Author Topic: sandbox part  (Read 8806 times)

0 Members and 1 Guest are viewing this topic.

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
sandbox part
« on: March 11, 2010, 02:16:17 AM »
i have ie set to run sandboxed,when i download a file and save it to my downloads or desktop the file is there.i thought if its sandboxed it shouldnt be saved?i have the box in ais settings unchecked(auto detect safe locations and exclude)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: sandbox part
« Reply #1 on: March 11, 2010, 12:42:21 PM »
I thought if its sandboxed it shouldnt be saved?
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
The best things in life are free.

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: sandbox part
« Reply #2 on: March 11, 2010, 01:00:43 PM »
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
However, if the file is saved on the computer, then, doesn't it mean that the file is out of sandbox, which is, I presume, the OP's point.  I think pk is the best person for explanation, though.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
The best things in life are free.

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: sandbox part
« Reply #4 on: March 11, 2010, 01:06:59 PM »
http://forum.avast.com/index.php?topic=56671.msg478749#msg478749
Sorry, Tech, I cannot get it.  Could you elaborate a bit?

[Edit]Never mind, I got it.  The sentence, which I "painted" red, was rather misleading, though.
Checkbox "Automatically detect safe locations and exclude them from virtualized" is checked by default, it means all downloads (in standard way) won't be virtualized. It also means, that some settings inside browsers won't be virtualized either (bookmarks, cookies, history ...). I think we'll split it into more checkboxes or rather we'll try to add more expert settings in new builds.

Add-on updates cannot be detected automatically, because when I've updated my three addons I saw a lot of internal files were modified (prefs.js, data files, ...). For now, you 'll need to run FF outside the sandbox and perform these "radical" changes there. I think we'll include a checkbox in expert settings which would allow to stop virtualizing for the entire FF profile (unchecked by default, because I guess it might be a security risk).

Quote
Thanks pk, i have to set an exclusion for addons like C:\Program Files\Mozilla Firefox\plugins\*  ??
The right entry to exclude the entire FF profile is: %AppData%\Mozilla\Firefox\Profiles\* (don't use Browse button, just copy&paste it there)

So, Bri, that's the answer from pk.  I believe pk meant any download (in standard way) won't be virtualized.[/Edit]
« Last Edit: March 11, 2010, 01:16:39 PM by Rumpel »

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #5 on: March 11, 2010, 02:17:08 PM »
now im confused.i have that box in ais settings unchecked.i dont get it?if i double click that file on the desktop will it install(it shouldnt)?

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: sandbox part
« Reply #6 on: March 11, 2010, 02:30:02 PM »
now im confused.i have that box in ais settings unchecked.i dont get it?if i double click that file on the desktop will it install(it shouldnt)?
Oops.  I guess I was confused by Tech's reply, too.  Indeed, you wrote you had the box in ais settings unchecked(auto detect safe locations and exclude).  Unfortunately, I haven't used the sandbox function after the beta phase and I don't know how it works now.  However, at that time, I couldn't save downloaded files locally.  Indeed, your case sounds odd...  ???

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #7 on: March 11, 2010, 02:41:42 PM »
it's absolutely normal (when file get saved automatically to predefined location) , this is completely expected as long as "automatically detect safe locations and exclude them from virtualization" (found in expert settings), is checked  ;D ... same goes for bookmarks etc...
 Now if your download procedure is set to ask every time where you want to download, doesn't matter whether the program is sandboxed of not, you just choose the location.
« Last Edit: March 11, 2010, 02:44:01 PM by Logos »
w7 - ais7

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: sandbox part
« Reply #8 on: March 11, 2010, 02:48:11 PM »
I thought if its sandboxed it shouldnt be saved?
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
If you run a file (a downloaded file) out of the sandbox, it's not sandboxed of course and the effects won't be "blocked".
The best things in life are free.

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #9 on: March 11, 2010, 02:54:00 PM »
i have that setting unchecked.why is it still saving the file to the desktop?it also installed perfectly fine?


it's absolutely normal (when file get saved automatically to predefined location) , this is completely expected as long as "automatically detect safe locations and exclude them from virtualization" (found in expert settings), is checked  ;D ... same goes for bookmarks etc...
 Now if your download procedure is set to ask every time where you want to download, doesn't matter whether the program is sandboxed of not, you just choose the location.
« Last Edit: March 11, 2010, 03:06:35 PM by bri »

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #10 on: March 11, 2010, 02:56:36 PM »
i have that setting unchecked.why is it still saving the file to the desktop?

OK what I described was the behavior a while ago, I'm gonna check how it works now and report back in a minute...
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #11 on: March 11, 2010, 03:08:04 PM »
OK just like I said, in Firefox (sandboxed), if downloads are set to be saved automatically to the same location, they'll go to the sandbox folder. If download location is set manually each time, you just do what you want and it's saved where you want.
 Internet Explorer doesn't allow to set an automatic download location, it just retains the last one used, so it's manual every time and will never go to the sandbox that's normal >>> this just means that it doesn't depend on a setting in Internet Explorer OK, so this can't be virtualized at the opposite of how it can be done in Firefox >>> predefined download location >>> you click save and you're not asked where >>> the predefined download folder gets sandboxed.
« Last Edit: March 11, 2010, 03:17:44 PM by Logos »
w7 - ais7

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #12 on: March 11, 2010, 03:19:26 PM »
thats crazy.as far as im concerned the sandbox part doesnt work.a file can be saved and installed even if the browser is sandboxed.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #13 on: March 11, 2010, 03:22:37 PM »
thats crazy.as far as im concerned the sandbox part doesnt work.a file can be saved and installed even if the browser is sandboxed.

I don't think you read my last post at all  ::) the behavior in IE is absolutely normal.
w7 - ais7

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #14 on: March 11, 2010, 03:28:31 PM »
are you saying that if i have ie set to always run sandboxed and i download a file i must manually download it to the sandboxed folder?if it is thats crazy.when a browser is sandboxed everything comin through that browser should also be sandboxed.it shouldnt matter where the download is set to go.
« Last Edit: March 11, 2010, 03:42:13 PM by bri »