Multibooter Posted August 6, 2024 Author Posted August 6, 2024 (edited) 6 hours ago, Sampei.Nihira said: SBIE might be of interest if you want to increase security in Windows XP when using a browser,such as MyPal 68, that lacks a sandbox. Of course, it needs to be verified whether this works. I wish you a good continuation of this thread of yours. Mypal68 v68.13.8b (7Jan2024) is a special build for SSE-only by feodor2 and works great on my 24-year-old Inspiron 7500 laptop (650MHz Pentium 3, 512MB RAM) under WinXP SP3. It does not run under WinXP SP2. Mypal68 v68.13.8b is slower than New Moon 28 and Serpent 52 by roytam1 because it is based on more recent Firefox 68, which is more resource intensive than earlier versions of Firefox. New Moon 28 is my main browser on the SSE-only Pentium 3 laptop, but Mypal68 v68.13.8b by feodor2 is just as essential, it can load websites which New Moon 28 and Serpent 52 by roytam1 cannot load. The COMBO of New Moon 28+Serpent 52+Mypal68 makes an old Pentium 3 computer still quite useful. All 3 work well inside a sandbox of Sandboxie v5.22 under WinXP in an SSE-only computer. The corresponding SSE2 versions of Mypal68 by feodor2 and of New Moon 28 and Serpent 52 by roytam1 also work well in a sandbox of the special edition for WinXP by David Xanatos of Sandboxie v5.40 in an SSE2 computer. Below is a screenshot of the About screen of Mypal68 v68.13.8b (7Jan2024) by feodor2, during sandboxed web browsing on an SSE-only computer under WinXP SP3, in a sandbox of Sandboxie v5.22. Sandboxie indicates that Mypal68 is running in a sandbox by displaying a yellow line around the window. Also, the window title is embedded between "#" signs. Edited August 6, 2024 by Multibooter 1
modnar Posted August 7, 2024 Posted August 7, 2024 (edited) You're welcome! Now first the procedure how to check whether you need to correct any of the known-to-have-issues-groups: In registry editor you click on HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services and then press CTRL+F (Edit/Find...) and write into that window the name of wanted group, e.g. Filter; also tick "Match whole string only" so you don't get false results. Updated: Filter 0b is not necessary with factory filesystem (not disabling LastAccessUpdate or other similar useless stuff). Filter 06 is good and also a factory setting when installing XPSP3 anew with Unofficial SP4 from Harkaz. Besides - the system is faster this way. The other 2 files are Primary Disk and SCSI Class groups of which the last is either 03 (factory) or full up to 2d (with all 45 members /that don't exist/). Please, do check Tags before editing. GroupOrderList_Primary_Disk_05_XP_USP4.txt GroupOrderList_SCSI_Class_03_XP_USP4.txt GroupOrderList_Filter_06_XP_USP4.txt Edited 17 hours ago by modnar Update 1
Guest Posted August 7, 2024 Posted August 7, 2024 (edited) @Multibooter Edited August 7, 2024 by Sampei.Nihira
Multibooter Posted August 7, 2024 Author Posted August 7, 2024 (edited) 14 hours ago, modnar said: You're welcome! Now first the procedure how to check whether you need to correct any of the known-to-have-issues-groups: In registry editor you click on HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services and then press CTRL+F (Edit/Find...) and write into that window the name of wanted group, e.g. Filter; also tick "Match whole string only" so you don't get false results. That will (by clicking Find next) go through all the services with "Group" name "Filter" and you have to observe the "Tag" values they have - if any "Tag" has higher value than in your screenshots (06 and 07 respectively), that means it's out of range of that load order and has to be added, so the poor old XP doesn't waste CPU cycles figuring out the load order - not just on boot but also during daily work. Here are my .reg files for correcting the 2 problematic (Filter and SCSI Class) groups and 1 excessive Tag group (Primary Disk on my machine went to 0B when it only needs 05). Please, do check Tags before editing. GroupOrderList_SCSI_Class_2d_XP_USP4.reg 1.4 kB · 2 downloads GroupOrderList_Primary_Disk_05_XP_USP4.reg 420 B · 2 downloads GroupOrderList_Filter_0B_XP_USP4.reg 562 B · 2 downloads @modnar Thanks for your instructions. My old Inspiron laptop (650MHz Pentium 3, 512MB RAM, Sandboxie v5.22) can definitely use efficiency improvements. 1) I have run GroupOrderList_Filter_0B_XP_USP4.reg and GroupOrderList_SCSI_Class_2d_XP_USP4.reg to update the values of Filter and SCSI Class. I did not run GroupOrderList_Primary_Disk_05_XP_USP4.reg because Primary Disk had already the same value as in the .reg file. 2) CurrentControlSet/Services/dmboot has the Tag value 0b (11) and CurrentControlSet/Services/i2omgmt has the Tag value 2d (45). Should they be changed, and if so, to what value? Edited August 7, 2024 by Multibooter
modnar Posted August 8, 2024 Posted August 8, 2024 9 hours ago, Multibooter said: ... 2) CurrentControlSet/Services/dmboot has the Tag value 0b (11) and CurrentControlSet/Services/i2omgmt has the Tag value 2d (45). Should they be changed, and if so, to what value? Great! That should do it. I always leave those low level system drivers with their factory tags as they are, hence the added entries in the GroupOrderList. The key issue has been remedied. Now driver/service tags match those in the Group(load)OrderList and the system should already be/feel more responsive. Another thing is to keep your disk defragmented/in order so there are no slowdowns with loading/saving files.
Multibooter Posted August 8, 2024 Author Posted August 8, 2024 (edited) 10 hours ago, modnar said: Great! That should do it. I always leave those low level system drivers with their factory tags as they are, hence the added entries in the GroupOrderList. The key issue has been remedied. Now driver/service tags match those in the Group(load)OrderList and the system should already be/feel more responsive. 1) Thanks. Did I understand right that you would leave the two Tag values for dmboot and i2omgmt unchanged? 2) I have installed your registry fixes for Sandboxie on 2 computers and both work fine (on an SSE-only Pentium 3 laptop with v5.22 and on an SSE2 Pentium dual-core desktop with v5.40). BTW, the original installers of both v5.22 and v5.40 install "DependsOnService" instead of "DependOnService" [no "s"]. Removing the "s" is a bug fix, do you have any details of the bug, before the fix? David Xanatos has also referred to "DependOnService" [no "s"] in his posting on 10Jan2022 https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-7.443250/page-2 3) I have added your registry fixes to a posting near the front of this topic, thanks . Edited August 8, 2024 by Multibooter 1
modnar Posted August 9, 2024 Posted August 9, 2024 Quote 1) Thanks. Did I understand right that you would leave the two Tag values for dmboot and i2omgmt unchanged? Yes, dmboot and i2omgmt services stay unchanged (as they come with WindowsXP installation). Quote 2) I have installed your registry fixes for Sandboxie on 2 computers and both work fine (on an SSE-only Pentium 3 laptop with v5.22 and on an SSE2 Pentium dual-core desktop with v5.40). BTW, the original installers of both v5.22 and v5.40 install "DependsOnService" instead of "DependOnService" [no "s"]. Removing the "s" is a bug fix, do you have any details of the bug, before the fix? David Xanatos has also referred to "DependOnService" [no "s"] in his posting on 10Jan2022 https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-7.443250/page-2 Interesting... I'm glad they observed the problem before me. It took me by myself some time to really discover what kept my system back so to speak and David enthusiastically replied to me: Quote Indeed!! thanks for the bug report 14 hours ago, Multibooter said: 3) I have added your registry fixes to a posting near the front of this topic, thanks . Thank you, I'm glad the whole thing is solved - by Tag's no less. In the beginning of this process I would had never admitted it's the Tag's. I was quite focused on service altitudes of minifilters, but they weren't it...
Multibooter Posted August 11, 2024 Author Posted August 11, 2024 (edited) On 8/6/2024 at 3:42 PM, mina7601 said: Hello, you can free up some space here: https://msfn.org/board/attachments/ Thanks, I had forgotten about the size 2MB limitation. I am also reducing the size of the screenshots to be uploaded. Sandboxie v5.22 and my ancient version of Kaspersky Update on 22Feb2025: screenshots were removed from this posting, because of limited upload space. The page showing the screenshots was archived at https://web.archive.org/web/20250222143024/https://msfn.org/board/topic/186405-sandboxie-under-windows-xp/page/2/#comments I have installed, updated and run my ancient version of Kaspersky in 2 separate sandboxes of Sandboxie v5.22 on a 24-year-old Inspiron 7500 laptop (650MHz Pentium 3 SSE-only, 512MB RAM) under WinXP SP3. The findings below apply only to Sandboxie v5.22, not necessarily to v5.40 (SSE2) by David Xanatos, and only to the virus-checking features of my ancient version of Kaspersky, not to the protection components, which I have not installed. I first created 2 additional sandboxes, "Sandbox Kaspersky" and "Sandbox Kaspersky_2". as shown in the screenshot below of "Sandboxie Control", Another screenshot shows the content of the folder "M:\Sandbox\", which contains the 3 sandbox folders of Sandboxie and renamed backup copies of the sandbox folders. "Copy of Kaspersky_after_customization" is the a renamed copy of "Kaspersky" with the installed and customized trial version which has not yet been updated, the Update button is still ungreyed [=functional, 1 update is possible], size: 166MB. "Copy of Kaspersky_updated_9Aug2024" is a backup copy of "Copy of Kaspersky_after_customization" after updating the signatures. It was created by making a copy of "Kaspersky" after the successful update, size: 927 MB. After the update the Update button turned greyed out [= no more updates possible]. "Kaspersky_2" was initially created as a copy of "Copy of Kaspersky_after_customization", i.e. the Update button is still ungreyed [=functional, 1 update is possible]. On the next day "Kaspersky_2" [with the functional, ungreyed Update button] was updated. After the update the Update button turned again greyed out [= no more updates possible], size 1.24GB (much larger). A binary compare with Beyond Compare of "Sandbox Kaspersky" vs "Sandbox Kaspersky_2" indicates that temporaryFolder was 391MB larger, maybe I should have used a different Update folder location for the update of 10Aug2024 (see screenshot below). The old Pentium 3 laptop now contained two functional Kasperskys under the same WinXP. "Sandbox Kaspersky" contained Kaspersky with the signature updates of 9Aug2024, "Sandbox Kaspersky_2" contains Kaspersky with the signature updates of 10Aug2024, i.e. with updates of the following day. Edited February 22 by Multibooter 1
Multibooter Posted August 11, 2024 Author Posted August 11, 2024 (edited) The screenshots below show the "Update completed successfully" windows in sandbox "Kaspersky" (9Aug2024) and in sandbox "Kaspersky_2" (10Aug2024). Edited August 11, 2024 by Multibooter
Multibooter Posted August 11, 2024 Author Posted August 11, 2024 The screenshot below shows my ancient version of Kaspersky, installed into sandbox Kaspersky_2, while virus-checking.
Multibooter Posted August 11, 2024 Author Posted August 11, 2024 (edited) The screenshots below show the major issue of virus-checking with Kaspersky installed into a sandbox: 1) You canNOT select in the normal Windows Explorer the specific subfolders or files to be virus-checked. Kaspersky can only check whole partitions etc. For selecting files and folders for virus-checking you have to select the items in the Windows Explorer context menu. When Kaspersky is not normally installed, but installed into a sandbox, then Windows Explorer will NOT display a content menu entry "K scan for viruses". I have created a .reg file with 5 registry patches to display in the normally run Windows Explorer a content menu entry "K scan for viruses". pointing to shellex.dll in the Kaspersky folder in the sandbox, even if Kaspersky was not normally installed. The Windows Explorer context menu did then display a content menu entry "K scan for viruses". but it stayed greyed out. I fiddled around with OpenPipePath and OpenFilePath entries in Template.ini, but I couldn't establish a communication between the context menu entry in the normal Windows Explorer and the sellex.dll in the Kaspersky sandbox. Maybe the 5 registry entries were wrong, or the parameters in the OpenPipePath entry in Template.ini were, or you just cannot do it. This demonstrates that if an application does not install and run immediately in a Sandboxie sandbox, it may require very profound knowledge to get it going. This explains also the huge size of Template.ini, with the many customized holes and settings for many applications. 2) When you right-click on a partition in My Computer and select in the context menu -> Run Sandboxed -> select the sandbox with Kaspersky, you can browse to the folders/files to be virus-checked. The context menu will then display OK "K scan for viruses". The virus-checking, however, has big issues: - it it inconvenient to have to open an extra sandboxed Windows Explorer window for virus-checking - the stuff to be virus-checked will be copied into the sandbox and remain there, even after having exited Kaspersky. You now have a copy of potentially infected stuff. - the virus-checking with Kaspersky installed into a sandbox is very slow, maybe an issue for the Pentium 3, maybe less so with a more recentcomputer. - the many bugs of Sandboxie are added to the few bugs of Kaspersky For several special uses, however, installing Kaspersky into a sandbox may be quite useful (e.g. obtaining quickly additional signature updates for one-time-update trial versions, for comparing downloaded signature updates, for comparing updates of the same Database Release Date with vs. without updating application modules [=updating the installed software build]. Running two instances of Kaspersky simultaneously side-by-side I tried to run on the Pentium 3 laptop two instances of Kaspersky side-by-side (one in sandbox Kaspersky with the signatures of 9Aug2024, the other in sandbox Kaspersky_2 with signatures of 10Aug2024). Only the instance which was loaded first would run. When I selected the 2nd instance in the System Tray, the same Kaspersky came up, even if 2 Kaspersky icons were displayed in the System Tray. When I clicked on -> Exit of one of the two Kaspersky icons in the System Tray, both Kaspersky icons disappeared but the red dots in the Sandboxie icon remained, i.e. one instance of Kaspersky was still running but you couldn't access it via the System Tray anymore. Again, running 2 versions of Kaspersky consecutively works Ok, but 2 versions of Kaspersky canNOT be run simultaneously side-by-side. Edited August 11, 2024 by Multibooter 1
Guest Posted August 11, 2024 Posted August 11, 2024 Good morning guys. Your commitment to this project is commendable. SBIE version 5.55.13 Classic Edition is affected by this bug: https://www.cvedetails.com/cve/CVE-2022-28067/ Check if your version 5.40 is vulnerable and in case you can insert this patch by D.Xanatos: https://github.com/sandboxie-plus/Sandboxie/issues/1714
XP++ Posted August 11, 2024 Posted August 11, 2024 8 hours ago, Sampei.Nihira said: Good morning guys. Your commitment to this project is commendable. SBIE version 5.55.13 Classic Edition is affected by this bug: https://www.cvedetails.com/cve/CVE-2022-28067/ Check if your version 5.40 is vulnerable and in case you can insert this patch by D.Xanatos: https://github.com/sandboxie-plus/Sandboxie/issues/1714 Original documentation: https://g0ul4sh.top/2022/04/22/escaping-sandboxie-classic-5-55-13/ WINXP doesn't have NtGetNextThread API, so Sandboxie under XP might not be affected by CVE-2022-28067 1
XP++ Posted August 11, 2024 Posted August 11, 2024 On 8/5/2024 at 8:09 PM, Multibooter said: Sandboxie - Compatibility (applications) The following applications do NOT run OK in a sandbox under Windows XP: 1) Supermium 121 (2Feb2024) [SSE2: red dots appear in Sandboxie icon in System Tray, then disappear] 2) 360Chrome 86 v13.5.1030 by NotHereToPlayGames [SSE2: loads very slowly and the websites appear strange] The incompatibility of 360Chrome 86 and Supermium 121 may be an issue of Sandboxie v5.40, since the changelog of subsequent Sandboxie v5.43.6 indicates: "fixed chrome 86+ compatybility bug with chroms own sandbox" https://github.com/sandboxie-plus/Sandboxie/releases?page=16 The following applications run OK in a sandbox under Windows XP: The minimum operating system and minimum CPU are indicated in parentheses. The indicated application versions work OK in a sandbox, but are not necessarily the last/best version to run OK in a sandbox. Mypal68 v68.14.0b by feodor2 (WinXP SP3, 32bit, SSE2) Mypal68 v68.13.8b by feodor2 (WinXP SP3, SSE-only) Serpent 52 by roytam1 (WinXP SP3, SSE-only) New Moon 28 by roytam1 [WinXP SP2, SSE-only] Tor Browser v7.5.6 [time and timezone must be set correctly, last version for WinXP, WinXP SP2, SSE-only] Firefox 45ESR Jasc Paint Shop Pro v7.04 (Anniversary Edition) [WinXP SP2, SSE-only] Foxit Phantom v2.2.3.1112 (WinXP SP2, SSE-only) Random House Webster's Unabridged Ditionary v3.0 [WinXP SP2, SSE-only] Supermium can work by enabling IPC access, but I'm not sure if it's safe 3
Multibooter Posted August 11, 2024 Author Posted August 11, 2024 (edited) 4 hours ago, XP++ said: Supermium can work by enabling IPC access, but I'm not sure if it's safe Welcome to this topic and thanks! Supermium 121 (2Feb2024) now runs fine in a sandbox with this Sandboxie setting. I have updated the listing of compatible applications. When exiting Supermium, however, red dots remain in the Sandboxie icon in the System Tray. Edited August 11, 2024 by Multibooter
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now