Sandboxie should be avoided in 2019 and above

[Deleted Member 308817310]

Sandboxie should be avoided in 2019 and above.

1. Sandboxie messes with the memory of processes belonging to other people's software.

First of all, messing with memory of other people's software can introduce additional vulnerabilities in other people's software. There's people out there who have a good track record with finding (and exploiting) vulnerabilities which are introduced by security software injecting code for one reason or another.

Second of all, messing with the memory of other people's software will tarnish code integrity defenses. Code integrity is there to validate that code is as it should be and hasn't been modified, but thanks to Sandboxie, those features can go flying out the window. You can trust Sandboxie to hook away at its own discretion, destroying effective use of code integrity to ensure that no one who shouldn't be messing with things in certain areas.

Third of all, messing with the memory of other people's software... breaks other people's software. Developers have enough on their plate without having to clean up Sandboxie's mess. People report compatibility issues even though it isn't the developers fault, but Sandboxie's fault. It's not acceptable given Sandboxie doesn't have to behave in the way it's behaving: there are modern model designs for sandbox systems which they are voluntarily deciding to ignore and not bother implementing.

2. Sandboxie has a lot of incompatibility problems.

Sandboxie is constantly forcing people to use beta versions for quicker compatibility patches, even though using a beta channel is not a good idea for security. General stability and security may differ when using a beta product compared to a release product. Beta products are in beta because they haven't been tested/vetted as much and are pending normal release until they can prove themselves to be stable and secure enough.

3. Sandboxie does not have a proper channel for reporting critical vulnerabilities.

There's someone on the forums asking for assistance in reporting a potential critical vulnerability. The claims are that the vulnerability, when exploited, can result in escalation of privileges. Of course, it took several days before an official employee could even reply to the thread.

Here's what some of the forum members over there have to say about Sandboxie.

Just go ahead and post it here, so at least the few of us that are left can know what to look out for. Sophos won't do anything about it. Doubtful they even could.

Sophos ID - Login

community.sophos.com

What devs? Do you see any Sophos devs here? It took them months to recover from their own self-inflicted DDoS attack. The old forums are gone forever and we are left with this POS. And the buy links are still "in maintenance" after more than 2 months.

Since Sophos took over, they have done the absolute minimum required to keep Sandboxie barely running in Win 10 while they collected payments. There is a long list of problems that are being "looked in to" but not fixed.

I'm switching to the cracked version to get around this licensing incompetence. The crackers at least have some devs working. They maybe can do something about vul. if you post the details here assuming it is real.

Sophos ID - Login

community.sophos.com

Well, there we have it... two Sandboxie supporters themselves had some interesting things to say.

Windows 10 Professional (and above) users can switch to Microsoft Windows Sandbox - it works like a charm and doesn't have the above mentioned caveats - which is made by people who are willing to design a sandbox system that is robust and relatively secure. For anyone that is unaware, Windows 10's new sandbox feature is powered by Hyper-V (enterprise-grade virtual machine software).

You can find more information about the Windows 10 Sandbox here:

Windows Sandbox

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation. How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to...

techcommunity.microsoft.com

Windows 10's Sandbox doesn't need to be updated on a daily basis to maintain compatibility, doesn't jeopardize your security to make geek users happy, and doesn't provide redundant and bloatware functionality that only a small portion of users would have genuinely needed to stay safe.

If you're not into Windows 10 Sandbox or you're not a Windows 10 Professional (or above) user, then look into ReHIPS, also much safer and robust than Sandboxie.

Thanks for reading. You know what to do if you have Sandboxie installed right now (*hint* Control Panel -> Uninstall programs -> Sandboxie -> Uninstall *hint*).

 

[Andy Ful]

Sadly, that is why I do not use Sandboxie for 3 years.
Using Sandboxie on Windows 10 Home is risky because Windows Updates can break some of Sandboxie capabilities and cause unpredictable problems. On Windows Pro, the situation is better (with deferred updates), but using Application Guard for Edge (Hyper-V container + AppContainer) or Chrome in Windows Sandbox (Hyper-V container + Chrome Sandbox) is stronger protection without compatibility problems.
A few years ago Sandboxie used rootkit-technologies (for example kernel-mode hooking), but that changed with Windows 10. I could not find any documentation about using kernel-mode hooks in the actual versions of Sandboxie.

With Windows 10 ver. 1903, the user can also defer Windows Updates for the month, so Sandboxie can still be used (with caution) to run vulnerable applications. Some users like to run Chrome in Sandboxie, but I cannot recommend this, because Sandboxie can weaken Chrome Sandbox.
Many users on Windows Home prefer ReHIPS to run vulnerable applications in the sandbox. ReHIPS does not use any rootkit-technologies (no kernel-mode hooking).

 

[LDogg]

Solution to this problem you may ask - Shadow Defender - the easiest PC/laptop security and privacy protection tool

~LDogg

 

[Deleted Member 308817310]

Solution to this problem you may ask - Shadow Defender - the easiest PC/laptop security and privacy protection tool

Shadow Defender is not the solution, but it's much safer than Sandboxie in terms of how the product works.

Remember the following.

1. The author of Shadow Defender is known to randomly disappear for unknown lengths of time.
2. The maintenance and improvement of Shadow Defender is unprecedented.
3. The use of Shadow Defender on your main environment does not help your personal and confidential information being kept safe.

Instead of aimlessly using Shadow Defender, you could literally just start-up Windows 10 Sandbox in a matter of seconds and then close it when you no longer need it.

No need for messing with configuration. No need to bear additional system overhead when it's not needed. Simply open it when you need it and end the session when you don't.

 

[technology]

Shadow Defender is not the solution, but it's much safer than Sandboxie in terms of how the product works.

Remember the following.

1. The author of Shadow Defender is known to randomly disappear for unknown lengths of time.
2. The maintenance and improvement of Shadow Defender is unprecedented.
3. The use of Shadow Defender on your main environment does not help your personal and confidential information being kept safe.

Instead of aimlessly using Shadow Defender, you could literally just start-up Windows 10 Sandbox in a matter of seconds and then close it when you no longer need it.

No need for messing with configuration. No need to bear additional system overhead when it's not needed. Simply open it when you need it and end the session when you don't.

Fully Agree regarding Shadow Defender but what about Shade sandbox ?

 

[Windows_Security]

What is good about sandboxie?

1. Good addition for people still running on Windows 7
   
   
2. Besides virtualization it can also apply application execution, folder and internet access restrictions
   
   
3. Has a track good track record of protection where antivirus solutions failed
   
   
4. Has a market share which is small enough to be NOT COMMERCIALLY FEASABLE TARGET of specific malware
   
   
5. Has the ability to automatically flush stuff through the toilet to clean up after using sandboxed programs. Thus it's presence is continuously proven to its users, enforcing their good feel in using Sandboxie (enhancing user commitment and loyalty).

Why is bad about sandboxie?

1. Sandboxie is an inovative idea from Windows XP using technology from Windows XP ported to Windows 7 technology to accommodate Integrity Levels introduced in Vista.
   
   
2. The creator owner of Sandboxie sold his product to Invincea which had plans with Sandboxie. The Invincea plans to use Sandboxie for Soho and home user market did not turned out as expected. For Sophos acquiring Invincea the small user base (and small profit projection) make Sandboxie a skeleton in the closet. So Sophos will only allocate limited resources to Sandboxie.
   
   
3. Not designed for Windows 10, so only way to use it without compatibility problems is to defer Windows10 updates. This makes the benefits of using Sandboxie over Windows 10 build-in features questionable, because deferring patches is bad practice.

Bottem line

• Fans love the product because of its impeccable protection reputation and its continuous proof of presence (flushing the toilet)
  
  
• Critics hate the product because of the irrational of deferring patches in favor of a security product using old technology

 

[Andy Ful]

What is good about sandboxie?

1. Good addition for people still running on Windows 7
   
   
2. Besides virtualization it can also apply application execution, folder and internet access restrictions
   
   
3. Has a track good track record of protection where antivirus solutions failed
   
   
4. Has a market share which is small enough to be NOT COMMERCIALLY FEASABLE TARGET of specific malware
   
   
5. Has the ability to automatically flush stuff through the toilet to clean up after using sandboxed programs. Thus it's presence is continuously proven to its users, enforcing their good feel in using Sandboxie (enhancing user commitment and loyalty).

Why is bad about sandboxie?

1. Sandboxie is an inovative idea from Windows XP using technology from Windows XP ported to Windows 7 technology to accommodate Integrity Levels introduced in Vista.
   
   
2. The creator owner of Sandboxie sold his product to Invincea which had plans with Sandboxie. The Invincea plans to use Sandboxie for Soho and home user market did not turned out as expected. For Sophos acquiring Invincea the small user base (and small profit projection) make Sandboxie a skeleton in the closet. So Sophos will only allocate limited resources to Sandboxie.
   
   
3. Not designed for Windows 10, so only way to use it without compatibility problems is to defer Windows10 updates. This makes the benefits of using Sandboxie over Windows 10 build-in features questionable, because deferring patches is bad practice.

Bottem line

• Fans love the product because of its impeccable protection reputation and its continuous proof of presence (flushing the toilet)
  
  
• Critics hate the product because of the irrational of deferring patches in favor of a security product using old technology

Generally, skipping Windows Updates is a bad idea. But, I could discuss deferring updates for one month. This is a very practical, and rather safe solution (Microsoft words). Windows Updates are sometimes buggy so even Microsoft finally admitted (in ver. 1903) that deferring them a little is OK.

 

[Andy Ful]

Solution to this problem you may ask - Shadow Defender - the easiest PC/laptop security and privacy protection tool

~LDogg

Shadow Defender is excellent for protecting the data on disks from permanent changes. But by design it does not cover some vectors of attack as compared to Windows Sandbox:

1. When you put some disks in the shadow mode, the rest are still not protected (for example, when you plug the pen drive for a few minutes).
2. All credentials stored in the system can be stolen by malware with sufficient privileges.
3. Shadow Defender does not protect the memory. On the contrary, Windows Sandbox isolates the memory of processes in the sandbox from processes outside the sandbox, and vice versa.
4. Shadow Defender can have a problem with some Windows Updates.

 

[Windows_Security]

Generally, skipping Windows Updates is a bad idea. But, I could discuss deferring updates for one month. This is a very practical, and rather safe solution (Microsoft words). Windows Updates are sometimes buggy so even Microsoft finally admitted (in ver. 1903) that deferring them a little is OK.

Deferring feature updates is okay (e.g. from 1809 to 1903), security patches not. I updated our PC's to 1903 last week, but kept on updating security fixes of 1809 every week. Don't know the exact phrase Microsoft used, but I can't imagine that they referred to security patches. Even when Microsoft did release a marketing nonsense bulletin to cover up the 1903 mess, that would not change the fact that deferring security updates is bad practice.

Many IT-manager have a policy to wait for feature updates to go from X.X.0 to X.X.1, but at the same time they apply an ASAP security patch policy. Don't want to to discuss insecure practices (don't give attention to bad ideas, it does not improve good practices, only provides bad ideas a platform and public attention).

 

[Andy Ful]

Deferring feature updates is okay (e.g. from 1809 to 1903), security patches not. I updated our PC's to 1903 last week, but kept on updating security fixes of 1809 every week. Don't know the exact phrase Microsoft used, but I can't imagine that they referred to security patches. Even when Microsoft did release a marketing nonsense bulletin to cover up the 1903 mess, that would not change the fact that deferring security updates is bad practice. Many IT-manager have a policy to wait for feature updates to go from X.X.0 to X.X.1, but at the same time they apply an ASAP security patch policy,

From Windows 10 ver. 1703, Feature Updates can be deferred up to one year. Quality Updates (including security improvements) can be deferred up to one month. On Windows Home that can be done only by the reg tweak.
Deferring updates was the most wanted Windows feature because many users had problems with broken updates. If the hardware/software configuration is common and simple, then there is no need to defer updates, because they are only a practical compromise between security and usability.

The words from MS presentation (non-zero-day = patch already available via update):
"It is now uncommon to see a non-zero-day exploit released within 30 days of a patch being available"
"When a vulnerability is exploited as zero-day, it is most likely to first be used in a targeted attack"
"Widespread attacks via exploits are now uncommon"
"~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues"

MSRC-Security-Research/presentations/2019_02_BlueHatIL/2019_01 - BlueHatIL - Trends, challenge, and shifts in software vulnerability mitigation.pdf at master · microsoft/MSRC-Security-Research

Security Research from the Microsoft Security Response Center (MSRC) - microsoft/MSRC-Security-Research

github.com

 

[Andy Ful]

Windows Sandbox causes problems with VirtualBox.

VirtualBox ver. 6.0+ can run with enabled Hyper-V, but this feature is not perfectly implemented yet:

virtualbox.org • View topic - VirtualBox 6.0 and Hyper-V

There are also some problems with nested virtualization, when one wants to run Windows Sandbox into VirtualBox:

How to enable Windows Sandbox in VirtualBox guest OS

You can enable Windows Sandbox if you have installed Windows 11/10 in VirtualBox. You need AMD CPU to enable Windows Sandbox in VirtualBox.

www.thewindowsclub.com

Here is a nice article on how to configure Windows Sandbox:

• Enable or Disable the virtualized GPU.
• Enable or Disable network access
• Shared Folders – Share folders from the host with read or write access
• Startup Script – allows you to run different commands at startup

How to configure Windows Sandbox

With the latest release of Windows 10 (1903), Microsoft introduced a new feature called Windows Sandbox. Windows Sandbox is based on Hyper-V technology and allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. In this blog post, I will show you...

www.thomasmaurer.ch

 

[Windows_Security]

Quality Updates (including security improvements) can be deferred up to one month.

Andy, did you drink to much energy drink? Just because it is possible, that does not mean it is good practice.

Chances of accidents increase after two hours of driving a car, so it is perfectly safe to defer using the safety belt for the first hour.

I am not going to discuss such a bad idea any further which is off topic also.

Regards

 

[ichito]

Shadow Defender is not the solution, but it's much safer than Sandboxie in terms of how the product works.

Remember the following.

1. The author of Shadow Defender is known to randomly disappear for unknown lengths of time.
2. The maintenance and improvement of Shadow Defender is unprecedented.
3. The use of Shadow Defender on your main environment does not help your personal and confidential information being kept safe.

Instead of aimlessly using Shadow Defender, you could literally just start-up Windows 10 Sandbox in a matter of seconds and then close it when you no longer need it.

No need for messing with configuration. No need to bear additional system overhead when it's not needed. Simply open it when you need it and end the session when you don't.

You perhaps know that people using their own cars are using also bicykles, roller, skis, skates or something other to move from place to place. Why?...becuse they want...need...like to...have to...because they can and have a lot of diferent causes to do that. So...why you first post sounds like unfair advertisment of MS solution and anti-advertisment for 3-party competitors?
Why it's about SD?...it's not local sandbox...it's the whole "virtual isolator" of system and purpose of using it is completely different.

 

[Andy Ful]

Andy, did you drink to much energy drink? Just because it is possible, that does not mean it is good practice.

Chances of accidents increase after two hours of driving a car, so it is perfectly safe to defer using the safety belt for the first hour.

I am not going to discuss such a bad idea any further which is off topic also.

Regards

Ha, ha. The compromise between usability and security is always up to the user. For some will be a bad idea, for others can be the only solution.
When someone uses something like Sandboxie, deferring updates is probably acceptable. If someone uses only Windows built-in security (like you) then such a compromise is not needed, so it will be a bad idea.
We have a similar situation when using H_C with Windows_Security profile (very useful), instead of using H_C enhanced profile (safer, but less usable).
In fact, we both use similar simple security/software configuration. So, for both of us deferring updates is a bad idea.

You perhaps know that people using their own cars are using also bicykles, roller, skis, skates or something other to move from place to place. Why?...becuse they want...need...like to...have to...because they can and have a lot of diferent causes to do that.
...

There are some downsides of using either Shadow Defender or Windows Sandbox. So, why do not use them both?
The great news is that Shadow Defender works with Hyper-V containers, so we can still ride a bike and drive a car.

 

[ichito]

There are some downsides of using either Shadow Defender or Windows Sandbox. So, why do not use them both?

Like this?

The great news is that Shadow Defender works with Hyper-V containers, so we can still ride a bike and drive a car.

or like this?

 

[Andy Ful]

Like this?

or like this?

Great examples.:emoji_ok_hand::emoji_popcorn:
Although the last example fits better to Windows Sandbox which tries running into VirtualBox.

 

[Andy Ful]

..
Instead of aimlessly using Shadow Defender, you could literally just start-up Windows 10 Sandbox in a matter of seconds and then close it when you no longer need it.
...

It is like saying to someone: Do not use the zebra crossing - always use the underpass.

 

[RoboMan]

I also have stopped using Sandboxie for at least an year. Incompatibility with new versions and forced to search and download beta versions killed me.

 

[Aleeyen]

Sandboxie is a good software, only problem is that it has not been updated to work properly with the latest OS.
Its going the same path as Winamp went and both were excellent (actually best ) products at some point of time.

 

[LDogg]

Maybe I worded my original reply incorrect, a better alternative to Sandboxie, if one is facing problems with the software.

~LDogg