Possible Security flaw [SOLVED] [unfounded]

If it doesn't fit elsewhere, it goes here
Locked
zerjetfuel
Posts: 11
Joined: Sun Apr 10, 2016 5:22 pm

Possible Security flaw [SOLVED] [unfounded]

Post by zerjetfuel » Tue Aug 09, 2016 2:30 am

I'd like to point out a small Security flaw that isn't very safe, if you attempt to install https://www.gog.com/galaxy in Sandboxie it'll install and when you try to run it, it'll run outside of sandboxie despite never being installed there, if a video game client can do something like that I fear what malicious programs would be able to do.

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Possible Security flaw

Post by Craig@Invincea » Tue Aug 09, 2016 11:30 am

Yes, we know. And now, this isn't a flaw. GOG needs to install a Service. So It needs to talk to that service and it loads up. So, it needs to terminate the SB session and restart outside of the SB.

One work around is to have GOG Forced (paid version of SBIE) and then it will load up all processes in the SB even when it force closes itself to run.

And we don't recommend you install GOG inside a sandbox, you install it on your host, then run it "as sandboxed."
SBIE was never designed to install or host GOG directly into the SB. Programs, legitimate programs like this, should be installed on your host first. Just like Steam and Steam games.

zerjetfuel
Posts: 11
Joined: Sun Apr 10, 2016 5:22 pm

Re: Possible Security flaw [SOLVED] [unfounded]

Post by zerjetfuel » Tue Aug 09, 2016 1:17 pm

I do have paid version of SBIE. Also how would I force all GOG processes to run in SBIE when it is supposed to already be forced since it writes inside the sandbox folder where as far as I've seen all things are forced to their specific sandbox.
Also while SBIE is good to test software it is also VERY good to keep clutter/trash "findable" and easy to get rid of but when installed to host you don't have it all in one place and you gotta go looking for folders to delete and such

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Possible Security flaw [SOLVED] [unfounded]

Post by Craig@Invincea » Tue Aug 09, 2016 1:46 pm

GOG will install, but it will not run correctly. If you install it directly into the sb.

It wants to run an update every time it runs, so I has to talk with the service. The service is installed on your machine, either by you or GOG (if you had GOG galaxy, etc) installed previoulsy.

As for forcing, you can read how to force here. http://www.sandboxie.com/?ProgramStartSettings

zerjetfuel
Posts: 11
Joined: Sun Apr 10, 2016 5:22 pm

Re: Possible Security flaw [SOLVED] [unfounded]

Post by zerjetfuel » Tue Aug 09, 2016 2:13 pm

Craig@Invincea wrote:GOG will install, but it will not run correctly. If you install it directly into the sb.

It wants to run an update every time it runs, so I has to talk with the service. The service is installed on your machine, either by you or GOG (if you had GOG galaxy, etc) installed previoulsy.

As for forcing, you can read how to force here. http://www.sandboxie.com/?ProgramStartSettings
I know how to force, what I don't know is how to force GOG specifically, and yes I did have GOG galaxy on my host machine installed previously but I uninstalled it, apparently it didn't uninstall the service, this is what I mean with clutter/trash, and why I prefer things in SBIE since there I can just completely wipe it. Where do I find and uninstall this service?

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2910
Joined: Wed Apr 22, 2009 9:17 pm

Re: Possible Security flaw [SOLVED] [unfounded]

Post by bo.elam » Tue Aug 09, 2016 2:29 pm

zerjetfuel wrote:I know how to force, what I don't know is how to force GOG specifically....
An easy way to figure out which exe to force is to run GOG sandboxed manually (once). Close it.

Then go to Sandbox settings>Program start>Forced programs, Click Add program, and look at window "Programs that were recently started". It is likely you ll only see one exe there that is related to GOG. And thats the exe you force.

Bo

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Possible Security flaw [SOLVED] [unfounded]

Post by Craig@Invincea » Tue Aug 09, 2016 4:13 pm

Our Dev Tom noticed this many months ago. It's simply a poorly written way of doing this on the GOG side.

As for removal, you can go into services.msc and disable that service. I don't know what the name of it is however, but It may reflect GOG.

We don't recommend installing Games into the sandbox directly. As that's not what SBIE was intended for. And it's not possible if a program needs a service and/or a driver to be installed. That simply cannot be done.

I'd recommend a VM environment.

ssj100
Posts: 945
Joined: Thu Apr 23, 2009 1:21 am
Contact:

Re: Possible Security flaw [SOLVED] [unfounded]

Post by ssj100 » Wed Aug 10, 2016 1:32 am

zerjetfuel wrote:and yes I did have GOG galaxy on my host machine installed previously but I uninstalled it, apparently it didn't uninstall the service, this is what I mean with clutter/trash, and why I prefer things in SBIE since there I can just completely wipe it.
I can relate to this. I've always felt that minimising third party software written on the REAL system is important from a security point of view - the more software there is, the more chance of exploitation.

Since (reluctantly) moving to Windows 7 (from XP), I've only got a handful of third party software that's actually written on my REAL system. I don't have any third party browsers installed, as Chrome and Firefox seem to install and run perfectly for me within the sandbox. And since there's very good online syncing for both browsers, I don't have to worry about losing settings when re-installing (that is, deleting the sandbox and installing it sandboxed again) etc. A lot of other applications I use seem to install and run perfectly within the sandbox too.

I don't have any experience with this GOG software, but it serves as a reminder to minimise the amount/number of third party software written on one's system:
Craig@Invincea wrote:Yes, we know. And now, this isn't a flaw. GOG needs to install a Service. So It needs to talk to that service and it loads up. So, it needs to terminate the SB session and restart outside of the SB.
If I'm not mistaken (please clarify/correct if I am), it sounds like the GOG software actually "breaks" out of the sandbox by using a service that's running on the REAL system? So therefore, a malware could exploit this if the malicious coder knew about that service?
Sandboxie + SUA + DEP
Windows Firewall + NAT Router
Drive SnapShot (on-demand)

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area

Re: Possible Security flaw [SOLVED] [unfounded]

Post by Craig@Invincea » Wed Aug 10, 2016 8:29 am

If I'm not mistaken (please clarify/correct if I am), it sounds like the GOG software actually "breaks" out of the sandbox by using a service that's running on the REAL system? So therefore, a malware could exploit this if the malicious coder knew about that service?
NO.
User has the GOG SERVICE running on their computer. If the software makes a VALID CALL TO THAT SERVICE --which you have running, then it's permitted. There is nothing here. Please understand how a program and services work before making such a statement.
I can relate to this. I've always felt that minimizing third party software written on the REAL system is important from a security point of view - the more software there is, the more chance of exploitation
If you're paying for this software or, like GOG, is known to be legit, you should install it on your host. SBIE wasn't designed for this sort of thing. If you want to test it in the SB, fine. GOG you can't do that. As, it requires a SERVICE to be installed. So, you have to install directly.

SBIE is designed primarily for web surfing. hence the name, SandboxIE.

Locked

Who is online

Users browsing this forum: No registered users and 2 guests