My Documents Protection

Ideas for enhancements to the software
Post Reply
TerryWood
Posts: 193
Joined: Mon Apr 17, 2006 4:50 pm

My Documents Protection

Post by TerryWood » Sat Aug 19, 2006 10:15 am

As I understand it If you are running Sandboxed there is still nothing to stop access to Personal files. If this is correct why not include a protection feature to stop remote access to My Documents.

Currently I am using True Crypt to stop access, but its time consuming mounting and demounting and apart from backing up.

Just a thought?

Terry

mizzmona
Posts: 70
Joined: Fri Jul 28, 2006 4:58 am
Location: Missouri, USA
Contact:

Post by mizzmona » Mon Aug 21, 2006 10:45 am


TerryWood
Posts: 193
Joined: Mon Apr 17, 2006 4:50 pm

My Documents Protection

Post by TerryWood » Mon Aug 21, 2006 4:03 pm

Many thanks for the post referral. I just want to be absolutely sure I am on the same wavelength.

If I go on the web, say to "Shields Up" site or any other security test site that shows vulnerability of files. I want to be sure that My Documents is not hackable. So:


If I use: ClosedFilePath=C:\Documents & Settings\User Name\My Documents
I will be protected from ANY PRYING EYES to the contents of My Documents? In addition if I have three browsers then the additional code is

ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%

If this is correct where do I insert this code in the Sandboxie .ini file

Thanks for your help

To everyone

Terry

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Aug 22, 2006 3:37 pm

ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%

If this is correct where do I insert this code in the Sandboxie .ini file
It's not correct. The example copied from the other post deals with Favorites and you want protection on My Documents. Different folders -- so you need different configuration.

But effecting this protection means that PRYING EYES but also you cannot open documents from or save them into the My Documents folder or anywhere below it, when running Internet Explorer sandboxed.

Are you sure that's what you want?
tzuk

Guest

Post by Guest » Sun Sep 10, 2006 7:05 pm

tzuk wrote:
ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=Opera.exe,%Favorites%
ClosedFilePath=Firefox.exe,%Favorites%

If this is correct where do I insert this code in the Sandboxie .ini file
It's not correct. The example copied from the other post deals with Favorites and you want protection on My Documents. Different folders -- so you need different configuration.
He wrote

"If I use: ClosedFilePath=C:\Documents & Settings\User Name\My Documents
I will be protected from ANY PRYING EYES to the contents of My Documents?"

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Sep 11, 2006 4:22 pm

Right, sorry, I missed that. In this case the answer is yes. Just one tiny note though: It's probably better to say ClosedFilePath=%Personal%
tzuk

TerryWood
Posts: 193
Joined: Mon Apr 17, 2006 4:50 pm

My Documents Protection

Post by TerryWood » Fri Oct 06, 2006 7:07 pm

I have tried out the ClosedFilePath=%Personal% method of protecting My Documents as suggested by tzuk (for which I thank him). In Opera, IE6 and Firefox, My Documents is inaccessible IF ATTEMPTS TO OPEN MY DOCUMENTS ARE MADE THROUGH THE BROWSER INTERFACE ie File Open.

HOWEVER, IT IS POSSIBLE TO OPEN MY DOCUMENTS and all files through Windows Explorer, even when the browser is open and sandboxed with the ClosedFilePath command operational.

I now have number of questions:

1) Is it intended that one can open My Documents via Windows Explorer (When the ClosedFilePath command is operational)?

2) Given 1) above, does being able to open My Documents via Windows Explorer expose a security risk ie "Prying Eyes" when the browser is open and Sandboxed with the ClosedFilePath command operational. Or does the OpenFilePath command block any attempt look into My Documents when on line, Even if My Documents is opened via Windows Explorer?

3) Assuming the answers to the above represent a secure My Documents is it possible that you can incorporate a simple switch for this feature in a future version?


Thanks


Terry

SBIE User

Post by SBIE User » Fri Oct 06, 2006 8:17 pm

Terry,

As I understand it, the ClosedFilePath= setting only blocks programs that are running in the sandbox from accessing the specified documents directory. So, using that setting in Sandboxie's config file should (nothing is every certain) protect that documents directory from unauthorized prying eyes that might access your computer via the browsers or email programs you are running in sandboxed mode, but that will not protect you from other means of getting access to your documents directory.

There is a new free Microsoft program that will allow you to password protect any directory under Windows XP. That would protect your documents directory unless a keylogger or some other device were used to get your password. (I didn't download it or save the link, because I don't normally associate Microsoft with security or privacy!)

I can't remember where I saw that program, but if you're interested I'll see if I can find the link again.

SBIE (Happy) User

SBIE User

Post by SBIE User » Fri Oct 06, 2006 8:21 pm

Terry,

Oops! I found the link, and it is not a Microsoft product after all.

You can view the free directory locking program at http://www.fspro.net/folder-lock-box/ .

I'm not sure this would be any less trouble than TrueCrypt, and that is heavily tested and well-respected security program. I'd probably stick with TrueCrypt myself.

Anyway, let us know what you do and if you find a solution to this.

SBIE (Happy) User

SBIE User

Post by SBIE User » Fri Oct 06, 2006 8:29 pm

Terry,

Oops! I was wrong again! There [b}IS[/b] a new free Microsoft Program ("Microsoft Private Folder") that password-protects folders.

You can see the reviews and links at http://fileforum.betanews.com/detail/Mi ... 52200243/1 .

Some of the reviews are not very encouraging.

SBIE (Happy) User'

TerryWood
Posts: 193
Joined: Mon Apr 17, 2006 4:50 pm

Protecting My Documents

Post by TerryWood » Fri Oct 06, 2006 10:31 pm

SBIE User

I knew you would respond thanks.

I was surprised at your reply because tzuk gave the impression that the CloseFilePath command would protect you from unauthorised prying eyes.

Nonetheless, I have installed the Folder Lock and its quite straightforward. Its simpler than Truecrypt to operate although I am sure not as belt and braces.

I had some problems with TrueCrypt, corruption ocurred along the line and some applications wanted to use the virtual drive letter TrueCrypt was set up for. Thats the reason I removed it. t Folder Lock ogether with ClosedFilePath command should keep prying eyes away.

Anyway many many thanks for you help.

Terry

TerryWood
Posts: 193
Joined: Mon Apr 17, 2006 4:50 pm

My Documents Protection

Post by TerryWood » Fri Oct 06, 2006 10:44 pm

To SBIE Happy User

ps I forgot to say you can't lock My Documents with Folder Lock it would not accept it. It has to be a sub folder it appears.

I come back to what I said earlier. What about a Sandboxie built in protected folder security feature for a future wish list. The Idea surely is not incompatible with the concept of Sandboxie. If I recall GesWall has a protected folder.?

Regards

Terry

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Oct 07, 2006 6:44 am

What about a Sandboxie built in protected folder security feature for a future wish list. The Idea surely is not incompatible with the concept of Sandboxie.
If you're asking to lock a folder so that sandboxed programs can't get to it: I think ClosedFilePath should do the trick.

If you're asking to lock a folder from any program, sandboxed or not: That IS incompatible with Sandboxie. One of the principles of Sandboxie is that it shouldn't interfere with non-sandboxed programs.

But if you make it a point to run all untrusted programs in a sandboxed, then ClosedFilePath should be enough protection, no?
tzuk

SBIE User

Post by SBIE User » Sat Oct 07, 2006 7:20 am

tzuk wrote:
One of the principles of Sandboxie is that it shouldn't interfere with non-sandboxed programs.

But if you make it a point to run all untrusted programs in a sandboxed, then ClosedFilePath should be enough protection, no?
Tzuk and Terry,

I think the basic concept of controlling selected (perhaps highly dangerous or vulnerable) programs by choice by limiting their access to the system via SandboxIE but allowing non-sandboxed programs to operate normally. For general threats, solutions such as password-protected folders or TrueCrypt-type encrypted volumes or individually encrypted files make sense to me.

In fact, I don't think Sandboxie is capable of sandboxing Windows Explorer, because it is an integral part of the operating system -- so it would not be possible to truly lock down all disk access with Sandboxie.

Also, I would note that locking folders with passwords or encrypting volumes only protect those folders while they are locked or encrypted. For example, after you open a TrueCrypt volume its contents are just as available as those of any other regular directory. Those contents can be protected somewhat by limiting access from programs running in a sandbox, but not from non-sandboxed programs.

My general position is that I don't think SandboxIE can or should be an all-encompassing solution. If Tzuk tries to make it do everything, it will become bloated and probably buggy. I'd rather use an ala carte approach to privacy and security, in which SandboxIE fills the needs it currently serves -- that is to limit and cordon off access to a system from programs running in a sandbox. For other privacy and security needs, I use other solutions (e.g., firewall, anti-virus, anti-spyware (with keylogger protection), script blocking, etc. For ultimate security I ghost my machines every night, so I can always get back to the previous day's system if some security problem does occur. Of course, that does not protect my privacy, but I keep all sensitive data encrypted before ghosting my system.

SBIE (Happy) User

nezic
Posts: 2
Joined: Sun Nov 24, 2013 6:19 am

Create New Sandboxie Crypted

Post by nezic » Sun Nov 24, 2013 6:52 am

I was going to suggest this as a future request, but I do not have the rights.
e.g. Each file will be stored encrypted and unusable if is not opened by Sandboxie.
If the file live the box (crash box) will be unrecognizable to Operating Systems, because it will be encrypted.
If the file begins to spread through LAN connection, copy it self to other devices, it will be unrecognizable to receiver due encryption.
Even someone spoofing your traffic, he will got encrypted contents.
cons: slow traffic, more resources...
:lol:

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests