on previous experiences with the 360 sandbox, so at this point I went to check to see if I could open the project from the sandbox location, using ON's file/open dialog. This was not such good news, as ON received an error message that the folder project location could not be opened...a block from Qihoo, and the project is not accessible
. This is where it was stored, and I assume this is blocked for security reasons.
So now what? Well, normally, I could still just use explorer to go into the sandbox area, make a copy of the file/project folder and paste this into Documents and open it from there. This actually works fine. But there is one problem. This problem is that, when I open the project from the Documents area using a sandboxed MSO program, if I then make changes, the file or project/files will be saved in the sandbox folder area once again when I save the changes. Looking forward, this dastardly situation would leave me in a hopeless circle of copying files from the sandbox area to Documents every time I want to reopen a project from within ON. Bad situation, and I would not be able to use more than one ON project ever as a result. This at the time meant to me, o/c, that this problem could apply to all MSO apps and their associated files, too. Even worse.
Well, however, the news gets better, fortunately. That is because Qihoo somehow has come up with a way around this. First, a note here about the Qihoo sandbox for the record. Qihoo sandbox has no faculty for copying a folder from its sandbox folders/files dialog, which is contained within the security suite. This dialog can also be accessed from an open sandboxed program/file via a small dialog that is attached to the top of the window that says "Running in sandbox". So this then would make it possible to move the entire ON project to Documents if possible to copy a folder and contents from the Qihoo dialog. However, while there is the ability to copy all of the files, a folder cannot be copied. Obviously, there would be no convenient way to update the project to Documents, anyway, as this would be still hugely inconvenient for a user. Over and over copying and pasting and so on, just to have the ability to open the file or project. Honestly, considering this, it doesn't even matter that only files can be copied from within the Qihoo sandbox. It would be too complicated to have to rely on this kind of workaround.
So onto Qihoo's resolution of this issue (which gratefully there is one). OK, so we have established that the ON project does not exist in Documents, if the project has been created/edited and saved in the sandbox. That said, there is a handy trick that Qihoo has managed to perform at some level. Yes, somehow Qihoo tricks MSO OneNote file/open dialog/interface into believing that the project actually is in Documents. Wish I had checked this at first, and if I had I wouldn't have fretted for the 15 minutes it took me to discover this ability of 360 sandbox. But I must admit I was kind of stunned that it worked as things went. I really didn't believe the sandbox was to this point in development, honestly. At any rate, from the main file/save dialog of MS Office 2007, I am able to open any project as though it is in the Documents folder, even though it isn't present there. Some of the projects as they appear in this dialog do appear to be locked in the file/open dialog of MSO ON, but even these will open. In this regard, I have a feeling Qihoo has made some changes and the lock addition to icons is not appearing presently according to a specific plan logic of any kind. This I gather would ideally be Qihoo's way of explaining which of the files/projects have actually been created or edited within the sandbox, but it does seem reversed to me at the present time. Hopefully, this will happen in an update if I am seeing the issue correctly. BTW, Qihoo also seems to have tricked MSO Word 2007 as its file/open dialog also sees all files, sandboxed and not.
I am sure this is standard for a good sandbox, but it is good to see that the Qihoo sandbox has gotten far enough to support MSO documents opening and so on. I do feel more secure knowing that all MSO documents will open in the sandbox now. However, backup seems it will be a challenge in one regard. I would like to use Groove Monitor to sync folders to a backup drive. Will Groove Monitor give me this ability via 360 support? Guess that will be another test for this afternoon.
First, some background on this issue of 360 sandbox and MS Office. When I run an MS Office app, say, OneNote from the 2007 suite that I have and use, there are some challenges to do with files that occur to me could be possible for the security writers. "Where should the file be placed?" and so on. If I recall from previous trials of the 360 sandbox, there may have been some previous issues with the sandbox and MSO in this way, e.g. MS Office 2007 could not access the sandbox to open a file if the file had been created or edited and saved inside the MSO app running in the sandbox.
So, at any rate, here is the story. Today, I saved a OneNote notebook into the sandbox and then thoughtlessly switched to another notebook. OneNote opens by default the last Notebook opened, a fact that did not jog my mind before closing ON. After some time, I opened the application again later to the other project that had been open when I closed ON. OK, at this point, I suddenly realized that I would not have a faculty for opening the newer recently created notebook, because ON 2007's file/open dialog in would look for it in the Documents area. Well, I was thinking too hard based on previous experiences with the 360 sandbox, so at this point I went to check to see if I could open the project from the sandbox location, using ON's file/open dialog. This was not such good news, as ON received an error message that the folder project location could not be opened...a block from Qihoo, and the project is not accessible
. This is where it was stored, and I assume this is blocked for security reasons. So now what? Well, normally, I could still just use explorer to go into the sandbox area, make a copy of the file/project folder and paste this into Documents and open it from there. This actually works fine. But there is one problem. This problem is that, when I open the project from the Documents area using a sandboxed MSO program, if I then make changes, the file or project/files will be saved in the sandbox folder area once again when I save the changes. Looking forward, this dastardly situation would leave me in a hopeless circle of copying files from the sandbox area to Documents every time I want to reopen a project from within ON
. Bad situation, and I would not be able to use more than one ON project ever as a result. This at the time meant to me, o/c, that this problem could apply to all MSO apps and their associated files, too. Even worse.Well, however, the news gets better, fortunately. That is because Qihoo somehow has come up with a way around this. First, a note here about the Qihoo sandbox for the record. Qihoo sandbox has no faculty for copying a folder from its sandbox folders/files dialog, which is contained within the security suite. This dialog can also be accessed from an open sandboxed program/file via a small dialog that is attached to the top of the window that says "Running in sandbox". So this then would make it possible to move the entire ON project to Documents if possible to copy a folder and contents from the Qihoo dialog. However, while there is the ability to copy all of the files, a folder cannot be copied. Obviously, there would be no convenient way to update the project to Documents, anyway, as this would be still hugely inconvenient for a user. Over and over copying and pasting and so on, just to have the ability to open the file or project. Honestly, considering this, it doesn't even matter that only files can be copied from within the Qihoo sandbox. It would be too complicated to have to rely on this kind of workaround.
So onto Qihoo's resolution of this issue (which gratefully there is one). OK, so we have established that the ON project does not exist in Documents, if the project has been created/edited and saved in the sandbox. That said, there is a handy trick that Qihoo has managed to perform at some level. Yes, somehow Qihoo tricks MSO OneNote file/open dialog/interface into believing that the project actually is in Documents. Wish I had checked this at first, and if I had I wouldn't have fretted for the 15 minutes it took me to discover this ability of 360 sandbox
. But I must admit I was kind of stunned that it worked as things went. I really didn't believe the sandbox was to this point in development, honestly. At any rate, from the main file/save dialog of MS Office 2007, I am able to open any project as though it is in the Documents folder, even though it isn't present there. Some of the projects as they appear in this dialog do appear to be locked in the file/open dialog of MSO ON, but even these will open. In this regard, I have a feeling Qihoo has made some changes and the lock addition to icons is not appearing presently according to a specific plan logic of any kind. This I gather would ideally be Qihoo's way of explaining which of the files/projects have actually been created or edited within the sandbox, but it does seem reversed to me at the present time. Hopefully, this will happen in an update if I am seeing the issue correctly. BTW, Qihoo also seems to have tricked MSO Word 2007 as its file/open dialog also sees all files, sandboxed and not.I am sure this is standard for a good sandbox, but it is good to see that the Qihoo sandbox has gotten far enough to support MSO documents opening and so on. I do feel more secure knowing that all MSO documents will open in the sandbox now. However, backup seems it will be a challenge in one regard. I would like to use Groove Monitor to sync folders to a backup drive. Will Groove Monitor give me this ability via 360 support? Guess that will be another test for this afternoon.
