Comment by iamevn - Hacker Neue

iamevn May 17, 2022 parent

I rarely feel the need for sandboxie but the times I do, I feel that I'd be better served by a full VM. Got burned once because I misjudged risk level and the thing I ran within sandboxie managed to grab my browser's saved passwords.

lawl May 17, 2022

Sandboxie (by default), does not restrict access to existing files in your user directory (or anywhere else).

It stops malware etc. From persisting because it catches writes. Basically it kind of mounts an overlayfs over your drive.

You can configure this differently, and iirc the paid donation version has an option to make your user directory private.

I agree that this probably isn't the best default, but that likeöy was a case of not rtfm'ing, andlnot misjudging the risk level. I was confused by this at first too.

gigel82 May 17, 2022

I like the Sandbox app / feature built into Win10/11 (very fast to boot). I wish it'd allow saving snapshots and being automated. I want to set one up with a full dev environment for example.

Full HyperV VMs are significantly slower to boot and run.

kritr May 17, 2022

If you haven’t already messed around with WSB files, I would encourage them for more complicated use cases.

https://docs.microsoft.com/en-us/windows/security/threat-pro...

The WinGet github repository has some scripts to setup and install programs inside.

tsujamin May 17, 2022

Can second Windows Sandbox - 3s startup time, can copy things into it and it does like 85% of what I need completely isolated.

I mainly use it to test silent install flags when I'm deploying apps or running untrusted things :)

naikrovek May 17, 2022

snapshots would be nice. it is actually a container of sorts underneath, with RDP support, so they could do it if they desired. (they don't, it seems, unfortunately.)

Windows containers gaining RDP is probably the bigger wishlist item, for me. Windows containers with a GUI would make some things extremely trivial and other things much easier.

withinrafael May 17, 2022

I documented how to set up RDS in containers back in 2018 [1] then Microsoft swooped in and killed it. They are weirdly sensitive when it comes to terminal services. Could perhaps be licensing/financially motivated. I get emails almost weekly to this day asking for updates. Wish I had one.

[1]: https://withinrafael.com/2018/03/09/using-remote-desktop-ser...

Randor May 17, 2022

Hey Rafael,

How have you been? Are you still in the Bellevue/Redmond area?

currysausage May 17, 2022

Windows Sandbox is really great, I just wish it could coexist with VirtualBox.

WorldMaker May 17, 2022

VirtualBox keeps teasing proper Hyper-V support "any release now", but given how many releases have teased that and also Oracle's lack of incentive to actually make it happen (because they want you to buy their servers) who knows if/when it will ever happen. Ball is definitely in Oracle's court, though.

Randor May 17, 2022

Yeah, the earlier versions of SandBoxie used SSDT hooks and offered much better protection. You can completely bypass some SandBoxie protections today with a direct interrupt 0x2e or SYSENTER call. SandBoxie offers very little protection.

userbinator May 17, 2022

If you're doing any malware analysis, I think a VM is the minimum bar for isolation; and separate physical hardware is even better.

pabs3 May 17, 2022

You probably want a VM on separate physical hardware on a separate network connection, to avoid it burrowing into the hardware and avoid it burrowing into your network.

mise_en_place May 17, 2022

Yeah I will usually just spin up something on a public cloud, if I am running an executable of questionable safety.

A lot of people were using sandboxie for less than noble purposes, like multi boxing in matchmaking games in low population regions, so they’d end up matching all their clients w/ each other.

anaisbetts May 17, 2022

I'd have to agree. Windows Sandbox is built into the OS and is a much better option - it takes your existing Windows install and within literal seconds, creates and starts a clean VM whose contents will be burned on close. It's an insane technical achievement and it doesn't get enough kudos imho

polygloty May 17, 2022

That's the reason why I hate it. I want my sandbox to persist. Use case: Filling once in a year tax forms with turbo tax that i can't seem to file in a single sitting

MuffinFlavored May 17, 2022

I just tried it for the first time and the app I didn't trust could tell it was being sandboxed/spoofed/debugged/etc.

brokenmachine May 19, 2022

Sounds like something an untrustworthy app would do.

senectus1 May 17, 2022

ouch. unexpected lesson to be learned here...

Don't use browser password saving. I presume a third party app like bitwarden would have been better. though if the browser auto syncs and installs the extension your risk is a little higher.

iamevn OP May 17, 2022

I was already almost entirely migrated to keepassxc but had kept using the browser feature out of habit. Quickly disabled that and had a really fun few days changing absolutely everything's password.

brokenmachine May 19, 2022

How did you know that your passwords were stolen?

iamevn OP May 19, 2022

found a CSV file containing my passwords in the sandboxed appdata

schmorptron May 17, 2022

Oh? I always assumed the Firefox feature would be fine with a master password and 2fa set up , but is a third party manager really a substantial upgrade security wise?

This item has no comments currently.

Preferences

Keyboard Shortcuts

Story Lists

Navigation

Miscellaneous