Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Open Source Windows

The Sandboxie Windows Sandbox Isolation Tool Is Now Open-Source (bleepingcomputer.com) 22

Cybersecurity firm Sophos announced today that it has open-sourced the Sandboxie Windows sandbox-based isolation utility 15 years after it was released. Bleeping Computer reports: Sandboxie was initially developed by Ronen Tzur and released on June 26, 2004, as a simple utility to help run Internet Explorer within a secure and isolated sandbox environment. Later, Tzur upgraded Sandboxie to also support sandboxing any other Windows applications that required a secure virtual sandbox for while running. Invincea acquired Sandboxie from Tzur in December 2013 and the app eventually moved under Sophos' software umbrella after the cybersecurity firm announced Invincea's acquisition in February 2017.

"We are thrilled to give the code to the community," Sophos Director of Product Marketing Seth Geftic said. "The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level. The Sandboxie user base represents some of the most passionate, forward-thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases."
You can download Sandboxie and its source code here.
This discussion has been archived. No new comments can be posted.

The Sandboxie Windows Sandbox Isolation Tool Is Now Open-Source

Comments Filter:
  • Since I'm a Linux user, I'm asking anyone who used this: Is it trying to identify and block all the known ways a program could leave the sandbox? Or blocking all API actions, and instructions, *unless allowed*? Liike a RBAC solution.) And if the latter, then how smart, regarding the context-sensitivity of its rules, is it?

    • by Dwedit ( 232252 ) on Thursday April 09, 2020 @10:17PM (#59927052) Homepage

      I think it's a filter driver, so it hooks the parts where user-mode code makes system calls to kernel-mode code.

      When you make a Win32 API call, you first run the API entry point from "Kernel32.dll" (a user-mode library). That will make a call to NTDLL.dll (also a user-mode library), and the code inside NTDLL will run SYSENTER, and switch to Kernel mode, where the actual code is implemented.

      A filter driver intercepts between SYSENTER and the kernel's code running.

      There are also other possible ways to hook DLLs. One common method is to replace which user-mode functions you get when a program imports a DLL, loads a DLL, or gets a function address out of a DLL. This is sufficient for well-behaved Windows programs. But only the well-behaved ones.

      Without hooking the transition from User to Kernel, you leave the door open to get into the real kernel-level API calls.

    • by Anonymous Coward on Thursday April 09, 2020 @10:55PM (#59927116)

      The release is fraudulent. It claims to be licenced under GPL 3.0 but it requires anyone who wants to download the code to agree to some nebulous Sophos EULA legalese restrictions that conflict with open source licencing.

      • Yes, this is strange, confirmed, thanks for the post. Very risky marketing strategy that can backfire as soon as people start pointing out that the GPL claim is false, and the term "open source" is used quite broadly here. Or they are trying to leverage the power of negative advertising.
      • Expect the EFF to sue their asses.

        Thanks. There's hardly a worse thing to start off on, when you want people to trust you. This kills it dead in the water, right there.

      • It looks like they're in transition. "Sophos is currently engaging with members of the community who are willing to take on the Sandboxie source code and make it available through an open source project to the community.". Once that happens there wouldn't be a Sophos EULA.
      • by jma05 ( 897351 )

        To give them some benefit of doubt, it is possible they just botched the web site transition.

        Someone placed it on GitHub.

        https://github.com/DavidXanato... [github.com]

        But really, Sophos should have an official repository if they were going about it the right way.

      • by tlhIngan ( 30335 )

        The release is fraudulent. It claims to be licenced under GPL 3.0 but it requires anyone who wants to download the code to agree to some nebulous Sophos EULA legalese restrictions that conflict with open source licencing.

        Not really. If Sophos owns the code, they can insist on both. You see, Sophos can license the code to you under any license they wish, and insist that every distribution afterwards be GPLv3. As copyright holder, they are able to do whatever they want with the code. They can restrict you fro

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Real operating systems do. This is for the toy OS/marketing platform Windows.

  • So many articles now have fewer than 20 comments, whereas a year ago they might have had 2X or 3X as much. If everyone is at home nowadays where are they going instead of Slashdot?
    • If everyone is at home nowadays where are they going instead of Slashdot?

      In the hospital on ventilators, where the success ratio seems to be maybe 20%. (I read that apparently it's so bad that doctors are starting to use Vs as a last resort. IANAD, but probably WILL be a patient in the next few months.) Unfortunately, talking to a nurse friend of mine, we both agree I would be a middle-risk patient. So I'm joking here, but only mostly.

    • If everyone is at home nowadays where are they going instead of Slashdot?

      Reddit? ArsTechnica?
      The quality of Slashdot articles has suffered greatly over the years. This one is barely more than a quote from another site plus two links. It seems people are finally catching on.
      Also, censorship which used to be completely absent is creeping in. A few times, I wanted to revisit posts but could not find them, even browsing at -1 or using Google. That is another thing not everyone likes.

    • If everyone is at home nowadays where are they going instead of Slashdot?

      The function of Slashdot used to be a distraction from your tedious tech job. But now we are all *hunkered down in our 'rona bunker* our lives are too busy and interesting to need job diversions while we:

      • Binge watch box sets
      • Gear-up like a character in Tom Clancy's The Division to enter the exterior Dark Zone on our way to the supermarket
      • Act as a portable heating unit for our cat
      • Sing Italian Opera (or regionally-appropriate songs) from our windows
      • Endlessly refresh the John Hopkins dashboard while waiting
  • been using this tool for a long time and can't say enough great things about it. i couldn't maintaining a home computer without this technology. it has issues, not everything works well so sometimes i use a heavy VM. Though, I have a few use cases that come up frequently and the tools continues to pay dividends. A couple of example, my pdfs open in a sandbox with no networking, how awesome is that? uninstalling an application is removing a sandbox performance is also excellent. these seem like really b

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...