This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Major Sandboxie News: Sandboxie is now a free tool with plans to transition it to an open source tool

Sophos is excited to announce that we are making Sandboxie a free tool, with plans to transition it to an open source tool.

This new evolution of Sandboxie is one we are enthusiastic about, but that does not mean this was an easy decision to make.  Sandboxie has never been a significant component of Sophos’ business, and we have been exploring options for its future for a while. 

Frankly, the easiest and least costly decision for Sophos would have been to simply end of life Sandboxie. However, we love the technology too much to see it fade away.  More importantly, we love the Sandboxie community too much to do that. The Sandboxie user base represents some of the most passionate, forward thinking, and knowledgeable members of the security community and we didn’t want to let you down.

After thoughtful consideration we decided that the best way to keep Sandboxie going was to give it back to its users – transitioning it to an open source tool.  We will release more information about the open source project as we continue to work on the details.

Until the open source transition is completed we have decided to make Sandboxie completely free.  We have included a FAQ below with more information. We will continue to update this post as additional details become available. 

 

Sandboxie FAQ

 

How do I get a free license?  What features are included?

Sandboxie currently uses a license key to activate and grant access to premium features only available to paid customers (as opposed to those using a free version).  We have modified the code and have released an updated free version that does not restrict any features.  In other words, the new free license will have access to all the features previously only available to paid customers.

 

What if I have time left on my current Sandboxie license?

Regardless of how much time might be left on your existing Sandboxie license, in order to receive the latest updates customers with currently valid license keys will also need to install the latest unrestricted free version .  This will ensure you have access to all Sandboxie features and are using the most up-to-date version of the product.

 

What if I currently do not have a Sandboxie license?

Simply download the unrestricted, free version. No current or previous license is required.

 

When will Sandboxie be released as open source?

We are investigating making Sandboxie open source, however we are still working through the details and timeline. We will update this FAQ when we know more.

 

What license agreement will apply to my existing, paid licenses?  Will the same agreement apply to the unrestricted, free version that will be made available?

The license agreement under which you originally obtained the paid licenses to Sandboxie will continue to apply to those paid licenses until the expiration of the applicable license term.   A new license agreement will apply to licenses of the new unrestricted, free version of Sandboxie made available for download. 

An update EULA can be found here: https://www.sandboxie.com/EndUserLicenseAgreement

 

Will customer support still be available?

As part of our transition to a free and potentially open source product, Sandboxie support will become community based.  The community will include developers directly involved with Sandboxie.




[locked by: Akhilesh@Sophos at 9:23 PM (GMT -7) on 24 Mar 2020]
Parents
  • Thank you for making Sandboxie open source, or at least for announcing you will. I guess if you won't maintain it anymore this is the best solution.

    About the new update, is it just to remove the paid limitations or is there any other fix?

  • Vivaldo Sagese said:

    About the new update, is it just to remove the paid limitations or is there any other fix?

     

     
  • Actually I am professional C++ developer and I am looking forward to it being open source. Will for sure take a look at it and I think many others will take too. I think you underestimate the skills available in the OpenSource community. Of cause it can go both ways but who knows maybe somebody drives a nice open source team and you will see interesting new sandboxie versions and also sepecialized sandboxie forks. 

  • I remember the very good cryptographic program TrueCrypt, which were dropped from its developers. In the first moment all people thought, that this will be the end of this software. But then the community created good forks of it, because the source code was available before the stop of development. And now i am using VeraCrypt, which is a fork of TrueCrypt, and it is getting regularly updates. And TrueCrypt / VeraCrypt also was a very complicated program, because the developers have to understand the cryptographic things, so not everyone was able to continue its development. But nevertheless the development continues. So i also think (and hope), that the wonderful Sandboxie will find some good developers, which are enthusiastic enough to update and develop it.

  • Ha!  So it did turn out to be an attempt to release to opensource.  This was my guess and my hope after reading all of the discussions.

    I am CAUTIOUSLY optimistic.

    Why cautiously?

    In a previous post some weeks ago I recited the story of an experience I had in the 90s with another (completely different category) program developed by another developer coincidentally about the same size as Sophos.  It was a "cult" program with an extremely loyal user group some of whom, such as myself, are still actively participating in user groups and related projects with it to this day -- 22 years after all development ceased.

    Like Sandboxie it is a kind of geeky program, and like Sandboxie it was at the very top of its game just before the developer decided to take it off the market.  Like Sandboxie that developer acquired the program from the original developer, treated it as a second string offering and felt it did not fit in with its business plan.  And like Sandboxie, Microsoft just coincidentally came out with its own similar program at the same time this other developer decided to stop marketing theirs.  The similarities between Sandboxie and my unnamed program in terms of circumstances is so striking that it made me suspect that Sandboxie might be going through the same thing as I experienced with that program in the 90s.  And that's why I made that prediction.

    The developer of program "X" announced they would be releasing the program to opensource right at the time of the intersection between the same exact circumstances.

    Now for the reason that I am only cautiously optimistic....

    After waiting for months...maybe even a year or more, they never released it.  The very day they promised to be ready to release it, they suddenly went dark and never said another word about it.  It was never released and never made opensource.  It was just buried.

    There were many rumors about what happened, but it wasn't until years later that the definitive reason was confirmed.  But sorry folks I'm going to have to leave you hanging.  I don't want to jinx this effort and I've got my fingers crossed that Sophos will do a better job with this project than that other developer did with theirs.  I want this to succeed.

    I am encouraged by the decision Sophos seems to have made.  But I'm still a bit rattled by the experience that happened in the 90s to this day and I hope it is not being ungrateful that I hold my thank yous until it is released.  I'll be glad to coat those thank yous in chocolate and put sprinkles on them when it actually comes to pass.

  • I will say now however, that I thank Sophos and the Sandboxie team for their efforts and for generously releasing the cost free Sandboxie version (which has already been done).  And for the considerable effort I know you have to go through to release it to opensource.

    I would recommend that now that you have made the decision to devote the resources necessary to release Sandboxie to opensource that you make every effort to follow through.  On the one hand it would create much goodwill for Sophos if it is released, and on the other probably create much displeasure if it is not.

    Think of the costs as a brand marketing expense to create goodwill for the Sophos brand.

    I wish you all good luck and thank you for your consideration and effort.

  • "But sorry folks I'm going to have to leave you hanging.  I don't want to jinx this effort and I've got my fingers crossed that Sophos will do a better job with this project than that other developer did with theirs.  I want this to succeed."

     

    Ha!  Forever the tease you are, Ryan!

    I say that good-naturedly.  The myriad concerns, thoughts and issues that you've expressed on this forum concerning Sandboxie/Sophos mirror mine.  I appreciate your posts.  [Y]

  • Andreas Fischer1 said:

    Actually I am professional C++ developer and I am looking forward to it being open source. Will for sure take a look at it and I think many others will take too. I think you underestimate the skills available in the OpenSource community. Of cause it can go both ways but who knows maybe somebody drives a nice open source team and you will see interesting new sandboxie versions and also sepecialized sandboxie forks. 

    <3 It's people like you we're working on open sourcing Sandboxie for, Andreas! We have high hopes that the open source community will relish the opportunity to dive into a codebase for such powerful technology and to be able to guide it forward in the right direction.

    Open sourcing Sandboxie is a lot of work for us and will cost us a lot of time and money. But we feel it's the right thing to do. I've personally been using Sandboxie since 2004 and there is a lot of love for it internally, throughout Sophos.

    Personally, sandboxing feels like a technology that should be open source for Windows just as it is on Linux and Unix - it's a technology that has a lot of uses in a variety of applications. I dream of Sandboxie's technology being forked and incorporated into other software so that more people can benefit from isolation. Perhaps Sandboxie will finally see the pervasive use it deserves but, for whatever reason, was never able to find.

  • These are the posts I like to see. Long live Sandboxie!

    SecBug said:
    Perhaps Sandboxie will finally see the pervasive use it deserves but, for whatever reason, was never able to find.

    I blame the GUI that has never changed since the beginning, I'm fine with it, but it could use a lot of QoL improvements like drag&drop support, I could probably list over 20 little things to improve the using of it while keeping everything else the same.

  • We all love Sandboxie, that's why we use it. The main problems with this process have arisen from the lies, disinformation, and a lack of transparency from Sophos (corporately) over an extended period. Is the server still broken, and why aren't the old forums available still?

    It is good to read that you also want it to continue, but is it correct to assume that your enthusiasm is as an individual rather than as a Sophos employee/spokesperson?

    As far as I can tell, Sandboxie is a unique programme; certainly I have never found a way to replace it successfully, and I have tried. So lets hope this open-sourcing is not all "hot air" by Sophos, and we can look forward to ongoing development. Sadly I won't be holding my breath.

    Does anyone know what happened to Tzuk once he sold Sandboxie?

  • I think the best thing to do now is to give Sophos the benefit of the doubt and support their effort to release to open source.

    Bashing them at this point is counterproductive.

    Sophos has no obligation to do this, let alone provide further support for Sandboxie and from a direct revenue point of view it's a cost for them not a profit.  The carrot for Sophos is the goodwill it creates and let's give them room to create it without taking that carrot away.

    Likely there were those at Sophos who argued to scuttle Sandboxie rather than release it.  Let's not provide fodder for their case.

    On its face, this is a respectful and generous decision by Sophos.  Unless and until such time as there is reason to doubt their intent, based specifically on events that happen after the announcement to release, I think we should keep an open mind and support their effort in any way we can.

  • I’ll insert my comment here, as it seems as good a place as any.  Is there any other product like Sandboxie out there?  What would Sophos have to charge to make SB a viable, profitable product?  It seems to provide protection not found anywhere else.

    Thoughts?

    WSC3

Reply
  • I’ll insert my comment here, as it seems as good a place as any.  Is there any other product like Sandboxie out there?  What would Sophos have to charge to make SB a viable, profitable product?  It seems to provide protection not found anywhere else.

    Thoughts?

    WSC3

Children
  • Scott Cox said:
     Is there any other product like Sandboxie out there? 

    Thoughts?

     
    other product like Sandboxie ? = No
     
  • Scott Cox said:

    What would Sophos have to charge to make SB a viable, profitable product?  It seems to provide protection not found anywhere else.

    Thoughts?

     

    Apparently more than what people would be willing or possibly capable of paying.

    While it indeed provides protection not found anywhere else its not a tool that can be easily used by ordinary users. Its a tool for experts.

    I think the user base is just not large enough for a < 50$ tool to be profitable and at the same time > 500$ probably most people would be reluctant to pay.

     

    I don't think that the sandboxie concept is mass compatible at least not without massive rework which is expensive.

    On the other hand with a massive rework that makes it n00b compatible it would become much more automatized and would superficially not differentiate itself that much from other offerings which are much simple and just do "sandboxing" by using a separate user account.

     

    For me and I think for many others the appeal of sandbox is its FileSystem and Registry virtualization. But there are simpler ways to achieve a similar level of security by using a VM or just a separated user account. The greatness of sandboxie lyes in the transparent virtualization that allows one to test out things with installed applications or test out new applications without the need to alter the actual system.

    So one can install an update to a program into a sandbox and check out if one likes it.

    Or one can use sandboxie to audit what changes a particular installer is doing to the system before letting it mes with the real system.

    And much more...

    All great things to do, but only experts do them.

     

    The average Jo just wants some protection and just that can be achieved much simpler. Using techniques which are not so prone to failure whenever MSFT changes something internally.

     

     

    I think making sandboxie opensource in this day and age is the right way to go to ensure it will continue to be maintained.

  • >Have you tried https://www.shadesandbox.com/

    >Have you tried https://www.shadowdefender.com/

    Are these still being developed?

    I use Shadow Defender (mainly when Sandboxie refuses to run an installer), but the author did not respond to an email. Nevertheless, it's good IMO but requires a reboot after each use to get back to a 'normal' environment. Contrast that with Sandboxie where it is easy to 'throw away' a sandbox and start over without needing to reboot.

    I tried but didn't like Shades.

    The is also the Microsoft Windows 10 Sandbox, but I find it a PITA and too limited by comparison. It may be more secure though.