Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Windows Sandbox vs Edge Application Guard Window (which is safer ?)
Message
<blockquote data-quote="Deleted Member 308817310" data-source="post: 822043" data-attributes="member: 80647"><p>I'm right about all of it.</p><p></p><p>The answer is as simple as I've been making it out. There's no need to over-complicate this.</p><p></p><p>Microsoft's sandbox technology is using a privilege level that's reserved by the firmware for Type 2 hyper-visors (ring -1) which behaves identically to ring 0 in the eyes of the code running under it, but is controlled by the host environment. The host environment's kernel is running with a Current Privilege Level (CPL) 0 and the guest environment's kernel is running with a CPL of -1. Whenever the guest environment's kernel executes a privileged instruction, the host environment is allowed to control what happens, and many instructions from the x86/AMD64 instruction set which are not privileged instructions can also be controlled.</p><p></p><p>Sandboxie is entirely dependent on the host environment. There is no real isolation between the program being put in the sandbox and the rest of the host environment, it's merely an illusion.</p><p></p><p></p><p>This isn't an issue and it is no different to if you had done this on a VM using VMware.</p><p></p><p>Sandboxie might deny the installation of drivers, but what about vulnerable drivers that might already be on the machine?</p><p></p><p>Windows Sandbox is literally the same as a VM except it's been designed to be more convenient; there's no need to install OS media because it takes the system files from your host environment.</p><p></p><p>This conversation can go on for decades but the obsession of Sandboxie being more powerful than Microsoft's sandbox technology when Microsoft use dedicated CPU features designed for isolation is shocking.</p></blockquote><p></p>
[QUOTE="Deleted Member 308817310, post: 822043, member: 80647"] I'm right about all of it. The answer is as simple as I've been making it out. There's no need to over-complicate this. Microsoft's sandbox technology is using a privilege level that's reserved by the firmware for Type 2 hyper-visors (ring -1) which behaves identically to ring 0 in the eyes of the code running under it, but is controlled by the host environment. The host environment's kernel is running with a Current Privilege Level (CPL) 0 and the guest environment's kernel is running with a CPL of -1. Whenever the guest environment's kernel executes a privileged instruction, the host environment is allowed to control what happens, and many instructions from the x86/AMD64 instruction set which are not privileged instructions can also be controlled. Sandboxie is entirely dependent on the host environment. There is no real isolation between the program being put in the sandbox and the rest of the host environment, it's merely an illusion. This isn't an issue and it is no different to if you had done this on a VM using VMware. Sandboxie might deny the installation of drivers, but what about vulnerable drivers that might already be on the machine? Windows Sandbox is literally the same as a VM except it's been designed to be more convenient; there's no need to install OS media because it takes the system files from your host environment. This conversation can go on for decades but the obsession of Sandboxie being more powerful than Microsoft's sandbox technology when Microsoft use dedicated CPU features designed for isolation is shocking. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
