you install your software into a set of separated boxes and when you exchange your laptop or re install your Windows because MSFT broke it again, you just copy your box repo onto the new system and continue where you left of on the old one. I would like to develop Sandboxie more towards a software packeting tool like the old Altiris SVS was, i.e. Sandboxie due to the basic version being restricted to one sandbox at a time, never was much about using multiple sandboxes. On one hand why not a full blown application firewall but than one can just use a 3rd party application firewall, not sure about the right balance between functionality for those that only have the windows firewall and redundancy for those with more advanced tools. Hence I would like to add a better control over the sand boxed application's network connectivity.ĭefinitely some easily accessible switch for each sandbox determining if the app inside can access the LAN, WAN or neither and not to far from it exception lists per process.
programs with unwanted Telemetry baked in.
Here my threat model is more privacy violating applications which don't use malware tactics, i.e. Sandboxie allows to restrict network access only through the ini file. So I would like to make programs inside the sandbox see an empty user account just called user without access to the actual users profile data, ideally when creating a sandbox the user would choose if its a regular sandbox like currently or an anonymous sandbox without personal data.įor hardware information that is a subject for later. Sandboxie is great to protect the system from malicious modifications but with default configuration it does not protect user data from being accessed and exfiltrated.Īlso it dos not protect the users privacy in therms of his user name and or unique hardware information like MAC-addresses or disk serial numbers, etc. The plan is long, but not very well formulated so I'll just throw in here all the ideas more or less unsorted and make a proper Roadmap out of it later on.