New privacy enhanced File/Registry access scheme, White list/Template Mode, plans and discussion...

[DavidXanatos]

Sandboxie as it is reliably prevents unwanted changes to the system, however what it does not prevent without advanced configuration is exfiltration of user data by processes running under its supervision, as the default file and registry access scheme is allow read to anything except when the user specified a particular path to be closed.

Hence I'm looking into reworking the access mechanism such that it by default only allows access to generic windows locations required for applications to run and not allow any access to the user profile, drives other than C and folders on C other than standard windows folders.

This way applications running under sandboxie's supervision will not be able to access private data unless specifically granted the access by the user.

Unfortunately this is not a trivial endeavor with how Sbie is currently implemented its not like just changing a few if's or alike so it will take some time to be completed.

During the past year we collected a lot of feature requests asking fir such a change in one way or an other so to keep things organized I ask everyone to post suggestion for this new functionality only in this issue, other issues dealing with functionality that will be covered by this large rework will be closed on sight.

[mio-19]

#677 is also a suggestion for this functionality and it might be easiest to implement. But it requires users to sandbox every program

[mio-19]

Another suggestion is using a windows image as redirection target as is mentioned in #673 (comment) and #887

[sixiansheng]

Sandboxie as it is reliably prevents unwanted changes to the system, however what it does not prevent without advanced configuration is exfiltration of user data by processes running under its supervision, as the default file and registry access scheme is allow read to anything except when the user specified a particular path to be closed.

Hence I'm looking into reworking the access mechanism such that it by default only allows access to generic windows locations required for applications to run and not allow any access to the user profile, drives other than C and folders on C other than standard windows folders.

This way applications running under sandboxie's supervision will not be able to access private data unless specifically granted the access by the user.

Unfortunately this is not a trivial endeavor with how Sbie is currently implemented its not like just changing a few if's or alike so it will take some time to be completed.

During the past year we collected a lot of feature requests asking fir such a change in one way or an other so to keep things organized I ask everyone to post suggestion for this new functionality only in this issue, other issues dealing with functionality that will be covered by this large rework will be closed on sight.

Privacy is important, I even want the app to alert me when accessing any folder, just like ios, there will be an alert when accessing any permission, a well-known social software was exposed some time ago, it is qq, this software scans computer files and browsers so as to get personal data for analysis, I hope the new feature you are planning can be implemented as soon as possible, come on dear developer😊

[DavidXanatos]

Just to provide an ETA on this feature, its in the making and its planned to be in version 1.0.0 possibly already in one of the later 0.9.x fir testing to have the 1.0.0 be a final build with new major features.

One being the improved isolation with privacy / user data protection.

The other being in a way the opposite a app container mode which will have much better compatibility at the price of lowered isolation.

[ameaninglessname]

So glad that I found this wonderful software.

Windows seems has the worst control about privacy, comparing to Android or IOS.

The only thing I could find is this, again it only prevent write access to files.

Ultimately, I wish to have a "sandbox based" OS : programs only living and running in their own sandbox which could be "invisible" to each other. And every sandbox has its own ”Access Control“ configuration including file access, camera, microphone, etc..

Just like different people from different country living in the same earth.🤣

[matheuswillder]

I'm not sure here's the right place for a little suggestion, but since this issue is about a new enhanced privacy scheme: In addition to the restrictions on File/Registry access, perhaps a “Secure Desktop” mechanism would also be important, similar to what has been implemented by some password managers and Secure-Desktop. Sorry if this is not the right place and thank you for keeping Sandboxie alive.

@ameaninglessname Windows Protected Folders cause more problems than they solve. I've been using Sandboxie for almost 10 years precisely for what you want to do too: isolating programs and games, not necessarily for privacy, but the convenience of making and undoing changes easily.

[DavidXanatos]

Sandboxie already isolates unsandboxed windows form sandboxed processes so moving to a separate desktop object is not nececery

[DavidXanatos]

There is now an unsigned (you need to bcdedit /set testsigning on to use it) BETA build of the 1.0 release with new box types: http://xanasoft.com/Downloads/Sandboxie_1a.zip

[alpe12]

Any idea when it might be released?

[DavidXanatos]

very soon it will probably be the next release, if no more important issues appear with the current one, since its a big change i wanted to ensure the last 0.x.x release is as bug free as possible before releasing to 1.x.x with such large changes

[isaak654]

Just released: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.0