Curt@invincea wrote:Sandboxie does not "rely" on Windows security. It "uses" many features of Windows security as part of its defenses.
I'd say "uses" IS "relies" on.
Being able to use something is, in fact, relying on it...
Features like redirecting file/registry writes into the sandbox are not part of Windows security.
But the Windows permissions and security mechanisms are what prevent
file/registry writes, and then Sandboxie does its thing by selectively allowing (enabling) stuff that's OK.
Contrast this, guys, to Sandboxie 3.x that, AFAIK, had to do everything [itself] to BLOCK stuff that wasn't allowed. Whereas now, it has Windows' own abilities take care of that, and then "re-enable" what it needs (the opposite of previous versions).
Those Windows mechanisms are so restrictive, in fact, that Sandboxie v4 needs more stuff, like the GuiProxy, to allow basic stuff to work again. Yet people still can't run some programs the way they could before, because the Windows restrictions are too severe, and Sandboxie hasn't (or possibly can't
) made a way to enable or "proxy" what they need.
I think when Buster says "OS vulnerabilities", he is referring to kernel exploits. There are examples of kernel exploits that no sandbox or user-mode protection app can protect against. Fortunately, these are rare. Sandboxie does protect against most every other kind of OS vulnerability.
Yes, rare I guess. Although it seems like we have a couple of the kernel-mode font parsing exploits each year. Again, don't know how much of a problem those would be in Sandboxie though...
Same with Elevation of Privilege vulnerabilities, it's not clear to me. (BTW, these (EoP) need a corresponding initial exploit of some sort.) I mean, if something elevates to SYSTEM in the sandbox, that's fine (? is it?), and it's still sandboxed, right? So I'm not sure when or how something gaining SYSTEM privileges could/would be a problem in Sandboxie!
But yabbadoo (glad you like my writing
), ALL application/user-level exploits (most common in your sandboxed programs) will be fully contained by Sandboxie. Although IF there's an unpatched Elevation of Privilege bug in Windows that could ALSO be exploited, then I think it starts to become sketchy...
Also, your Internet connection examples: The OS always handles the low-level networking connection stuff, AFAIK. I mean if there was an exploit in Windows' networking (TCP/IP driver or such), I think it would affect Windows itself without Sandboxie being a factor, since that part doesn't happen IN Sandboxie. There was a vulnerability in newer Windows versions 1-2 years ago regarding reception of malicious UDP packets. Same type of example. (Err, maybe that was against the Firewall.)
Finally, last year, there were a couple Security Bulletins about USB driver vulnerabilities. Just connecting a malicious USB thumb drive, etc. exploits this. You (people) might think autorun (disable) or Force Folder
external drive letters in Sandboxie, but that wouldn't help. Simply plugging in the drive is all in takes. Autorun isn't needed. And Sandboxie doesn't matter, since this is at the driver-level, before anything would even run in Sandboxie.