ssj100 wrote:Tom T. wrote:With Admin privilege?
Not sure what this has to do with Sandboxie potentially causing the issue when I can reproduce it
outside of Sandboxie?
I'm asking whether the non-sandboxed issue occurs only in the Limited User Account, in which case, the LUA is not giving permission to make NS config changes. That's why I asked if it occurs when you run as Admin, non-sandboxed. In that case, it should save, always. If it doesn't, then there's a puzzle to solve.
There could also be a lack of Sandboxie permisssions, which is why I asked whether you are able to save cookie permissions, bookmarks, etc. (Yes, it is actually possible to have two issues at the same time.
Ronen Tzur (Tzuk) should be answering the question of how to do this, but
*unoffically*, here are my *personal* edits to the SB config file that are relevant to this issue. (Others are needed depending on what other add-ons you have installed). I take no responsibility for anyone else using them. Your setup may be different. Use at your own risk only. Newer versions of SB may change these; I have an older version. Ask RT.
Code: Select all
OpenFilePath=firefox.exe,%AppData%\mozilla\firefox\profiles\*\cert8.db
OpenFilePath=firefox.exe,%AppData%\mozilla\firefox\profiles\*\cookies.sqlite
OpenFilePath=firefox.exe,%appdata%\mozilla\firefox\profiles\*\permissions.sqlite
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\prefs.js
Tom T. wrote:Exactly. Which is why it's not saving the "disable ABE" change that you made *inside the VM*.
ssj100 wrote:I think you have mis-understood (or perhaps you're not familiar with how VM's work?).
I am familiar with VM. The full scenario was not described. I understood you to mean that when you closed the VM, the next restart re-enabled ABE. No worries; you've described it now.
ssj100 wrote: I disable ABE within the VM and then I quit Firefox (all within the same session). When I open Firefox again (within the same session), ABE is magically re-enabled. This has nothing to do with going back to a baseline snapshot and losing settings. This is easily reproducible for anyone using a VM.
*That* is what was missing before: that you were in the same VM, never closed, but only closing/restarting Fx. Thank you.
So, the same questions: Is Fx sandboxed *within the VM*? If so, see the above SB permissions needed.
Do you have Admin privilege *within the VM*? If still running as LU, the VM may very properly not grant you privilege to change these settings, because the VM is supposed to act exactly as the HD copy would.
If you want to make a permanent save of changes through both Sandboxie and VM, you'll need to grant permissions to *both*. Naturally, going back to baseline will lose whatever was changed from the baseline.
Tom T. wrote:Please share this information with your readers.
ssj100 wrote:It's not really my forum.
Oh. Perhaps I was misled by "ssj100 Security Forums", and your name as Admin. Silly me.
ssj100 wrote: If you want to spread more information on that web-site about NoScript, feel free to join and post. I never said NoScript is not useful. I just said NoScript is arguably less useful (I also said it with a laugh haha) when using Sandboxie (with my security setup/approach). For example, when I do online banking now, only my bank IP can communicate with my system. That alone probably defeats any malicious data mining.
I may accept the invitation to post at that thread, if time permits. (Have spent a lot of time on this issue, as you have.)
Sounds like a firewall config, which is cool. But some banks do call data-mining scripts and run them. Not sure if your IP lock defeats that, cuz I don't know the details of how you did it, but NS prevents that by your allowing bank.com and default-denying dataminer.com.
ssj100 wrote:However, I also use a sandboxed browser for banking/transactions which always empties when the browser closes. This means I go straight to my banking web-site with what is pretty much a freshly installed browser with no cookies/history etc.
Assuming that you meant "fresh" sandboxed browser to start (previously closed and dumped), then yes, that is exactly the right thing to do. Kudos.
ssj100 wrote:Anyway, I still don't understand why ABE requires real system hardware access to save its configuration? Are you saying it can't be fully tested in a VM? Can you please explain why exactly that is the case? Thanks.
ABE should work perfectly well in a VM. You just need to configure it in your "baseline" snapshot, and make any changes in that baseline itself. Otherwise, as said before, changes made during a session will be lost when the VM session ends.
ssj100 wrote:Regardless, I always have ABE enabled now (I can't disable it anyway because of this "bug"), and it doesn't appear to affect any web-sites. So it's all good I guess. It's just a little odd that I'm the only one noticing this "bug", or at least the only one making any noise about it.
Which is why I still suspect the various permissions issues discussed above. If you're happy, fine, especially since ABE no longer breaks sites for you.
Still curious about the "can't disable", but no, no one else has reported it, and I can't reproduce it. So whether you want to investigate what's up above is up to you.
Please let us know either way. If the investigation isn't going any farther, I'd like to mark the topic "Resolved".
ETA:
But I was surprised that I could reproduce it in a freshly installed Windows XP (Administrator account, unsandboxed).
dhouwn and you posted while I was writing that very long post; hence, I missed that part about Admin unsandboxed.