Sandboxie: Sandbox-based isolation software for Windows NT-based OS's
github.comI rarely feel the need for sandboxie but the times I do, I feel that I'd be better served by a full VM. Got burned once because I misjudged risk level and the thing I ran within sandboxie managed to grab my browser's saved passwords.
Sandboxie (by default), does not restrict access to existing files in your user directory (or anywhere else).
It stops malware etc. From persisting because it catches writes. Basically it kind of mounts an overlayfs over your drive.
You can configure this differently, and iirc the paid donation version has an option to make your user directory private.
I agree that this probably isn't the best default, but that likeöy was a case of not rtfm'ing, andlnot misjudging the risk level. I was confused by this at first too.
I like the Sandbox app / feature built into Win10/11 (very fast to boot). I wish it'd allow saving snapshots and being automated. I want to set one up with a full dev environment for example.
Full HyperV VMs are significantly slower to boot and run.
If you haven’t already messed around with WSB files, I would encourage them for more complicated use cases.
https://docs.microsoft.com/en-us/windows/security/threat-pro...
The WinGet github repository has some scripts to setup and install programs inside.
Can second Windows Sandbox - 3s startup time, can copy things into it and it does like 85% of what I need completely isolated.
I mainly use it to test silent install flags when I'm deploying apps or running untrusted things :)
snapshots would be nice. it is actually a container of sorts underneath, with RDP support, so they could do it if they desired. (they don't, it seems, unfortunately.)
Windows containers gaining RDP is probably the bigger wishlist item, for me. Windows containers with a GUI would make some things extremely trivial and other things much easier.
I documented how to set up RDS in containers back in 2018 [1] then Microsoft swooped in and killed it. They are weirdly sensitive when it comes to terminal services. Could perhaps be licensing/financially motivated. I get emails almost weekly to this day asking for updates. Wish I had one.
[1]: https://withinrafael.com/2018/03/09/using-remote-desktop-ser...
Hey Rafael,
How have you been? Are you still in the Bellevue/Redmond area?
Windows Sandbox is really great, I just wish it could coexist with VirtualBox.
VirtualBox keeps teasing proper Hyper-V support "any release now", but given how many releases have teased that and also Oracle's lack of incentive to actually make it happen (because they want you to buy their servers) who knows if/when it will ever happen. Ball is definitely in Oracle's court, though.
Yeah, the earlier versions of SandBoxie used SSDT hooks and offered much better protection. You can completely bypass some SandBoxie protections today with a direct interrupt 0x2e or SYSENTER call. SandBoxie offers very little protection.
If you're doing any malware analysis, I think a VM is the minimum bar for isolation; and separate physical hardware is even better.
You probably want a VM on separate physical hardware on a separate network connection, to avoid it burrowing into the hardware and avoid it burrowing into your network.
Yeah I will usually just spin up something on a public cloud, if I am running an executable of questionable safety.
A lot of people were using sandboxie for less than noble purposes, like multi boxing in matchmaking games in low population regions, so they’d end up matching all their clients w/ each other.
I'd have to agree. Windows Sandbox is built into the OS and is a much better option - it takes your existing Windows install and within literal seconds, creates and starts a clean VM whose contents will be burned on close. It's an insane technical achievement and it doesn't get enough kudos imho
That's the reason why I hate it. I want my sandbox to persist. Use case: Filling once in a year tax forms with turbo tax that i can't seem to file in a single sitting
I just tried it for the first time and the app I didn't trust could tell it was being sandboxed/spoofed/debugged/etc.
Sounds like something an untrustworthy app would do.
ouch. unexpected lesson to be learned here...
Don't use browser password saving. I presume a third party app like bitwarden would have been better. though if the browser auto syncs and installs the extension your risk is a little higher.
I was already almost entirely migrated to keepassxc but had kept using the browser feature out of habit. Quickly disabled that and had a really fun few days changing absolutely everything's password.
How did you know that your passwords were stolen?
found a CSV file containing my passwords in the sandboxed appdata
Oh? I always assumed the Firefox feature would be fine with a master password and 2fa set up , but is a third party manager really a substantial upgrade security wise?
Since when is Sandboxie open source?
edit: 2020. Awesome. I remember having to rely on reverse engineering to understand wtf it was doing. Now I can check!
When I was younger I wanted to start a company around automatic sandboxing very similar to Sandboxie, but dealing with Windows Kernel Drivers was miserable. Having something open source to derive inspiration and design from would have been so helpful.
Couple of previous big related threads from 2020 and 2019:
I still use it to test installers.
We are working on traditional Windows apps, with an installer (NSIS or Qt) and Sandboxie is a great way to test it. During development, we can't trust that the installer won't leave a ton of crap that will break future installs, and running it under Sandboxie is a simple and effective way of starting with a clean slate every time. Also, by inspecting the content of the sandbox, it is also possible to see what the installer has done exactly and identify what wasn't properly removed during the uninstall so that it can be fixed.
Sandboxie is pretty great. This is how I've managed to multibox Elite: Dangerous ever since Frontier changed how they issue game keys in 2019. I can have multiple versions of Steam and multiple versions of the game running side by side. The only thing that can get a little wonky is the Steam Controller, with both the desktop and game-specific bindings getting activated simultaneously in some cases.
I would never use it for security-sensitive process isolation, like malware analysis. It's safer to use a dedicated computer or virtual machine for that sort of thing. But for gaming? chef's kiss
Used it way back in my Windows 7 days, it was a great solution to keep system directories clean from all clutter that installed programs add and fail to remove during uninstall.
I wonder what's the difference at the implementation level between this and Windows containers.
Why not use Siloes instead of a custom driver?
Probably because Sandboxie has been around for over a decade.
wow this thing's still alive?
I remember this from my Windows XP days (spent another two years on Win 7, before switching to and being happier with Linux). No interest beyond nostalgia but indeed here I am reading at least the comment thread :). Gotta agree that I'd also not use it for anything serious, like it's perhaps useful as hardening for your browser because no regular exploit will expect it, but that's about it. I was already weary of it with my limited security knowledge back in the teen days, and reading of someone whose browser password was stolen, I'm happy that I didn't trust the claims that I seem to remember it making back then. It's a bit similar to containers I guess: probably even safer but even as a security person I don't trust myself to configure those malware-proof.