> The SbieDrv.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
Finding leaked but operational EV code singing certs online should not be a thing ...
But it's not operational. The root CA ("VeriSign Class 3 Public Primary CA") was revoked, and the certificate itself expired in 2011. It's just that windows doesn't bother checking the signatures, as another commenter in this thread mentioned.
A valid signature. That means the signature must chain to a trusted root CA, and the signing must have taken place within the signing certificate's validity period. If the certificate has expired at the time the user executes the binary, a counter-signature from a trusted timestamping service must also be present, to prove the binary was indeed signed within the certificate's validity period.
This seems fairly sane to me, and and allows doing things in software like trusting particular publishers.
No, it doesn't need to chain to a trusted root. Any signature silences a whole class of errors. You can also do strict enforcement if you'd like but the last I looked at this it's not the default.
Digital signatures absolutely do need to chain to a trusted root (also, I forgot to mention that the certificate also has to have the "digital signature" EKU).
What errors do you believe are silenced when an executable has an invalid or untrusted signature?
From memory adding a valid but unchained signature to a binary will change how SmartScreen initially evaluates your application. If there's no signature at all you get a yellow box or at least a message that is more alarming than if there is a valid signature even if unrecognized.
Similar thing for the script signing policies -- during my testing the default seems to want a signature, but not a valid chained one. I was confused in the same way you are, but the documentation doesn't actually say you need a valid chained signature nor does it really describe the threat and security models.
They just have signatures, because signatures make things more secure, right?
Apologies, I was thinking of Windows installers, rather than executables - a warning is given for installers with an invalid or untrusted signature, but you were correct that no warning is given for executables.
That was the 2nd pararaph. The first paragraph was, "This is a huge update fixing many bugs and security issues, it also expands on the functionality of the new SandMan.exe UI component, Check out the full ChangeLog for more details."
Paragraphs 1 & 2 do not go well together, and I will never use this product, despite my having tested sandboxie itself in the past.
Odd Story: The single person listed on the github page also has a fork of the original DiskCryptor code. At a prior employers I had worked, we once wanted to embedd DC into a larger framework. After some time we were able to find people to contact. They were using some elaborate scheme to hide their identities and yet converse over the phone. Since it was an "Open Source" project, and we already had the source code, we had reached out to them as a courtesy and nothing more. In fact we had already found serious bugs that we had fixed interally. Yet, they demanded an astronomically high sum for the use of DC. What did we do? The room of us laughed at the DC folks on speaker phone, then we went off and finished our own framework without using DC.
There is a small segment of people on the fringes of the security industry who work for a government (trying to get people to use their product), are running from a government, have stolen code from a government, are involved with shady business dealings, etc. It's best to stay as far away from these people as possible at all times. I'm not saying the person who started this github falls into that category, but it's best to think about that before using what is a security product.
After an uncertain period for this project, I'm very happy Sophos decided to open source it and that the community is continuing its development. It's absolutely essential if you're running any untrusted applications on Windows, allowing an extensive level of control over the resources the app is allowed to access (registry, filesystem, network, etc.).
It's similar to containers on Linux in that sense, it has little to no overhead (sandboxing games works great in most cases), but in an even more user-friendly package than something like Docker. Highly recommended.
1. When you open a win10 sandbox it appears as a fresh install of windows. Only Microsoft Edge is pre-installed. If you like to tweak privacy settings etc then you'll need to re-tweak them every time you start up a win10 sandbox (as they too get forgotten)>
2. Everything gets wiped when you close a win10 sandbox (so installations can't survive beyond a login session).
In Sandboxie you appear to get a copy of your existing OS, and the copy is only wiped when you choose to wipe it (so it can survive across login sessions).
The win10 sandbox is wiped when you close it, and you have to close it to turn off the PC.
3. Win10 sandbox seems not to like making the camera or microphone available to apps (eg zoom, skype) whereas Sandboxie is happy with making them available.
4. Because of the above, win10 sandbox is probably more secure than sandboxie, but there is no indication of where the sandbox state was stored, so it isn't possible to secure delete it like you can with sandboxie.
There's a feature that I really like in Sandboxie, which is that it can preserve certain folders from being deleted.
I use this feature when I run Firefox in a Sandboxie sandbox while preserving it history and bookmarks. I find it pretty annoying to have those cleared whenever I delete my sandbox, so much prefer to have those saved.
Sandboxie is one of the few programs that I allow to autostart on my Windows installations. It is an ingenious piece of software with a dead simple yet extremely powerful interface. Glad to see it’s free software/open source instead of just dying a slow death. It’s saved my ass more than once and made my life a lot easier.
I decommissioned my last Windows about 10 years ago, but Sandboxie was a killer app that I missed sorely. It was ingenius and saved my ass a few times.
Much the way people probably feel when iOS started showing clipboard access so you could physically see when apps were doing something invasive? That was the feeling I got constantly with every app and every invasive action when I was using Sandboxie. Truly a gem.
I used Sandboxie 10 years ago, when I was still using Windows. It is a really neat piece of software. I'm glad it went open-source instead of simply dying because of lack time and/or interest.
I had a surprising hard time to find an equivalent for linux. Today firejail fill that void pretty well.
I think is weird that Microsoft uses security as a feature for customers who pay more.
I mean, security, if universal in their platform, would only give more prestige to the Windows brand, so why to let some of their users unprotected, specially when lack of security features, virus, etc.. have hurt so much the Windows brand?
They should give other kind of features and apps instead. Never negotiate security, and made it universal, giving more strength to their image.
Think of it, in the end you will be paying to be protected from the insecurity that is only there because of the flaws in their platform.
Its like a mob rising the crime levels on a neighborhood and at the same time asking to be payed to grant you security for the troubles people are only having because they are creating those same troubles in the first place (even if/when indirectly).
I never understood why you would have to pay for security... "Oh look, our software is inherently insecure, but if you pay more, you can get a mitigation." It truly gives no good light on whatever you sell.
There are tons of sandboxing applications for Linux.
Also a few solutions like Snap and Flatpak exist on Linux where the applications come pre-sandboxed. For Mac, the official Mac App Store's applications are all sandboxed also.
Finding leaked but operational EV code singing certs online should not be a thing ...