Goals
1. To easily and quickly make trusted Windows applications portable by installing them into Sandboxie-Plus sandboxes.
2. To not spend hours troubleshooting each app installation due to the intricacies of Sandboxie-Plus.
Rationale
Many users have numerous trusted non-portable applications and software tools that they use. Many users (we'll call them portability-seekers) would like to have a quick and easy way to portable-ize or containerize (almost) all these applications on their systems. This would make recovery from system crashes and migrations from one system to another simple and logical.
Background
After using Sandboxie-Plus (S-P) over several years in various ways, it's apparent that S-P could solve a tremendous problem for a wide variety of users: making (almost) all software portable.
However, in reality, trying to use S-P in this way, the user is quickly bogged down by hours of troubleshooting and errors.
One challenge is that S-P derives from a legacy of substantially different focii and use cases - security isolation, software analysis, tweaking - and so its entire workflow and interface are geared toward power users who want a granular level of control over all aspects of the sandbox.
Users who are seeking portability of trusted installed apps are mostly looking for this:
1. Redirect all writes to, and reads from, system areas to the local S-P sandbox (virtualized) areas.
2. Prevent changes to system registry, and write/read changes in the local S-P sandbox virtualized registry.
There are other nuances from time to time, but that's basically it. Portability seekers just want to easily/quickly install trusted apps into sandboxes and prevent unwanted writing/reading to the system, keeping the installed apps and their actions in the sandbox while transparently allowing the apps to run successfully.
The cyan/green sandboxes seem geared toward this goal, but nonetheless, working with Sandboxie-Plus 1.16.8 over several days, only the simplest and/or most community-supported apps actually seem to install and run successfully in S-P. Approximately 85% of the apps tested here have required, at minimum, 20-30 minutes of troubleshooting each to install and run. Some require hours of research and tweaking to get installed and running correctly.
The problem is that troubleshooting often requires using tools like TaskExplorer, Sysinternals (ProcMon, ProcExp), and digging through sandboxed logs in addition to S-P's own reporting and trace tools. Most portability-seekers are going to balk at any of this. Even if they are willing to dive in, the reality of spending days and weeks troubleshooting negates future time-advantages of portability.
Even if extensive troubleshooting leads to an app being installed portably, the user is also left wondering: "Is this app really running correctly in S-P? Are there aspects of the app that are failing silently behind-the-scenes due to the mechanisms of S-P?"
Yes, for some apps there will always be complications like portability-resistant licensing schemes, specialized security implementations, etc. that will create problems. But there should still be a way for the majority of apps to simply be sandboxed and used without such a huge tweaking/troubleshooting process.
Side note: Of course, portability-seekers could use virtual machines (VMware, VirtualBox, QEMU, etc.) but this presents its own set of issues: Lack of (or imperfect) access to system hardware; maintaining a separate OS environment; complicated interactions between host and VM. A huge advantage of Sandboxie-Plus is that it runs directly on a host machine and provides the user with myriad ways to transparently connect the host OS and sandbox.
Suggestion
An "EZ portable" mode or sandbox type which simply restricts writing/reading of system directories/files and registry and which makes portable-izing trusted apps quick and easy. Not focused on security tweaking or detailed configuration, the idea would be to make installation and use of sandboxed apps as straightforward, quick and easy as possible.
1. To easily and quickly make trusted Windows applications portable by installing them into Sandboxie-Plus sandboxes.
2. To not spend hours troubleshooting each app installation due to the intricacies of Sandboxie-Plus.
Rationale
Many users have numerous trusted non-portable applications and software tools that they use. Many users (we'll call them portability-seekers) would like to have a quick and easy way to portable-ize or containerize (almost) all these applications on their systems. This would make recovery from system crashes and migrations from one system to another simple and logical.
Background
After using Sandboxie-Plus (S-P) over several years in various ways, it's apparent that S-P could solve a tremendous problem for a wide variety of users: making (almost) all software portable.
However, in reality, trying to use S-P in this way, the user is quickly bogged down by hours of troubleshooting and errors.
One challenge is that S-P derives from a legacy of substantially different focii and use cases - security isolation, software analysis, tweaking - and so its entire workflow and interface are geared toward power users who want a granular level of control over all aspects of the sandbox.
Users who are seeking portability of trusted installed apps are mostly looking for this:
1. Redirect all writes to, and reads from, system areas to the local S-P sandbox (virtualized) areas.
2. Prevent changes to system registry, and write/read changes in the local S-P sandbox virtualized registry.
There are other nuances from time to time, but that's basically it. Portability seekers just want to easily/quickly install trusted apps into sandboxes and prevent unwanted writing/reading to the system, keeping the installed apps and their actions in the sandbox while transparently allowing the apps to run successfully.
The cyan/green sandboxes seem geared toward this goal, but nonetheless, working with Sandboxie-Plus 1.16.8 over several days, only the simplest and/or most community-supported apps actually seem to install and run successfully in S-P. Approximately 85% of the apps tested here have required, at minimum, 20-30 minutes of troubleshooting each to install and run. Some require hours of research and tweaking to get installed and running correctly.
The problem is that troubleshooting often requires using tools like TaskExplorer, Sysinternals (ProcMon, ProcExp), and digging through sandboxed logs in addition to S-P's own reporting and trace tools. Most portability-seekers are going to balk at any of this. Even if they are willing to dive in, the reality of spending days and weeks troubleshooting negates future time-advantages of portability.
Even if extensive troubleshooting leads to an app being installed portably, the user is also left wondering: "Is this app really running correctly in S-P? Are there aspects of the app that are failing silently behind-the-scenes due to the mechanisms of S-P?"
Yes, for some apps there will always be complications like portability-resistant licensing schemes, specialized security implementations, etc. that will create problems. But there should still be a way for the majority of apps to simply be sandboxed and used without such a huge tweaking/troubleshooting process.
Side note: Of course, portability-seekers could use virtual machines (VMware, VirtualBox, QEMU, etc.) but this presents its own set of issues: Lack of (or imperfect) access to system hardware; maintaining a separate OS environment; complicated interactions between host and VM. A huge advantage of Sandboxie-Plus is that it runs directly on a host machine and provides the user with myriad ways to transparently connect the host OS and sandbox.
Suggestion
An "EZ portable" mode or sandbox type which simply restricts writing/reading of system directories/files and registry and which makes portable-izing trusted apps quick and easy. Not focused on security tweaking or detailed configuration, the idea would be to make installation and use of sandboxed apps as straightforward, quick and easy as possible.
