yes I have uac disabled, it drives me up the walls. So then if it does not sandbox the plugins what is the point of having the sandbox? Almost all exploits are actually in the plugins ( java/sdobe pdf/flash)?
Did ask about this aspect because Chromium implementation uses privilege stripping as part of its sanboxing approach.
If it is possible to confirm that is possible to affect this by changing UAC setting there might be a way to enforce more severe restrictions even when UAC is disabled.
As observed the drawback is that not all plugins might be designed to run sanboxed in such way and it might be necessary to trade safety by using -trusted-plugins exceptions
It would be still possible to prevent plugins to access System32 folders by having them run under the same privileges of non admin accounts.
On UAC enabled OS it would be also possible to use Mandatory Integrity Control (I don’t know what happens if UAC is disabled).
Guess you should make at least a distinction between (by remote) exploitable vulnerabilities and exploits. In any case feel free to link some 3rd party resource that outline overall statistics that compare plug-ins and browsers frequency as exploitable attack vectors.
Just a note…I’ve been using Sandboxie for several months now. This is my understanding of how it works…Any existing files that it needs to use (browser files, for example) it makes a copy of them inside the sandbox. Any files that it needs to create are also in the sandbox. So you’re not using the original files, and when you delete the contents of the sandbox, everything is erased. As an example, say I disable an extension within Dragon while outside the sandbox. Then I can open it inside the sandbox and it will be disabled. But if I re-enabled it while inside the sandbox, when I close it and reopen it, the extension will once again be disabled, because the action was not made permanent, i.e. it was not modified outside the sandbox. Hopefully this is clear. Sandboxie has many features, once of which is to strip admin rights, and also to create a whitelist of programs that can run inside the sandbox. It’s pretty sweet. I use it with all of my browsers…I have to disable it in order to update though, for the same reasons discussed above.
so just for clarification, do plugins run in the sandbox when uac is on or off or do they run outside the sandbox regardleass of whether uac is turned on or off?