Author Topic: Sandboxie, or SandboxIE  (Read 5702 times)

Offline Cobra951

  • Gold Member
  • *
  • Posts: 8,934
Sandboxie, or SandboxIE
« on: Friday, September 21, 2018, 11:33:53 AM »
Never too old to learn something new.  I did know about virtual machines, and how they insulate your real system from anything that happens inside of them.  But a sandbox is something else entirely.  It's sort of similar to a VM, in that it isolates what runs inside of it from your system, but it's not nearly as much of a pain to use and set up, and it only works on what you decide to put inside it.  In fact, this Sandboxie was cake to install and use.  Performance hit comes up front, as stuff gets mirrored from your system into the sandbox environment.  To run Firefox sandboxed for about a month without deleting the sandbox contents ate up just shy of 10 GB.

A bit of history:  Something happened to Windows Defender over the past few months.  Before, its real-time protection component was hardly intrusive, and seemed to know what it had already scanned and branded safe.  Now it has massive impacts on the simplest of tasks, like opening an explorer window on a folder full of program icons.  Near as I can figure, it's scanning every single folder the shortcuts point to.  Similarly, web browsing gets major holdups, and even booting the PC in the morning became slow.  I can't have that.  So I've been enabling and disabling the RT component depending on what I'm doing.  Not ideal by any stretch, and it motivated me to find alternatives.  I did not want yet another intrusive antivirus program, and perhaps even have to pay for it.  I happened on Sandboxie, and gave it a try.

Back to the present.  So, yeah, after a month or so, I don't know how I ever lived without this.  I had been running Firefox locked way down with both Adblock and Noscript.  The latter requires me to whitelist not only every single site I need enough to allow scripting, but also every single domain each such site in turn invokes to do its thing.  It's a massive pain, but in combination with a whitelisting firewall kept me critter-free through 2016 in Windows XP, and has been keeping me clean in Windows 10 since.  The sandbox obviates the need to be so anal about it all.  I've been enabling scripting on a lot more sites in the sandboxed browser, and I have the RT component of Windows Defender disabled most of the time.  It makes daily browsing much less of a chore.  I even visited some seedy sites and let them do their thing, which didn't take long to infect the sandbox.  Terminate all programs, delete contents, relauch sandboxed web browser, back to where I was.  Only caveat is that any new tabs I've opened, or any new bookmarks are gone too.  So it's something to keep in mind.  You can always launch the web browser outside the sandbox, and update your bookmarks or whatever. 

Another feature is that you can set some folders up to automatically recover downloaded files.  I always like to confirm before allowing copies of files from the SB environment into my real folders.  You can run many programs sandboxed too, not just the web browser.  That includes Windows Explorer, which lets you navigate your SB environment.  You can also copy a link from the SB browser into the clipboard, and then paste it into the address bar of the unboxed browser.  For example, the print spooler does not like SB, or perhaps vice-versa.  To print something, I need to go outside the sandbox.  It's probably also a good idea to do things like online banking outside the box, just in case something has infected the box without obvious symptoms.

There's a "free" version, which is what I'm using.  After 30 days, it puts up a 5-second nag window, then you click to continue.  Not ideal, but this is just too good to let that scare me off.  Registering I think involves a yearly fee, which I personally don't ever want to do, with any software.  (That's why I've left Office behind in favor of Libre Office.)  They're here.

For a trial reset remove the binary value under:

Windows Registry Editor Version 5.00


after that reboot. :)

After I started getting the nag box, I searched for a way to circumvent it, and found this.  I didn't post it until now because I had to verify it, but was afraid of tinkering with the Sandboxie install on my main PC.  So I installed it on my laptop, and waited over a month for it to start nagging me there.  (I didn't want to do anything different from the main PC, to be sure; so I didn't try any tricks with the system clock.)  Tried the registry hack, and it worked.

The reboot step is important.  Shutting down at the end of the day and powering on the next morning did not work, because I have fast boot enabled.  A restart is the only true reboot.

I also investigated buying the software, but as I initially thought, that is not possible since they were acquired somewhere along the way (Sophos or Invincea).  Now registered users must pay a yearly fee, which I won't accept from any software that isn't truly a service (e.g., a VPN).
« Last Edit: Saturday, November 03, 2018, 08:08:58 AM by Cobra951 »

Offline Cobra951

  • Gold Member
  • *
  • Posts: 8,934
Re: Sandboxie, or SandboxIE
« Reply #1 on: Friday, April 19, 2019, 08:20:51 AM »
First I was alarmed, then I laughed.  Basically, Sandboxie DDoS'd its own servers yesterday, and I think that's still an ongoing problem. 

At about 11 PM Wednesday night, a dialog screen suddenly interrupted Grim Dawn.  Sandboxie asking to check for updates.  I clicked Never and OK, dialog went away, then popped back up.  And again.  And again.  Nothing I did would make it take my replies, or get out of the loop.  Eventually, I just minimized it, but that meant I couldn't use the Sbie control window, since the dialog spawned from it.

Yesterday morning, I started trying to solve this.  Google helped a bit, but terms like "Sandboxie update infinite loop" would only bring up unrelated issues.  Finally found a thread from 2009 which identified the ini file, the update-time parameter, and its format (Unix time).  It was set to "1555555555", and as it turns out, that's the code they used to signify "never check".  It also works out to "Thu, 18 Apr 2019 02:45:55 GMT" in Unix time.  Haha!  I guess once upon a time in the program's development, this date was far into the future.  Their very own time bomb.

I edited sandboxie.ini (in C:\Windows, for me) and changed the SbieCtrl_NextUpdateCheck parameter to 1861924500.  That's "Mon, 01 Jan 2029 01:15:00 GMT" in Unix time.  I also changed the SbieCtrl_UpdateCheckNotify parm from 'y' to 'n'.  So in about 10 years, Sandboxie will check for an update without notifying me.  I'm fairly sure that by then, I'll have a different computer, or I'll be dead.  In the meantime, no more infinite loops in the update dialogs.  All is well here.  Heads up to anyone interested.

Offline idolminds

  • ZOMG!
  • Administrator
  • Forum god
  • *
  • Posts: 11,933
Re: Sandboxie, or SandboxIE
« Reply #2 on: Friday, April 19, 2019, 10:57:43 AM »
Haha, thats pretty great.

Offline Cobra951

  • Gold Member
  • *
  • Posts: 8,934
Re: Sandboxie, or SandboxIE
« Reply #3 on: Saturday, April 20, 2019, 07:18:27 AM »
I think they've really screwed themselves.  The site is completely down for me now.  Yesterday, I could get into the message boards, but not (front page).

Imagine trying to solve this.

Manager: "Why don't you advance the timestamp until you figure out a more permanent solution?"

Programmer:  "Already did that locally, sir; but we can't distribute it."

M:  "Why not?"

P:  "The application is stuck in a forever update loop because Now = Never, and our site is getting hammered by it."

M:  "So remove that . . . ohhh . . ."

Looks like Microsoft is about to join this game anyway.  I'm sure they'll do it better, for Pro and Enterprise users.