IDM somehow breaks sandbox..Security issue? [SOLVED]

If it's not about a problem in the program
Post Reply
downloaderfan
Posts: 10
Joined: Wed Mar 08, 2017 7:15 pm

IDM somehow breaks sandbox..Security issue? [SOLVED]

Post by downloaderfan » Wed May 17, 2017 7:54 am

Ok, I have internet download manager installed on my main PC. Till now, I thought that any program I ran from a sandboxed window would also start inside the sandbox as I have seen that it's the general behavior of programs across sandboxie. I noticed that when I run Firefox inside sandboxie and press the 'Download video' button of IDM while watching a video, the video in loaded in the unsandboxed version of IDM and not the sandboxed version of IDM as I expected. Same applies to Internet Explorer. I installed sandboxie mainly to open suspicious word, PowerPoint & excel documents that I might receive via email. So in theory, just like how IDM broke sandbox, could a word document with a malicious macro also break sandbox and infect my main PC even if I run it inside sandboxie? Thanks.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2465
Joined: Mon Nov 07, 2016 3:10 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by Barb@Invincea » Wed May 17, 2017 9:52 am

Hello downloaderfan,

Can you please provide your OS, Browser and Sandboxie versions?
What are the exact steps to reproduce the issue?
What are your Sandbox settings? Do you have any templates or open paths?

Regards,
Barb.-

downloaderfan
Posts: 10
Joined: Wed Mar 08, 2017 7:15 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by downloaderfan » Wed May 17, 2017 10:59 am

Barb@Invincea wrote:Hello downloaderfan,

Can you please provide your OS, Browser and Sandboxie versions?
What are the exact steps to reproduce the issue?
What are your Sandbox settings?

Regards,
Barb.-
I tested it on Windows 10 which is my host & also Windows 7 inside VMware, so i don't think this problem is OS dependent.
Browser as I have mentioned already, Firefox & Internet explorer.
Sandboxie v 5.18 64 bit

How to reproduce? Install internet download manager on your PC (unsandboxed) & allow its 'IDM integration module' addon inside Firefox by launching Firefox after IDM installation.(Again unsandboxed). Then, open Firefox inside sandbox and play any youtube video. IDM's download panel would show up and you click on it. When you do click on it, the video will open in an unsandboxed window of IDM instead of it being sandboxed, since I'm clicking on the download panel from a sandboxed firefox window. The video will be then downloaded to an unsandboxed file explorer, since IDM itself is unsandboxed at this point.

Configuration:

Code: Select all

[GlobalSettings]

KnownConflicts={BD71D245-1A8B-4FB3-83E4-74F77FB39267},{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}
Template=OfficeClickToRun
Template=WindowsRasMan
Template=Evernote
Template=WindowsLive
Template=AdobeAcrobatReader
Template=Kaspersky
Template=InternetDownloadManager
Template=OfficeLicensing
ActivationPrompt=n

[DefaultBox]

ConfigLevel=7
AutoRecover=y
BlockNetworkFiles=y
Template=OfficeClickToRun
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
Enabled=y,downloaderfan
BoxNameTitle=-
BorderColor=#0080FF
AutoDelete=y
NeverDelete=n

[UserSettings_2DC00426]

SbieCtrl_UserName=downloaderfan
SbieCtrl_ShowWelcome=n
SbieCtrl_NextUpdateCheck=1489572033
SbieCtrl_UpdateCheckNotify=y
SbieCtrl_HideWindowNotify=n
SbieCtrl_WindowCoords=47,134,873,449
SbieCtrl_ActiveView=40021
SbieCtrl_AutoApplySettings=n
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_EnableLogonStart=n
SbieCtrl_EnableAutoStart=y
SbieCtrl_AddDesktopIcon=y
SbieCtrl_AddQuickLaunchIcon=y
SbieCtrl_AddContextMenu=y
SbieCtrl_AddSendToMenu=y
SbieCtrl_ExplorerNotify=n
SbieCtrl_BoxExpandedView=DefaultBox,Office_2016

[Office_2016]

Enabled=y
ConfigLevel=7
AutoRecover=y
BlockNetworkFiles=y
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF
BoxNameTitle=-
AutoDelete=y
NeverDelete=n
Do you have any templates or open paths?
I don't remember doing anything like that, I would personally never download a sandbox program and then knowingly configure it to allow an open path to my main OS, without that path being read only from within the sandbox. Although I wouldn't know if sandboxie has done that for me automatically so I have included my configuration file in this post.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2465
Joined: Mon Nov 07, 2016 3:10 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by Barb@Invincea » Wed May 17, 2017 1:32 pm

Hello downloaderfan,

I was able to test and reproduce the behavior.
Talked the devs and it seems to be that that is expected if using the template for IDM.

See if this helps:
http://forums.sandboxie.com/phpBB3/viewtopic.php?t=9860

Regards,
Barb.-
Last edited by Barb@Invincea on Wed May 17, 2017 1:52 pm, edited 1 time in total.
Reason: Updated response with more information.

downloaderfan
Posts: 10
Joined: Wed Mar 08, 2017 7:15 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by downloaderfan » Wed May 17, 2017 2:40 pm

Barb@Invincea wrote:Hello downloaderfan,

I was able to test and reproduce the behavior.
Talked the devs and it seems to be that that is expected if using the template for IDM.

See if this helps:
http://forums.sandboxie.com/phpBB3/viewtopic.php?t=9860

Regards,
Barb.-
Ok, could you also talk to the devs about this doubt of mine please?
I see that Microsoft Office Click to Run is also a template inside sandboxie, so does it also have some vector which a malicious macro might exploit & escape sandbox? Are these templates compromising with the security level of sandboxie? The main question is, can I feel safe opening any suspicious office document inside sandboxie? I'm no security expert, but there is a general consensus that any such sandbox escape vector made for legit reasons could also be exploited by a malicious program....That's why I look at these things with a grain of salt.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2465
Joined: Mon Nov 07, 2016 3:10 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by Barb@Invincea » Wed May 17, 2017 3:06 pm

Hello downloaderfan,

If you do not grant them access to work outside the Sandbox (via a template or opening a path), applications running inside Sbie will be contained in the Sandbox.
Templates often punch small holes (which are tested before hand...) in order to allow applications to communicate with the host (or make modifications when needed).

Here's more information regarding how Sandboxie protects you:
https://www.sandboxie.com/index.php?Fre ... HowItWorks

If you are interested in making your Sandbox more secure, you may find this thread useful:
http://forums.sandboxie.com/phpBB3/view ... on#p127477

Regards,
Barb.-

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1640
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: IDM somehow breaks sandbox..Security issue?

Post by Curt@invincea » Wed May 17, 2017 6:12 pm

IDM installs a service that runs in your host to monitor for downloads coming from browsers. The service intercepts downloads coming from sandboxed browsers the same way it does from host browsers. Nothing is escaping or breaking the sandbox.

downloaderfan
Posts: 10
Joined: Wed Mar 08, 2017 7:15 pm

Re: IDM somehow breaks sandbox..Security issue?

Post by downloaderfan » Thu May 18, 2017 6:23 am

Ok, thanks for your quick replies & clarification, Barb & Curt, appreciate that :)

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests