3CX DLL-Sideloading attack: What you need to know
Important Information Regarding Sandboxie Open Source Release
Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool!
We’re excited to give the code to the community. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level. We’re proud to release it to the community in the hope it will spawn a fresh wave of ideas and use cases.
To download this release please visit our download page here.
As we are monitoring and keeping you up to date on the take-up of the source code and its transition to become a true open source project we can imagine that you have some questions about the availability of the free Sandboxie versions and the future of the forum and this website.
FAQ on this release:
Sophos is currently engaging with members of the community who are willing to take on the Sandboxie source code and make it available through an open source project to the community. We will keep you informed about the progress through this website.
The latest version of Sandboxie (Win 7, 8.1 and 10 only) is available here. This is the last version of Sandboxie that Sophos will make available to the community and no further updates will be made to it. All restricted features have been made completely free in this version. Any further improvements to Sandboxie will need to be made through the open source community.
Sophos is planning to close the Sophos community Sandboxie forum on June 1st 2020.
The open source release has no code to check the license server. We have removed any checks against the license server since the 5.31.1 release. For this reason we will be shutting down the license server on June 1st 2020.
As and when the Sandboxie community embraces the available source code, transitioning it to an open source project, we will gradually wind down the website and expect to close the website during the fall of 2020.
There are 3 steps to building Sandboxie:
To start with there is a Readme.txt file in the root of the source code.
The main piece of source that is needed to compile the code is Microsoft Visual Studio 2015. (The Community Version may build the source code but be advised that there are restrictions on the use of the binaries generated by this version).
There is a dependency on the Microsoft Windows Device Driver Kit 7.1.0 (link has been provided in the Readme.txt file).
There is a separate Readme.txt located in the /install/ folder for building the installer. This contains additional requirements to set up.
No, Sandboxie can be compiled entirely from source code withll very few dependencies.
We are releasing the source code under the GPL v3 license (https://www.gnu.org/licenses/gpl-3.0.en.html)
Start with the Readme.txt file at the root. There is a little more explanation of each of the different projects in the source code.
Yes, Microsoft requires that all drivers are signed. This requires purchasing a validated certificate from a Certificate Authority who normally will vet the individual/company that they are issuing too. Since Windows 10, Microsoft also requires that all drivers be submitted to them through their hardware development portal so that it can be validated and signed by them.
For testing purposes, it is possible to create a self-signed certificate and use that to sign your driver locally. Windows still need to run in what is called Test Signing mode in order to accept this form of signed driver.
It is beyond the scope of this document to describe how to sign the binaries but there are plenty of resources online to help with this.
If you use a version of the driver that is already signed, it is possible to update other components and drop in files as replacements. The only condition is that the “Version” associated with the SbieSvc project (see common\my_version.h) matches the driver version.
There is a known issue that opening any *.rc in Visual Studio can cause it to get corrupted. The default versions should work as is.
This has been resolved.
I tried to download the Open Source Sanfboxie but was diverted to GITHUB !!! I was then asked to register.
If GITHUB is now the proud owner of Sandboxie, why don't they just offer a download button like everybody else in the world and stop pissing about ?
Or even more logical - WHY does SOPHOS bugger about with GITHUB and simply provide a download button for ALL Sandboxie users ?
I am damned if I want to join this exclusive band of individuals just to get a program I have had for many years with no problems.
VIAM INVENIAM AVT FACIAM
Thank you so much for that reply and the links.
I looked at - DavidXanatos - https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/
and downloaded his SandboxieInstall64-v5.40.1.exe. A Sandboxie icon popped up on my desktop, BUT when I clicked it to play,
the following Microsoft Windows Defender warning panel came up -
Holy Cow ! That is a good start !!!
Yea that's normal if you don't pay the MSFT tax and don't get a code signing certificate.
So what you are saying David is that if we don't pay the MSFT tax and don't get a code signing certificate.
then we cannot use the Open Source Sandboxie !
So Sandboxie Open Source is no longer free. There is no way I am going to fiddle about paying for any certificate having used Sandboxie FREE for about 14 years and there are most likely many 1,000's more who think the same.
Sandboxie - wonderful memories of a wonderful program designed by a genius - Tzuk - RIP
Not quite, you missed a detail that's a Tax on the developer not on the user.
So one dev needs to get a code signing cert and the releases are good to go for all the world.
And Tom already got one so a properly signed release is soon to be out there.
Also you always have the option to click more info and then click allow this program and so on to allow the execution even without the exe it being signed.
Brilliant reply David and thank you so much for your information.
I will continue to look with enthusiasm and expectation for the official bona-fide Open Source Sandboxie fully authorised version release over the coming weeks.
Again - many, many thanks for your information and time.