Can sandboxie-plus work alike air gap? thx

[ccchan234]

Is your feature request related to a problem or use case?

i dont trust governments, neither microsoft. i could trust open source solutions.

the most safe way for me (except targeted by CIA or KGB), would be to use a air gapped win10.

however in this era, it's really almost impossible to stay so,
i am a student, i need online LLMs for help in study, need google for answers to questions.
and may be some photo/charts to help in study.

currently i just put them into a sandboxie-data protected box, and use simplewall as the firewall (i used since long time ago).

would like to hear other setups.

thank you.

Describe the solution you'd like

the developing socks5 proxy may help in other ways?

or have some control over the network?

Describe alternatives you've considered

completely plug off the lan cable.

[love-code-yeyixiao]

In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want?

[ccchan234]

In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want?

could you google "virtual air gap" on your own?
thank you

[love-code-yeyixiao]

virtual air gap

In my search results, the principle of this technique is only disconnection.So you also could do it by Unpluging the network cable.
You didn't say what you want,disconnecting in global or only for sandboxed processes?

[ccchan234]

virtual air gap

In my search results, the principle of this technique is only disconnection.So you also could do it by Unpluging the network cable. You didn't say what you want,disconnecting in global or only for sandboxed processes?

unplug LAN cable is too tough for people,
so some solutions are there for an online system, somehow make it harder for spyware to send back user data.

the spyware need data + internet access for it's work.

so in your online system, if you remove one from the spyware, then it works alike air gap i.e. "virtual air gap".

currently the sandboxie-plus /w box-data protection works alike.

SBP also have build in firewall (however since i used to use simplewall so i keep on using simplewall).

i am just asking if there will be more sophisticated functions, because those commercial solutions may provide more.

some commercial ones are like:
Ericom Software
https://www.ericom.com › Glossary
·
翻譯這個網頁
Virtual Air Gaps:Employs virtualization to isolate systems within the same physical hardware. Though connected, these virtual instances are shielded from each ..

SBP is container i think.

[ccchan234]

i am thinking if the proxy function could help in some way.
i cant test it so i dont have any idea how it works in SBP yet.
let's see. thanks

[love-code-yeyixiao]

What I can be sure of is that the proxy doesn't help with this.
Have you tried Encryption Box?

[ccchan234]

What I can be sure of is that the proxy doesn't help with this. Have you tried Encryption Box?

i think the proxy could help:

suppose under an openwrt router, which is FOSS and trustable,
there is a linux socks5 proxy server (trustable).
the win10 IP 192.168.8.3 is blocked for internet in openwrt, but allowed in local LAN.

so programs in the win10 itself, they will try access internet thru 192.168.8.1, and will be blocked.

however, if with the sandboxie adv cert,
which i dont have now.
i'll believe it ask for a socks5 proxy server, username and passwd,
and the programs inside the sandboxie could route thru IP .8.3, into .8.2 and then go internet.

depend on how well sandboxie protected the socks5's username and passwd,
if a spyware on the win10 host /w admin right still COULD not obtain the proxy username and passwd,
then the system is practically air gapped (for the host win10) but still allow web browsing.

true LAN cable unplug with no internet access is too tough for today's life,
so fake air gap systems, that allow web browsing, but with some mechanism to prevent spyware sending data back,
is one way.

indeep one could have 1 PC that is completely unplugged, and one that allow web browsing in this way.

[ccchan234]

this is another setup i am thinking. problem for the win10 host is that

1. it may want M$ update,
2. wechat voice chat + recorder may need direct access and cant go under sandboxie.
3. i use google drive client to upload/dnld huge files e.g. 750GB/day

SBP and/or the containers could be put onto ext USB,
all with box-DP.
the lowest thus dont have access to data and could be used for danger software.
the middle one is with internet access removed, could be used for e..g notepad
the top one used only for trustable software, as they have both internet and access to your data.

then only problem as above mentioned is how to deal with the win10 system on drive C.

i could use shadow defender for that but it would be troublesome.

ps: simplewall is used to block host win10's internet access if needed.

[ccchan234]

it seems one may only need one single openwrt router, but the setup is not fully safe yet.

router ..... win10 + SBP

the router could block the win10 host,
yet the router would have a socks5 proxy server e.g. i used sockd aka dante, requiring username + passwd.

one can setup a sandbox with the above info, such that the win10 host 's process are air gapped,
but the programs inside the sandbox can route thru sockd and get on internet.

the only problem is that i haven't have time/chance to install the adv cert version, but from this github i already knew that the proxy IP, username and password are typed into the sandbox's config by the user thru the win10 host's GUI. also, unless otherwise, the packets sent by the programs inside the sandbox will contain the proxy server IP, username and password AS PLAIN TEXT. so unless something like TLS is setup, this config is far from a working "virtual air gap" but quite close.

i myself trust no body so i dislike close source windows very very much.
i would like to use it safely. thanks