-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can sandboxie-plus work alike air gap? thx #4026
Comments
In my mind,I only know air gapped is about disconnecting from Internet.So what solution do you want? |
could you google "virtual air gap" on your own? |
In my search results, the principle of this technique is only disconnection.So you also could do it by Unpluging the network cable. |
unplug LAN cable is too tough for people, the spyware need data + internet access for it's work. so in your online system, if you remove one from the spyware, then it works alike air gap i.e. "virtual air gap". currently the sandboxie-plus /w box-data protection works alike. SBP also have build in firewall (however since i used to use simplewall so i keep on using simplewall). i am just asking if there will be more sophisticated functions, because those commercial solutions may provide more. some commercial ones are like: SBP is container i think. |
i am thinking if the proxy function could help in some way. |
What I can be sure of is that the proxy doesn't help with this. |
i think the proxy could help: suppose under an openwrt router, which is FOSS and trustable, so programs in the win10 itself, they will try access internet thru 192.168.8.1, and will be blocked. however, if with the sandboxie adv cert, depend on how well sandboxie protected the socks5's username and passwd, true LAN cable unplug with no internet access is too tough for today's life, indeep one could have 1 PC that is completely unplugged, and one that allow web browsing in this way. |
this is another setup i am thinking. problem for the win10 host is that
SBP and/or the containers could be put onto ext USB, then only problem as above mentioned is how to deal with the win10 system on drive C. i could use shadow defender for that but it would be troublesome. ps: simplewall is used to block host win10's internet access if needed. |
it seems one may only need one single openwrt router, but the setup is not fully safe yet. router ..... win10 + SBP the router could block the win10 host, one can setup a sandbox with the above info, such that the win10 host 's process are air gapped, the only problem is that i haven't have time/chance to install the adv cert version, but from this github i already knew that the proxy IP, username and password are typed into the sandbox's config by the user thru the win10 host's GUI. also, unless otherwise, the packets sent by the programs inside the sandbox will contain the proxy server IP, username and password AS PLAIN TEXT. so unless something like TLS is setup, this config is far from a working "virtual air gap" but quite close. i myself trust no body so i dislike close source windows very very much. |
Is your feature request related to a problem or use case?
i dont trust governments, neither microsoft. i could trust open source solutions.
the most safe way for me (except targeted by CIA or KGB), would be to use a air gapped win10.
however in this era, it's really almost impossible to stay so,
i am a student, i need online LLMs for help in study, need google for answers to questions.
and may be some photo/charts to help in study.
currently i just put them into a sandboxie-data protected box, and use simplewall as the firewall (i used since long time ago).
would like to hear other setups.
thank you.
Describe the solution you'd like
the developing socks5 proxy may help in other ways?
or have some control over the network?
Describe alternatives you've considered
completely plug off the lan cable.
The text was updated successfully, but these errors were encountered: