What on earth is happening with Sandboxie? Why can't we have reasonable answers?

First, the website died. Then the forum was taken down "out of an abundance of caution" due to an ill-defined security vulnerability.

Then the registration servers went haywire. And NOW it feels like 5.30 is being pushed AGGRESSIVELY to end users, despite the indications that something smells WRONG about this whole situation.

Was there a serious breach we aren't hearing about? You owe it to your customers to let them know if you've bungled their data.

Is there a server-side breach that's causing problems with old version of the software? Is there a vulnerability we're not being told about?

Why is the new version being pushed so hard? Particularly when it doesn't seem to fix anything a majority of users need, and updating is a path to losing your license? 

Why is everything so vague and diffuse? Why can't we just get answers?

I don't feel like I trust Sandboxie enough to update right now. I never trust a program that's YELLING AT ME TO UPDATE RIGHT NOW without an explanation. I should hope this would be taken to heart.

Parents
  • Hi there,

    I am going to go ahead and go question by question, to ensure I didn't miss anything:

    First, the website died. Then the forum was taken down "out of an abundance of caution" due to an ill-defined security vulnerability. 
    ---> The site died due to a bug, thus it went down. It has now been moved to a different location, and it is functional. During that move process an older snapshot was used, and some of the updates made during these past days (including build 5.30) were not listed for some hours (this has also been fixed).
    The forums presented no issues, but during the review of the website,  our security team noticed possible vulnerabilities with the software being used for the forums (phpBB) and it was decided they would take it down to prevent anything from happening.
    Our security and IT teams are further reviewing our options (patching wise) in order to restore functionality. However, there is no new information or ETA that we can provide. 

    Then the registration servers went haywire. And NOW it feels like 5.30 is being pushed AGGRESSIVELY to end users, despite the indications that something smells WRONG about this whole situation.
    ---> The registration/licensing issues were part of the bug that affected sandboxie.com (the registration works via the same site). We need all of our customers to get out of previous builds and move on to 5.30 ASAP to prevent more problems caused by the bug. We will not be supporting previous versions moving forward. 

    Was there a serious breach we aren't hearing about? You owe it to your customers to let them know if you've bungled their data. 
    --> No, there was no breach, thus there is no information about it. This is not what happened. 

    Is there a server-side breach that's causing problems with old version of the software? Is there a vulnerability we're not being told about? 
    ---> No.

    Why is the new version being pushed so hard? Particularly when it doesn't seem to fix anything a majority of users need, and updating is a path to losing your license? 
    ---> Covered in my previous responses. 

    Why is everything so vague and diffuse? Why can't we just get answers?
    --> Because we don't have anything new to share at this time. All current info is being shared in the Status update post 

    I don't feel like I trust Sandboxie enough to update right now. I never trust a program that's YELLING AT ME TO UPDATE RIGHT NOW without an explanation. I should hope this would be taken to heart.
    ---> I am sorry that you feel that way,  I hope you can, in time, trust us again.  There is nothing else happening, nothing strange, we got affected by a bug related to previous versions of Sandboxie + sandboxie.com site. Things went down, we are working on taking them back up. We need our customers to please move to 5.30 to prevent further issues. 

    Thank you!

     

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Reply
  • Hi there,

    I am going to go ahead and go question by question, to ensure I didn't miss anything:

    First, the website died. Then the forum was taken down "out of an abundance of caution" due to an ill-defined security vulnerability. 
    ---> The site died due to a bug, thus it went down. It has now been moved to a different location, and it is functional. During that move process an older snapshot was used, and some of the updates made during these past days (including build 5.30) were not listed for some hours (this has also been fixed).
    The forums presented no issues, but during the review of the website,  our security team noticed possible vulnerabilities with the software being used for the forums (phpBB) and it was decided they would take it down to prevent anything from happening.
    Our security and IT teams are further reviewing our options (patching wise) in order to restore functionality. However, there is no new information or ETA that we can provide. 

    Then the registration servers went haywire. And NOW it feels like 5.30 is being pushed AGGRESSIVELY to end users, despite the indications that something smells WRONG about this whole situation.
    ---> The registration/licensing issues were part of the bug that affected sandboxie.com (the registration works via the same site). We need all of our customers to get out of previous builds and move on to 5.30 ASAP to prevent more problems caused by the bug. We will not be supporting previous versions moving forward. 

    Was there a serious breach we aren't hearing about? You owe it to your customers to let them know if you've bungled their data. 
    --> No, there was no breach, thus there is no information about it. This is not what happened. 

    Is there a server-side breach that's causing problems with old version of the software? Is there a vulnerability we're not being told about? 
    ---> No.

    Why is the new version being pushed so hard? Particularly when it doesn't seem to fix anything a majority of users need, and updating is a path to losing your license? 
    ---> Covered in my previous responses. 

    Why is everything so vague and diffuse? Why can't we just get answers?
    --> Because we don't have anything new to share at this time. All current info is being shared in the Status update post 

    I don't feel like I trust Sandboxie enough to update right now. I never trust a program that's YELLING AT ME TO UPDATE RIGHT NOW without an explanation. I should hope this would be taken to heart.
    ---> I am sorry that you feel that way,  I hope you can, in time, trust us again.  There is nothing else happening, nothing strange, we got affected by a bug related to previous versions of Sandboxie + sandboxie.com site. Things went down, we are working on taking them back up. We need our customers to please move to 5.30 to prevent further issues. 

    Thank you!

     

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Children