I have reconsidered my position and decided that I should stop fighting windmills.

I've held out so far because it was important for me to try to get a particular
message out. I appreciate those of you who chose to listen, but realistically,
I have to admit that the world at large does not care much for my message.

So I give up, and thus, without further ado:

http://www.sandboxie.com/phpbb/viewtopic.php?t=6842

Supported 64-bit Windows operating systems:
o Windows Vista with Service Pack 1 or later
o Windows 7.

The post below discusses some related technical details.

This edition of Sandboxie uses official kernel interfaces, so it does not conflict with the Kernel Patch Protection built into 64-bit versions of Windows.

File-system, registry access and cross-process manipulation in the 64-bit version is subject to strong protection which is provided by kernel mode code, just like the 32-bit version.

However, as described in the WindowsVista64 page, the 64-bit version of Sandboxie cannot use kernel mode supervision to guarantee that software in the sandbox does not connect to a service outside the sandbox. Such connections are protected only at the application level.

For this reason, the Drop Rights option is enabled by default in the 64-bit version of Sandboxie.

Wow, big reversal of opinion there tzuk! I can't say I'm not happy however. My desktop is 64-bit, and I'm considering a new laptop which may also be 64-bit. So Sandboxie support (limited as it may be) is awesome.

This brings up a question now also. How well does SB64 handle WoW64? I'm assuming it properly translates 'Program Files' and 'Program Files (x86)' and the proper registry branches?

I think everything should work as you expect. Of course if you notice any problems, I'll try to fix them.

Wow, a most interesting decision there Tzuk! I know at least one person who will be glad to hear of 64-bit support for Sandboxie.

Tzuk, I have one question, since I think you have implied it in this thread with having Drop Rights enabled by default - will using Sandboxie in a Limited User Account with a 64-bit system prevent the vulnerabilities that you're concerned about? In other words, will using Sandboxie + LUA on a 64-bit system be the equivalent to using Sandboxie + LUA on a 32-bit system with regards to security?

haha...what makes you do this which you said you won't do?

anyway,it's still good news though seems the sandboxie 64-bit edition can only be used as a software that keep the pc clean

ssj100: Best to leave the Drop Rights option enabled, unless you trust the stuff that you're installing into the sandbox.

Mature: I thought I explained what made me change my mind. I tried to bring attention to problems with kernel patch protection, maybe make a change. But most people don't care, and change is not coming. So what's the point?

Dear tzuk,

Thank you, thank you and thank you. Reading this has really made my day.

i think lots of users of sandboxie like me really appreciate the spirit of you having been responsible all the time,maybe having a little rest would help you to lay down the burden

In a nut shell it seems sandboxie 64 bit like Mature says is really only good for keeping your pc clean and preventing infection from happening in the first place.

In other words no more putting sandboxie thru the grinder and testing its containment with running malware, you can only install and run trusted programs.

with regards to windows Kernel Patch Protection is there no possible way this can be disabled?

also SSJ why haven't we seen you on wilders lately?

Hello tzuk,
thanks for the x64 version.

Can you please explain what do you mean with programmes in the sandbox to be able to connect to services outside of the sandbox?
Does that mean that (when drop my rights is not enabled) sandboxed programms are able to control services outside of the sandbox?

Thanks. Maybe I'll buy Sandboxie now.

Perhaps read the LINK and it might answer your questions.... just a thought. I mean, it's probably there for a reason, right? You even quoted it...

Wow and wow. Thanks tzuk, this is a huge relief since I had grudgingly decided to move back to 64-bit Windows 7. While a less-than-perfect Sandboxie may be distasteful in theory, in practice it's a carefully considered sacrifice I'm willing to make. I need the extra RAM. (For untrusted software, I run another instance of Sandboxie inside a virtual machine anyway.)

Sounds good, but why settle for less tzuk? try and contact MS to support kernel interfaces you need, maybe try teaming up with Ilya in order to get the big companies to listen...
How about branding the x64 vers. with another name till it guarantees equal protection to 32 bit?
How about disabling patchguard on a pc you have, then design a perfect sandboxie for 64. provide a link to a website that guides users how to disable KPG before installing sbie