Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Announcing Sandboxie 5.33.6 release and open source update

We are happy to say that we have made some progress towards making Sandboxie an open source tool. We are releasing an updated version that will help us prepare for the transition.  We are hoping that the Community will provide feedback.  Details, links, and an update on the project are included below.

We are proud to announce the latest Sandboxie version:

SandboxieInstall-533-6.exe: https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey={E2A08EF8-5D36-43B9-BCF6-CD0F1E9763E8}

SandboxieInstall32-533-6.exe (32-bit only): https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey={51889F7F-8E25-4A05-B3D2-A8B05B989400}

SandboxieInstall64-533-6.exe (64-bit only): https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey={B15DECBE-8D8C-4374-A73C-7095D2473FB8}

 

What are we releasing?

  • This build does not come with new features. However, several bits of code were stripped away in order to prepare for releasing the source code to the community.
  • We are not making this an “official” build. The main Sandboxie.com will not be updated until we are confident that this build works for all.

Why are we doing this?

  • We want to provide you a preview of what will be generated and gather your feedback.
  • While we have done our best to test general use cases, we wanted to get feedback on this version to ensure it performs as expected for the various use cases that our users have.

How to provide feedback

  • Please provide feedback in the thread below.

Details on the upcoming Source Code release:

We are busy preparing details on how to build your own Sandboxie builds. However, the task is not trivial and unlike many open source projects in the world, to do it right requires some specialized software and tools that are not commonly available.

Anticipated requirements and dependencies:

  • All of our builds are compiled with Visual Studio 2015. We have verified that it’s possible to compile with the Visual Studio 2015 Community Edition (which is free).
  • Compiled binaries executables need to be signed. Specifically, the Sandboxie driver (aka sbiedrv.sys) must be signed with a valid (read: commercially available) certificate by the developer and also by Microsoft in order to deploy it. While it is possible to use a driver that is self-signed, it cannot be deployed unless the OS is run in Test mode.
  • There will be additional dependencies that will need to be downloaded. Instructions will be provided with appropriate links. This is needed to compile the binaries and the installer.

Akhilesh@Sophos




[locked by: Akhilesh@Sophos at 4:25 PM (GMT -7) on 8 Apr 2020]
Parents
  • What several bits of code were stripped away?

    Only things related to licensing and software updating or something else?

  • I would presume that its other code related to functionality but one that due to legal reasons can't be open sourced.

    i.e. the original author is not reachable or is not agreeing and the original license was limited to begin with.

    Hence the test build to see if without or with a self written replacement code it still works as expected.

     

  • Akhilesh@Sophos said:
    It would really help if you can provide feedback

    What a coincidence! That's the same I've been thinking for months when I was seeing someone opening a thread and reporting a bug.

  • Well if you're going to be like that. we might as well give you the source code or something.

    Akhilesh@Sophos

  • That error message is because Chrome no longer allows hooking of certain functions. For me hitting "Hide" hides the error and there are no ill effects.

    Akhilesh@Sophos

  • Akhilesh@Sophos said:
    Well if you're going to be like that. we might as well give you the source code or something.

    In Spain we have a saying: recoges lo que siembras.

  • Akhilesh@Sophos said:

    That error message is because Chrome no longer allows hooking of certain functions. For me hitting "Hide" hides the error and there are no ill effects.

    Akhilesh@Sophos

     

    Thank you for that explanation.  That presents a big problem for me since running Chrome in a sandbox is the main reason I use Sandboxie and for me, there are some problems.

    When Chrome is sandboxed, I am unable to launch web pages from non-sandboxed applications or links in non-sandboxed applications.  Now I understand why.

    When Chrome is run outside the sandbox I can launch web pages normally.  But when I run it in Sandboxie it doesn't work (it used to work fine a number of versions of SB and Chrome ago,but I just got a new PC and installed the latest versions of each and it is broken.).

    This is a critical need for me.  So what you are saying is that there is no way for Sandboxie to get around this issue with Chrome since Sandboxie has no way of hooking the necessary functions?

    If that's the case it appears there is no solution.

    PS: I already switched from Firefox to Chrome over the last year or two because I couldn't find the right add-ins in Firefox to do what I needed to do after they changed to their Quantum build.  Now I finally have Chrome set up the way I like it.  But it's for naught if Sandboxie can't support it.  Not sure where I'll go next.

    ===========================

    EDIT:

    I am not sure this is the cause of the problem.  I found a workaround (that isn't very reliable but better than nothing).

    If I launch Chrome first (sandboxed) and then try to launch a link in a non-sandboxed application (let's say Windows Wordpad), Chrome is not made active and the link is not loaded.

    But it seems that if I start with Chrome closed, and then click the link in the non-sandboxed application it works.  Chrome is launched and the page is loaded.  Furthermore, if I then try to launch links from other non-sandboxed applications, while Chrome remains open from the first launch, they work too.  I have tried this several times and it seems to work, although I think I may have had the problem reoccur once when I tried it.  So it may not be perfect. 

    So clearly Sandboxie CAN do this.  The problem may be unrelated to those messages.

    Are there some SB settings that might affect this?

  • This sounds like the way the application is requesting the Web page server to be opened. Meaning it's the way the Chrome is being called/started outside of the sandbox.

    Using a tool like Process Monitor (Procmon) can help understand how it's called.

    Unfortunately there are no settings in Sandboxie that helps with outside but it might possible to adjust registry settings to get it to behave as you would normally.

  • Ahh your Spanish, all makes sense now your childish behavior. Grow up kid. You whine about the "source code" all this time, show me one thing you've coded, can you even read it? Lets say someone decided to fork Sandboxie when it does get released, like maybe Xanatos, do you also plan on harassing him or whoever on their GitHub with childish gifs and being a whiny baby there as well?

  • Redacted said:
    Ahh your Spanish, all makes sense now your childish behavior.

    Ahh you are human, all makes sense now the stupid thing you said.

  • Hello Akhile,

    I gathered the Hooking Error Messages are Chrome related and you confirmed they do not imply potential security risk in SB. FYI, the same messages also show up when I sandbox the Brave Browser which is pretty much is based on Chromium open source.

    I was wondering if you looked into the "security Certificate issues" when Sandboxing the MS Outlook as I and other folks reported. Any update on addressing them?

     

    Thank You.

Reply
  • Hello Akhile,

    I gathered the Hooking Error Messages are Chrome related and you confirmed they do not imply potential security risk in SB. FYI, the same messages also show up when I sandbox the Brave Browser which is pretty much is based on Chromium open source.

    I was wondering if you looked into the "security Certificate issues" when Sandboxing the MS Outlook as I and other folks reported. Any update on addressing them?

     

    Thank You.

Children
No Data