Sandboxie (or alternative)? (Win7,10)

Discussion in 'PC' started by Dalmation, Oct 15, 2021.

  1. Dalmation

    Dalmation Kapellmeister

    Joined:
    Jun 7, 2011
    Messages:
    487
    Likes Received:
    64
    I'm a Sandboxie virgin and from what I see from the host website, it hurts my confused head as to how to operate it.
    I want to use it to test VST & freeware software installers.

    - Is it still the preferred VM utility that everyone uses?
    - Are there any other alternatives?
    - Is there an instruction guide for 'dummies' somewhere in the WWW?

    Thanx 0_0

    Also - is Sandboxie-Plus or Sandboxie-Classic best for my simple needs?
     
    Last edited by a moderator: Oct 15, 2021
  2.  
  3. demberto

    demberto Platinum Record

    Joined:
    Nov 27, 2018
    Messages:
    581
    Likes Received:
    198
    Win10 has Windows Sandbox, its use and throw btw. Once you close it, the changes you make inside it are lost. Have never used Sandboxie myself, so not sure this is the alternative you are looking for
     
  4. trz303

    trz303 Ultrasonic

    Joined:
    Jun 29, 2011
    Messages:
    111
    Likes Received:
    37
    Sandboxie only allows you to run .exe in a protected area, but not a complete DAW environement (with VST, audio drivers, midi, etc...), that's why there is no real alternative to Virtual Machine.

    BTW VST are dll and cant really execute evil code/virus/programs.
    Only installers exe are potential threats.
     
  5. demberto

    demberto Platinum Record

    Joined:
    Nov 27, 2018
    Messages:
    581
    Likes Received:
    198
    VST can do everything an EXE can do once it is loaded in memory by the DAW.
     
  6. Dmotr Softor

    Dmotr Softor Ultrasonic

    Joined:
    Jul 13, 2016
    Messages:
    44
    Likes Received:
    20
    VST runs perfectly in SandBoxie. It uses own "copy" of registry, datafolders, etc. So the changes you make will exist only in this current sandbox. And yes, it's possible to implement an evil code into dll.
     
    Last edited: Oct 15, 2021
  7. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    1,392
    Likes Received:
    796
    Location:
    Share many
    Not, ahm, completely true.
    Of course a .DLL can't execute code by itself but if a program calls an infected .DLL the code inside the .DLL ist executed by the host application.
    And .DLLs are often called by more than one application.

    Thus .DLLs are even more dangerous than a simmple .exe file because wa are aware that .exe, bat., cmd are executable files.

    Plus In some cases we just copy .DLL files into the DAW's VST directory. No installer or .exe used.
    In the moment we start the DAW and use the VST there is the risk that the DLL files the DAW calls are infected and executes dangerous code. With the same rights, the DAW has.

    Sandboxie makes a virtual filesystem and a virtual registry inside a given directory and executes application in this capsuled sandbox.
    I used it a lot in the past and it worked quite fine. But I've had many cases where the App didn't start inside the sandbox so that I needed a virtual system to check the app.
    Thus I do not use Sandboxie any longer.
     
    Last edited: Oct 15, 2021
  8. trz303

    trz303 Ultrasonic

    Joined:
    Jun 29, 2011
    Messages:
    111
    Likes Received:
    37
    Sure dll can be dangerous, but in our audio world, who could be interested in coding a malware inside a VST dll ?
    I mean VST dll are only related to DAWs ...
    An most of the -serious- computers hosting DAWs are not even connected to the internet ...

    In our world, keygens exe are by far more dangerous than VST dll. I was not talking about generic windows dlls.

    But you need to run the whole DAW system and all subsystem inside the SandBoxie otherwise it's not really usefull, that's why a full featured test VM is probably a better way to test audio-related VST and programs.
     
  9. Dmotr Softor

    Dmotr Softor Ultrasonic

    Joined:
    Jul 13, 2016
    Messages:
    44
    Likes Received:
    20
    I almost absolutely agree with you. But i have to admit, that almost all of the modern malwares have an anti-VM modules, to protect them from this kind of test. So it's better to double-cheсk with SB. But, as you mentioned, I had no experience with VST-mw.
     
    Last edited: Oct 15, 2021
  10. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    1,392
    Likes Received:
    796
    Location:
    Share many
    1). Maybe there is no malware inside VSTs today? IDK, but related to malware: what can be done, will be done.
    2). A lot of other Applications do use VST .DLL. To only mention two: Adobe Premiere Pro, Blackmagic Resolve Studio ...

    I would recommend to be always rather careful, also with VST(i)
     
  11. trz303

    trz303 Ultrasonic

    Joined:
    Jun 29, 2011
    Messages:
    111
    Likes Received:
    37
    My test rig is pretty simple : a spare computer ! It's not the cheapest way, but by far the most secure one.
    I always test VSTs in my spare machine before installing them to my main DAW machine.
    And my DAW is never connected to the internet, so I can even completely remove MS Defender from scanning my every moves.
     
  12. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    3,586
    Likes Received:
    2,708
    Location:
    Where the sun doesn't shine.
    Why don't you try VirtualBox? It's perfect for safely testing plugins and running keygens in any OS, making "no install" installations so you don't end up with every plugin listed in "Programs and Features", simplifying those rare but bloody horrible ".msi" installations that leave a copy of the installation in ProgramData [some plugins come as .msi installations] etc. It's extremely handy.

    The only thing that you might find a bit complicated is that you have to install a fresh system of your choice [runs all Windows, Linux, even MacOS images] into it, and after you've done all the adjustments to it, make a shared folder [so you can share files between the host and VM], and then you make a snapshot, so when you close the VM it will always start from that snapshot state. I use it all the time. It is great and free! :wink:

    edit: you can also run as many VMs as you want. :wink: You can have Linux for browsing safely, and a 2nd Windows installation for testing plugins, for example.
     
    Last edited: Oct 15, 2021
  13. Gizmoz

    Gizmoz Producer

    Joined:
    Oct 20, 2018
    Messages:
    124
    Likes Received:
    100
    @Dalmation :

    You can use Timefreeze here : http://www.toolwiz.com/lead/toolwiz_time_freeze/

    1 install the program
    2 restart and turn Freeze mode on
    3 install your test apps and do your thing
    4 restart your computer and all changes are rolled back to it's initial state
    Simple and effective (a restore point is advised as a security in my opinion)
     
    • Interesting Interesting x 1
    • Useful Useful x 1
    • List
  14. Dalmation

    Dalmation Kapellmeister

    Joined:
    Jun 7, 2011
    Messages:
    487
    Likes Received:
    64
  15. Dalmation

    Dalmation Kapellmeister

    Joined:
    Jun 7, 2011
    Messages:
    487
    Likes Received:
    64
    Agree that installers (zzz.exe) are often the carriers of virii, malware etc. and background antivirus app monitor for these when an app is installing.

    In the case of VST plugins - in the early 2000's of H2O, AiR, Adrenalin etc installers, I used 'Universal Extractor' to unpack the *.exe, to check for any suspects hiding, grab the VST.dll and any related fxp,fxb, user manual etc.

    With many recent CE-VR releases containing a lot of extra bundled expansion presets/banks/patches, compared to R2R releases, , my thinking is to unpack the install of the CE-VR version, grab any extra add-ons, then stick with the R2R version.

    Nowdays installers are more sophisticated :-\ and I still want to do this today and notice Universal Extractor has been superceded by 'Universal Extractor 2.0 RC3' and there's also 'innoextract' available.
    Universal Extractor <OLD>:
    https://www.majorgeeks.com/files/details/universal_extractor.html
    Universal Extractor <NEW>:
    https://www.majorgeeks.com/files/details/universal_extractor_2.html
    innoextract:
    https://constexpr.org/innoextract/#download

    So - when possible, I prefer to use an 'unpacker' on the install, or less-preferred Sandboxie.
     
    Last edited: Oct 16, 2021
    • Like Like x 1
    • Useful Useful x 1
    • List
  16. Dmotr Softor

    Dmotr Softor Ultrasonic

    Joined:
    Jul 13, 2016
    Messages:
    44
    Likes Received:
    20
    I wouldn't be so sure about that. A lot of people may be interested in this. For example, I am a versatile person, and for more than 20 years I have had some relation not only to the music scene, but also to the so-called "computer underground" (sounds wildly pretentious). I personally think it is immoral to implement malicious code into plugins when you are a musician/sound engineer. And people from the outside really do not think about such things, since they are far from audio software.
    As i said before, it' s obvious for modern malware to have an anti VM protection. So this kind of "test" is not working as good as people think. Freezing is a much better idea. It's almost a bulletproof solution.
    The only virtualization mode which is not so vulnerable is wsl2/kvm.

    Check this out:
     
    Last edited: Oct 16, 2021
  17. orbitbooster

    orbitbooster Platinum Record

    Joined:
    Jan 8, 2018
    Messages:
    435
    Likes Received:
    293
    Shadow defender.
    That should be safe enough, I guess similar to Timefreeze above.
    Comodo Sandbox, but is included in Comodo free Firewall bundle, very similar to Sandboxie.
     
  18. Dmotr Softor

    Dmotr Softor Ultrasonic

    Joined:
    Jul 13, 2016
    Messages:
    44
    Likes Received:
    20
    SD isn't bad, but some of RATs(the latest version of njRat for example) and several bitcoin-clippers have an anti-SD protection.
    Unfortunately (or fortunately), all such solutions are doomed to the fact that malicious code will check the startup environment. As I said above, there is only, at the moment, a virtualization method that does not allow the virus to perform this trick.
    By the way, as practice shows, the more dangerous a malicious program is by its consequences, the better the protection against virtualization is implemented. Simply put, if you run a program that contains an up-to-date ransomware virus, then most likely it will not manifest itself either in the shadow defender or in other virtual machines. I highly recommend everyone to figure out how to create a 'HC'-virtual machine and run suspicious applications there.
    This is not paranoia, but a view from the opposite side. Code analysis is a great thing!
     
    Last edited: Oct 16, 2021
    • Interesting Interesting x 1
    • Useful Useful x 1
    • List
  19. Gizmoz

    Gizmoz Producer

    Joined:
    Oct 20, 2018
    Messages:
    124
    Likes Received:
    100
    "So - when possible, I prefer to use an 'unpacker' on the install, or less-preferred Sandboxie."

    Yep,
    thanks for the links, lately I've tried to open a VR installer with no success with lessmsi (The installer did'nt work: out of memory)
    I solved my problem with the registry (LoadApp_dll was engaged for x32)
    But having a solution to open the VR installers is always handy, Thanks again

    With that said, I never encoutered a problem with downloads from sistersite
     
  20. Dmotr Softor

    Dmotr Softor Ultrasonic

    Joined:
    Jul 13, 2016
    Messages:
    44
    Likes Received:
    20
    I want to clarify. I have never distributed such surprises and have not caused any harm with their help. This is my long-term hobby. Which combines both my education as a computer scientist and a culturologist . Perhaps someday I will write a study on the evolution of this movement from the romance of the 80s - 90s to the moral degradation of the 2020s):guru:
    But it would be untrue to say that I will be glad if sooner or later the software becomes invulnerable.)

    And don't forget to use Virustotal, Check every piece of software you download.
     
    • Interesting Interesting x 1
    • List
  21. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    3,279
    Likes Received:
    2,505
    The online checking service Virustotal uses over 70 virus scanners and many other checking programs.
    It is the perfect remedy for dubious files and links.
     
Loading...
Similar Threads - Sandboxie alternative) (Win7 Forum Date
Sandboxie issues PC Jun 29, 2021
Sandboxie now free PC Sep 28, 2019
How to run KeyGen into SandBoxie? Software Jul 22, 2019
Sandboxie (or other install tracer / watcher / logger) ? PC Oct 8, 2013
Loading...