Installation of system drivers (non-Sandboxie drivers)

If it's not about a problem in the program
Post Reply
gwa000
Posts: 9
Joined: Wed Apr 24, 2013 11:14 am

Installation of system drivers (non-Sandboxie drivers)

Post by gwa000 » Wed Apr 24, 2013 11:25 am

question concerning installation of programs that install drivers in the System32 area.

i wanted to install/test a program (without polluting my system) and during install it wanted to write some files into the System32 area and SB popped up a message (sorry, don't recall the number as it was a few weeks ago). i ended up cancelling the installation as i was not sure where the drivers would be installed, in a sandboxed area of System32 or the host System32 area.

anybody know if the drivers are put in the host area or a sandboxed area?

i'm hoping that it is a sandboxed area even though it could defeat the isolation of sandboxing by corrupting things if the driver was faulty. this would allow easy cleanup is i do not want to keep the program.

thanks!

Guest10
Posts: 5135
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Wed Apr 24, 2013 3:49 pm

Sandboxed programs are not permitted to install drivers, even in the sandbox area.
For a sandboxed program to use drivers they must already be present on your system, installed outside of the sandbox.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Firefox, Thunderbird
Sandboxie user since March 2007

qwet
Posts: 61
Joined: Sat Mar 23, 2013 9:26 am

Post by qwet » Mon Aug 12, 2013 3:13 pm

This is just an idea as a novice - some other less developed sandboxes (Like Comodo's - Comodo is a good Firewall but Virtual Kiosk part can not be compared to Sandboxie - or other sandboxes) allow drivers to be installed virtually (sandboxed) then be cleaned. This seems important because lots of software installs drivers.çI am not sure why Sandboxie can not allow this.

In addition to this - may be it will be a useless cosmetics - but why is not there a interface like the aforementioned Comodo "virtual kiosk" like a desktop, start menu icons etc?

ps. Sandboxie is the most advanced sandbox software as it seems, and interface might be some useless. But installing drivers is a must as I said, there are lots of software doing this.

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Mon Aug 12, 2013 6:10 pm

Sounds like what you want is some kind of virtual machine. Sandboxie's purpose is to protect the system, and part of that is blocking installation of system components.

Personally I hope Tzuk doesn't implement anything like this.

qwet
Posts: 61
Joined: Sat Mar 23, 2013 9:26 am

Post by qwet » Tue Aug 13, 2013 5:04 am

Yes I see that - But can not Sandboxie install system components sandboxed (I mean the drivers).

There are similar types of less developed but well known sandbox applications that can do it (like the "virual kiosk") - so Sandboxie can easily do this.

Otherwise the driver installer software will use this to their advantage because people can not use them sandboxed and they will put some drivers to their installation that will make the software work so nobody can make them sandboxed.

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Tue Aug 13, 2013 6:51 am

qwet wrote:Yes I see that - But can not Sandboxie install system components sandboxed (I mean the drivers).

There are similar types of less developed but well known sandbox applications that can do it (like the "virual kiosk") - so Sandboxie can easily do this.

Otherwise the driver installer software will use this to their advantage because people can not use them sandboxed and they will put some drivers to their installation that will make the software work so nobody can make them sandboxed.
No it can not. I don't see any problem or how driver software can use this to their advantage. You can install software that needs drivers and services, and then run them sandboxed. You are still protected. As I said if you really want to install something using drivers and have the install isolated, you need to look at VM machines. That other "sandbox" software can do it doesn't matter to me. Nothing is comparable to sandboxie for protection. No it isn't the best for full virtualization, as it wasn't intended to be.

Pete

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Aug 13, 2013 7:03 am

Sandboxie is designed to virtualize/supervise Windows applications. In the bridge between the application and the Windows kernel, where the application goes to ask Windows to do stuff, that is where Sandboxie sits and supervises. Drivers don't work this way and don't fit in this model.
tzuk

qwet
Posts: 61
Joined: Sat Mar 23, 2013 9:26 am

Post by qwet » Tue Aug 13, 2013 7:37 am

As Tzuk replied, it is not really possible. Before his response I searched other messages on drivers and someone posted:


~quote


In order to control software Sandboxie situates itself at the deepest level in the OS, known as Ring 0. Drivers are also low level system components. They have equal footing/ power on the system as Sandboxie does, and hence the inability of Sandboxie to really control drivers. That is why they are not allowed to install in the first place.

The advantage of this is that root/bootkits are a problem of the past. They cannot even burrow deep in the system due to this blanket protection policy.


~unquote

People might not prefer to repeat this over and over. But even as a novice I understand - It is better remain this way. Drivers not possible and not secure.

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Tue Aug 13, 2013 7:52 am

The upside to all this is you can be pretty darn sure when you run something Sandboxed, you are safe. I have found this well worth the small price of occasional in convenience.

Pete

i@mJONNY
Posts: 38
Joined: Mon Apr 14, 2014 5:17 am

Re: Installation of system drivers (non-Sandboxie drivers)

Post by i@mJONNY » Mon May 05, 2014 6:02 pm

What about if you're using Sandboxes (to virtualise application installations) and the application wants to install a driver for, say, a virtual device?

For this there's the Sandboxie BlockDriver config option (obviously not recommended). The help files details that
Before a driver can be loaded, it must first be installed. Driver installation is not affected by the BlockDrivers setting. To allow driver installation, you should add the following OpenKeyPath setting:

OpenKeyPath=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
And you should additionally open the driver file, using OpenFilePath. This is needed because the driver path that will be set in the registry (in a key created below CurrentControlSet\Services) will typically not point inside the sandbox.

OpenFilePath=c:\program files\MyNewSoftware\SoftwareDriver.sys
Does this mean I create a DWORD/String, OpenFilePath, @ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services ?

Adobe audition wants to install pxhlpa64.sys (corel Corporation "Px Engine driver").

Ideally, I'd like to load this driver when needed, then unload.

How do I manually install a driver? Either sandboxed (if possible!) or not...

Many thanks

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests