The user can enable or disable it.

@D1G1T@L: Oh well, thanks for the reply. With over 300 million Windows 7 licenses sold, I don't imagine they're too concerned about a few Sandboxie users.

Could this work? If not, can tzuk or anyone please explain why. I have no idea how to code so I'm asking. Just curious thats all.

I'm not qualified to answer your question directly, but here's a suggestion. Set a password, which is good practice anyway, and then enable auto-login.

Easier to just use Autologon from Sysinternals.

Edit:
And if you want to be really slick, then try THIS. I schedule the script to run this way though -

1) open Group Policy Editor (gpedit.msc)
2) User Configuration -> Windows Settings -> Scripts (Logon/Logoff)
3) Open Logon and add your script

I see there is some interest in the EndTask thing. As I said Sandboxie does what it can by supervising this at the user mode / application level. Supervising this at the kernel level is not possible on 64-bit Windows, except perhaps by messing with the system csrss.exe processes, which would then cause other security software to rightly say that Sandboxie is a saboteur.

Other than that I refer you to D1G1T@L's closing statement of an earlier post in this topic.

Seems to be running OK on Vista 64-bit.

I am more than happy with the extra protection provided.

Ok thanks for the reply. One last thing I want to know, in this case could Endtask be used to shutdown or crash the system deliberately?

I don't think so, at least Matousec kill5 can only kill processes with a window.
Unlikely to happen.

Maybe you haven't gotten around to this yet, but I have experimental protection enabled on 3.55.02 and when I create a new sandbox, Drop Rights is still enabled by default.


Good tip. Very slick.

Yep, I noticed this myself.

Yeah, I didn't get around to addressing that Drop Rights thing yet. Still planning to take care of it though.

Alright so I will repost this here for informational purposes to add info that might anwser other similar future questions. Tzuk I thought you'd move the posts either way nvm now



My reply:



So just for the sake of discussion, are things like internet access/ ports and the EndTask API (mentioned many times already) not reliant on IPC?

To answer your (plural) questions about program termination. There is a protection layer at the application level and there is a protection level on the kernel level. Normally a program never reaches the kernel level with a request that Sandboxie would have to block.

If this does happen then the program must have messed with the protection at the application level. (The exception of course is when the new kernel protection is still new and a bit buggy, and wrongly terminates programs in some cases.)

Now on 32-bit Windows, even if a program can bypass the protection at the application level, Sandboxie is able to completely prevent the program from accessing the resource.

On 64-bit Windows, Sandboxie cannot completely prevent the program from accessing the resource, it can only tell Windows to not let the program do anything with the resource. This is a fine distinction which probably makes zero difference in practical terms. But again the program is never supposed to be in this situation unless something wrong happened to the protection at the application level. Therefore I feel it is reasonable to terminate the program at this point.

As for EndTask, this is not a standalone resource in the system that you can allow or deny access to. It is one of many possible requests on a main channel between a program and the CSRSS process. In other words it is a sequence of bytes going into one end of some communication channel, and causing CSRSS to end programs. It is not possible to supervise what goes into this channel, as with other necessary things, there are no supported kernel interfaces for doing something like this.

So hopefully this finally clarifies everything for everyone.

Does that explain why firefox 4 keep on crashing while using 3.55.02?
I use win 7 64bit btw
Hopefully the problem will be gone with 3.55.03