Will Sandboxie Still Work with the Windows Kernel Overhaul?

If it's not about a problem in the program
Post Reply
Nitrile
Posts: 4
Joined: Wed Jan 03, 2018 12:57 pm

Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Nitrile » Wed Jan 03, 2018 1:01 pm

Recently a tremendous flaw in Intel processors was discovered. In order to address the issue, Windows is expected to redesign their kernel for additional security, patching the flaw.

Updates to the Windows Kernel typically don't play too nice with Sandboxie in my experience. Is this an issue that is currently on the team's radar? Can I expect to see bluescreens after Windows patches the kernel? Or will there be an update in advance to address this upcoming issue?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2820
Joined: Mon Nov 07, 2016 3:10 pm

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Barb@Invincea » Wed Jan 03, 2018 2:43 pm

Hello Nitrile,

It is too early to know what are the changes going to involve, but the devs are aware of the situation and we will monitor/test updates to see how they affect Sandboxie (if they affect it at all).

Regards,
Barb.-

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1661
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Curt@invincea » Wed Jan 03, 2018 3:07 pm

According to the articles I have read, this fix for Windows 10 went into the Fast Ring in Nov. & Dec. There have been no problems detected with Sbie thus far.

Nitrile
Posts: 4
Joined: Wed Jan 03, 2018 12:57 pm

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Nitrile » Wed Jan 03, 2018 9:13 pm

Wonderful to know! Thank you so much for the prompt and direct reply.

Keep up the fantastic work!

thomaz
Posts: 11
Joined: Thu Apr 23, 2015 11:19 am

Intel CPU Vulnerability. Am i secure with a Sandboxed Web-Browser?

Post by thomaz » Wed Jan 03, 2018 11:29 pm

Hi,
am i secure when i run my browser inside sandboxie?
:)

Sandcastle
Posts: 7
Joined: Thu Jan 04, 2018 6:52 am

Re: Intel CPU Vulnerability. Am i secure with a Sandboxed Web-Browser?

Post by Sandcastle » Thu Jan 04, 2018 8:23 am

AFIK: the vulnerability effects the Kernel and is at BIOS level, so probably not.
Although it is said that private/non-cloud users probably won't be targeted by bad guyys.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2820
Joined: Mon Nov 07, 2016 3:10 pm

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Barb@Invincea » Thu Jan 04, 2018 10:35 am

Moved the posts related to KB4056897 here :
viewtopic.php?f=17&t=25290

The devs have been made aware.

Regards,
Barb.-

shmu26
Posts: 69
Joined: Thu Mar 31, 2016 9:36 am

Re: Intel CPU Vulnerability. Am i secure with a Sandboxed Web-Browser?

Post by shmu26 » Thu Jan 04, 2018 1:46 pm

Sandcastle wrote:
Thu Jan 04, 2018 8:23 am
AFIK: the vulnerability effects the Kernel and is at BIOS level, so probably not.
Although it is said that private/non-cloud users probably won't be targeted by bad guyys.
They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory?

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1661
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Intel CPU Vulnerability. Am i secure with a Sandboxed Web-Browser?

Post by Curt@invincea » Thu Jan 04, 2018 4:04 pm

shmu26 wrote:
Thu Jan 04, 2018 1:46 pm
They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory?
We are still investigating these issues. Since these are hardware problems that bypass Windows entirely, I doubt they can be stopped by sandboxing. Most likely these can only be mitigated by Windows kernel patches (i.e. Microsoft).

There is no reason to panic. There is no known exploit of this bug in the wild, and MS patches are being distributed now.

danicx
Posts: 63
Joined: Tue Aug 28, 2012 2:23 pm

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by danicx » Sat Jan 06, 2018 9:24 am

Can somebody explain this? For example, some malicious process started in SB and via Meltdown exploit read my memory. If I terminate all process in this sandbox is I'm safe from this moment? can some processes exist only in memory after killing all processes in sandbox or i need restart pc?

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Will Sandboxie Still Work with the Windows Kernel Overhaul?

Post by Syrinx » Sun Jan 07, 2018 2:16 am

danicx wrote:
Sat Jan 06, 2018 9:24 am
Can somebody explain this? For example, some malicious process started in SB and via Meltdown exploit read my memory. If I terminate all process in this sandbox is I'm safe from this moment? can some processes exist only in memory after killing all processes in sandbox or i need restart pc?
While not exactly what you asked about, Please see: viewtopic.php?f=17&p=131781#p131781
More particularly I haven't been able to test it properly and I AM NOT A MALWARE PRO but it seems to be possible for an offending process (or script) to run [given normal limits] within the sandbox and any other 'allowed' exe to then make use of such exploits via JS. While the Spectre exploit in particular seems difficult to reproduce\achieve atm, the meltdown exploit (to my limited knowledge) is partly taken care of via the OS updates with winblows and we should just be waiting on the hardware vendors (which may never update old stuff) to enable the changes via a bios/uefi update.

I'm not normally a cross my fingers type of person but sadly without more info, that is now what I am down to at the moment like everyone else.

The spectre side still has me wondering atm but if it helps the beer hasn't been thrown too far yet.

More generally, yes, if all offending processes are killed then the threat *should be over* by that point. Please take into account I'm not a programmer and I'm tooting outta an unsecured hole....and I'm almost always intoxicated...geesh I sound rather untrustworthy all the sudden!
https://www.ntlite.com

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests