Now I have no idea how much work it would be to back port that to windows and plug it into the Sandboxie infrastructure, but it definitely would be a lot of fun. WINE spins up a User Mode process with the necessary API for a windows driver to load and do something. When playing around with WINE (which is not an emulator) I noticed that I can there in fact load a driver as long as it does not need hardware access and generally doesn't do to much. Binary plugins are definitely doable with decent performance, scripting that's a different can of worms. Now, booth options would need in principle a complete rework of the SbieDLL. IMHO we should be able to implement workarounds ideally as scripts or at least as binary plugins, such that whenever something needs fixing its not necessary to rebuild and reinstall the entire project. Sandboxie implements many hard-coded workarounds for various Applications for example search for "chrome" in the code 133 results. On this note I think a tool that pretty much captures all API calls might be very useful for ReactOS/WINE developers, actually why not set out to add official ReactOS support to sandboxie. With that comparing an applications traces from a sandbox and a testbox on the same system would make finding the calls where something went wrong child's play. just instrument/hook a process but don't isolate it from the system. What we would also need would be the ability to create permissive testboxes i.e. I think that would be extremely useful in resolving compatibility issues. I think we can do better, much better in fact, a full verbose log of all the hooked API calls and parameters, imagine ProcMon.exe on steroids, something along the lines of WinAPIOverride. Sandboxie hooks a many API calls, not all of them but a ton, and what output do we get, some Error Messages and a very basic Resource Access Monitor. NET C#, but there will be a completely new UI with a ton of easily accessible options, no more messing around with ini files. Not sure if I will go with C++ and Qt again, or may be I try. If you need an idea what UI paradigms I cherish take a look on my Task Explorer. No, No, don't worry nothing like this atrocious win 10 modern UI abomination, but something more maintainable and better looking than the current plain C with Win-Forms, something with the esthetics of windows 7 or Classic XP. One could even think about a network based synchronization feature to use the same set of applications on multiple devices, and I would implement is on a P2P basis such that you don't necessarily need a home server, although one of this QNap or Synology boxes sure might be nice. you install your software into a set of separated boxes and when you exchange your laptop or re install your Windows because MSFT broke it again, you just copy your box repo onto the new system and continue where you left of on the old one. I would like to develop Sandboxie more towards a software packeting tool like the old Altiris SVS was, i.e. Sandboxie due to the basic version being restricted to one sandbox at a time, never was much about using multiple sandboxes. On one hand why not a full blown application firewall but than one can just use a 3rd party application firewall, not sure about the right balance between functionality for those that only have the windows firewall and redundancy for those with more advanced tools. Hence I would like to add a better control over the sand boxed application's network connectivity.ĭefinitely some easily accessible switch for each sandbox determining if the app inside can access the LAN, WAN or neither and not to far from it exception lists per process. programs with unwanted Telemetry baked in. Here my threat model is more privacy violating applications which don't use malware tactics, i.e. Sandboxie allows to restrict network access only through the ini file. So I would like to make programs inside the sandbox see an empty user account just called user without access to the actual users profile data, ideally when creating a sandbox the user would choose if its a regular sandbox like currently or an anonymous sandbox without personal data.įor hardware information that is a subject for later. Sandboxie is great to protect the system from malicious modifications but with default configuration it does not protect user data from being accessed and exfiltrated.Īlso it dos not protect the users privacy in therms of his user name and or unique hardware information like MAC-addresses or disk serial numbers, etc. The plan is long, but not very well formulated so I'll just throw in here all the ideas more or less unsorted and make a proper Roadmap out of it later on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |