Sandbox with exclusive network access

[dly]

Hello all!

I've been pouring over all the features that you have baked into Sandboxie-Plus recently (Amazing job, love this program), and came up with an idea, but I'm not sure how feasible it is, so I'll let you tell me if this is do-able:

Have a sandbox that takes over exclusive access to a network card. Ideally this would allow for taking over a wireless card too. Use case would be this: Say I walk into a public location and want to browse the internet, or set up a VPN or something, and all I have is the public hotspot to attach to. As soon as I connect my laptop to the wifi, it will automatically be trying to grab updates, and various other bits of information that I don't want it doing. Instead, I spin up the 'exclusive network box' which would take the card's use away from the local machine, and attach it to the box. From there I could browse the internet without worrying about my local machine using the opportunity to grab all my emails or check for updates immediately. As a stretch goal the box might even be able to present a network interface back to the local machine, so I could set up a vpn from within the box, and present only the vpn tunnel back to the local machine.


Thoughts?

 

[bastik-1001]

I'd also like to know if that is feasible, for either Sandboxie or MajorPrivacy.

If it were possible it appears, that whatever is going to intercept communication to the network card needs to start as early as possible, since data can be sent before Sandboxie or MajorPrivacy are ready.

Maybe a virtual machine could be used, while the host gets denied access, the guests could only be allowed to access the network if the user wishes to do so.

 

[dly]

In my pea brain, my thought is that if the box can take ownership of the card, then it would flow kinda like this:

1. Laptop currently in Airplane mode/WIFI off (preventing the data from being send prior to box creation)
2. Spin up NIC-Exclusive box, laptop loses access to NIC
3. Turn on WIFI from within Box
   1. Configuration of SSID's may need to be input ahead of time in the config.ini or something, or even better presented with a selection similar to the wifi connection screen
4. Browse and/or setup VPN within the box
5. Click checkbox to allow internal networking from box to local machine after VPN is established
6. Assuming the wifi is the only internet connection, the resulting effect is that the local machine's internet now flows exclusively through the box and then to the internet

Virtual machines can absolutely do this, but if Sandboxie-Plus can do it, then it would be a much lighter weight and faster setup of a protected internet for the machine.

 

[bastik-1001]

Just in case, someone is looking for this, the request is tracked here. It is not fully possible, but the developer thinks there might be options to get some of it to work, although it would not be easy:

this is not compatible with how windows operates, we could perhaps create some hacks using windows firewall but its complicated we need at least parts of windows to keep networkaccess like the DNS client HDCP clietn etc pp...

 

[dly]

Just in case, someone is looking for this, the request is tracked here. It is not fully possible, but the developer thinks there might be options to get some of it to work, although it would not be easy:

Yes, thank you for posting that here. I saw your pin about how feature requests are actually put into Github, so I decided to try and make it easier for them to track/respond, and didn't follow up here. Honestly a little bummed, but I totally get that they have to work in the constraints of what Windows allows, so it is what it is. Still very happy to be able to support this wonderful piece of software!