Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Sandboxie Updated to v. 4.12

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
joe schmoe Sandboxie Updated to v. 4.12
Member 4th Jun, 2014 10:02
Ranking: 38
Posts: 139
User Since: 26th Nov, 2008
System Score: 100%
Location: US
Last edited on 4th Jun, 2014 10:02

I know, this is not a security update per se, but I did have an issue, albeit a temporary one, where four of my Microsoft Visual C++ Redistributable Packages were reported as insecure by PSI 2.0.0.3003!

A new feature of the latest version is an automatic download and install of MS C++ RP 2010 (in my case, 64-bit) so as to have any C++ security updates done by Microsoft via Windows Updates, and not by the Sandboxie vendor. Prior practice was to update C++ libraries in the newest version, but this meant that the file download size was bigger by about 6-7 MB, since the newest fixed C++ RP was included.

PSI certainly did its' job as I assumed (wrongly) that the 2010 C++ version provided by Invincia was the latest secure version. Not.

-Microsoft Visual C++ 2005 Redistributable Package (x86)
-Microsoft Visual C++ 2005 Redistributable Package (x86) (64-bit)
-Microsoft Visual C++ 2008 Redistributable Package
-Microsoft Visual C++ 2010 Redistributable Package (64-bit)

Were all reported as insecure and vulnerable at the same time after installing the 4.12 version of Sandboxie! and running a full PSI scan of the system shortly after.

Question is, why would all of them be flagged, if the only change was the introduction and install of MS C++ 2010 RP?

As it was, running Windows Update and installing the SP1 version of 2010 fixed all issues.

Just wondering. But grateful Secunia does what it does.

joe-
-

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit

Post "RE: Sandboxie Updated to v. 4.12" has been selected as an answer.
Anthony Wells RE: Sandboxie Updated to v. 4.12
Expert Contributor 4th Jun, 2014 11:20
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Joe ,

As you say , the latest security improvements in Sandboxie are not strictly a "patch/security update" in PSI terms , as Maurice points out here , Secunia rules being what they are :-

http://secunia.com/community/forum/thread/show/149...

Re your problem , yesterday , my "monthly" Sandboxie auto_update check gives me 4.12 from 4.08 (4.10 fell into the gap) and my PSI weekly scan (today) does not show any outdated C++ ; my W8.1.1 64 bit is set to check for M$ updates but not to download/install . My 4.08 was a clean install on my new and fresh OS .

I do have 6 entries (rather than the four you note) for C++ as (x86) and (64 bit) one each for the 2005 , 2008 and the 2010 RP's all located in my ..ProgramFiles\CommonFiles\.. folder(s) ; no entries/references in the Sandboxie Programme Files folder .

Just the idiosyncratic aleatoires of IT and the cyberworld ; definitely beyond me (thankfully :)))

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
joe schmoe RE: Sandboxie Updated to v. 4.12
Member 4th Jun, 2014 14:16
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Anthony,

Been a bit or so since...

My error, I left out an important detail: I did not have the MS Visual C++ 2010 RP (64-bit) installed prior to downloading and installing v 4.12. This version is the one that uses a installer package (2.7 MB & internet connection required) and installs this 2010 C++ if needed. Apparently Invincia is not offering a full install executable anymore.

I've used Sandboxie since version 3.44 (likely earlier) so we're talking around 2010 or so.

Prior to v. 4.12 all I had were the three other versions of MS C++. Didn't need anything else, so 2010 wasn't on the system. Run lean and mean where I can.

A little goof there or omission. Sorry.

Still wonder why, tho.



--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
Anthony Wells RE: Sandboxie Updated to v. 4.12
Expert Contributor 4th Jun, 2014 18:36
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 4th Jun, 2014 18:38
Hi again ,

Yeah , quite a while ..

Had Sandboxie on my old XP since 2005/2006 (guessing) and the last was (probably) 4.08 ; as it's in storage , I have no idea what C++ was installed or by whom .

My W8 may well have come with C++ 2010 pre-installed by HP and my Sandboxie "auto-installs" when I agree - as per yesterday with 4.12 , so cannot throw any light on your problem ; however , if the new owners (Invincia) have given you any out of date C++ installs with 4.12 it would certainly be worth raising your problem with them .

Let us know what they have to say if you do so .

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
joe schmoe RE: Sandboxie Updated to v. 4.12
Member 8th Jun, 2014 00:11
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Anthony,

Gone to check @ Sandboxie forums... Will let u know.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
joe schmoe RE: Sandboxie Updated to v. 4.12
Member 12th Jun, 2014 00:04
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
@ Anthony,

Well, seems that Sandboxie mod does not know what caused this issue. Methinks that an earlier insecure version of MS 2010 VC was linked to and downloaded when installing the latest version, Sandboxie 4.12. This was likely due to the fact that:

a.) I did not have a prior version of 2010 VC present on my system.
b.) This scenario is not common for most home users, so he thinks my a/v detected all files downloaded from the 'net. ??? Odd response, that. Dunno where that one comes from unless he is unfamiliar with the way Secunia PSI works.

All is well, tho. At least I wasn't running around with an insecure version of VC 2010 for more than ten minutes, so that is good. ;-)

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
Anthony Wells RE: Sandboxie Updated to v. 4.12
Expert Contributor 13th Jun, 2014 18:20
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Joe ,

Just (re)checked the Sbie forum and no further input from the mod ; the "weird" experience you had seems to be pointing to be likely to be pretty specific to you - unless M$ require the older C++ 2010 RP version to be installed first and then the SP1 updater you used ??

Cyber magick !!

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
joe schmoe RE: Sandboxie Updated to v. 4.12
Member 13th Jun, 2014 20:04
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Cyber Majik?

U are probably right. Not having the 2010 version to begin with is likely what set this whole thing off.

That's the reason I went off to Sbie forums and let them know about this. :-)

Thanks.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability