Sandboxie version 2.78.5 Released

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Sandboxie version 2.78.5 Released

Post by tzuk » Wed Feb 14, 2007 3:57 pm

Anyone with an outstanding problem with Sandboxie ... please try this version.
tzuk

OwenBurnett
Posts: 112
Joined: Mon Dec 18, 2006 11:36 am

Post by OwenBurnett » Wed Feb 14, 2007 4:03 pm

Hi, I saw there is an win 64 installer, does this mean oyu finaly found a way around the evil patch guard?

Owen

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Feb 14, 2007 4:11 pm

Yes. I noticed your post in the x64 topic in the other forum. But you didn't notice my post there from a couple of days ago . . . :P
tzuk

OwenBurnett
Posts: 112
Joined: Mon Dec 18, 2006 11:36 am

Post by OwenBurnett » Wed Feb 14, 2007 4:27 pm

I see, does it actualy bypass or siddables patch guard, or does it work in a way that is permited by patch guard?

Owen

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Feb 14, 2007 4:45 pm

No bypass and no disable. Like I said earlier in that other topic, working against PatchGuard was never a direction that I considered. The new Sandboxie just doesn't upset PatchGuard.
tzuk

OwenBurnett
Posts: 112
Joined: Mon Dec 18, 2006 11:36 am

Post by OwenBurnett » Thu Feb 15, 2007 3:50 am

So am I right assuming that PatchGuard is actualy not designed to fight rootkits as any rootkit could uses the way SB does and does its thing?

Owen

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Feb 15, 2007 3:54 pm

No. Not at all. PatchGuard is designed to guard against modifications to the kernel. And it does that very well, I'm afraid. There is no way to fool it. You must either disable it (bad idea), or otherwise not upset it (good idea) -- but there is no middle path.

(There used to be, for a bit, which is how Sandboxie x64 worked a while back, but along came a Windows update...)

Anyway, it is still possible for kernel mode drivers to load and work in co-operation with the kernel to accomplish a task. This is what the new Sandboxie does. And it is very different than stomping on the kernel to accomplish a task. Which is what the old Sandboxie was doing.

And since there isn't a way to co-operate with the kernel in order to hide processes or drivers (you'd have to modify the kernel for that), then PatchGuard does its job and guarantees no rootkits.

(Unless rootkits disable PatchGuard, but if Microsoft updates PatchGuard periodically, then rootkits can only survive hidden until the next Windows update, thus greatly reducing their life span in your system.)
tzuk

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 15 guests