1. Run all high risk programs in a sandboxor virtual machine
The important point is that while running in the sandbox, theprograms have no get at to your PC.
Any files you download are marooned to the sandbox. Similarly,any programs that are executed only do so within the sandbox and have no accessto your normal files,the sand box created a PC environment within the sandboxitself not in the Windows operating system or indeed any other part ofyour PC.
This means that that if you get infected by malware while usingthe sandbox your “actual” computer is not touched on. Furthermore youcan close the sandbox and all that’s within it is erased including anyinfections, leaving alone your real PC in a clean and pure state.
. There are also some fantabulous sandboxing programs around includingfreeware guide the donation ware utility “SandBoxie.”
Files in the sandbox are not really permanently on your computerunless you by choice move them from the sandbox to your actual PC. If you closethe sandbox without moving them they will be missed eternally.
Infections thatare obtained in the virtual machine cannot affect the actual PC.Similarly shutting down the virtual PC removes all line of infection.
From a users perspective sandboxing is a better bet than fullyvirtualisation solutions . But the most prime thing is that user’s have to bedisciplined at using this .
What is Sandboxie and howis it different thanother solutions?
Thinkofyour PC as a piece of paper. Every program you run writes on the paper. Whenyourun your browser, it writes on the paper about every site you visited. Andanymalware you come across will usually try to write itself into the paper.
Traditionalprivacyand anti-malware software try to locate and erase any writings theythink youwouldn’t want on the paper. Most of the times they get it right. Butfirst themakers of these solutions must teach the solution what to look for onthe paper,and also how to erase it safely.
Ontheother hand, the Sandboxie sandbox works like a transparency layer placedoverthe paper. Programs write on the transparency layer and to them it lookslikethe real paper. When you delete the sandbox, it’s like removing thetransparencylayer, the unchanged, real paper is revealed.
Youwouldbe quite safe using Sandboxie. It should be noted that, from time totime,people are able to find some vulnerability in Sandboxie, an open holethroughwhich malicious software can still infiltrate the system.
Thishappensonce every few months, on average, and is quickly resolved by closingthe holethat is the attack vector.
Thusit’sa good idea to have more traditional anti-malware software. This is isthesubject of the following question.
Sandboxiemay be your first line of defense, but it shouldcertainly be complemented bythe more traditional anti-virus and anti-malwaresolutions. These solutions canlet you know if your system does become infectedin any way.
Typically,those other solutions employ various forms ofpattern matching to discovermalicious software and other threats. Sandboxie, onthe other hand, quitesimply does not trust any software code enough to let itout of the sandbox.
Thecombination of the two approaches should keep malicioussoftware — which isserving the interest of other unknown parties — out ofyour computer.
What kinds of programs can Irun using Sandboxie?
You should beable to run most applications sandboxed.
- Web browsers
- mail and news readers
- instant messengers and chat clients
- peer-to-peer networking
- in particular, online games which download extension software code)
In all caseson this list, your client-side program is exposed toremote software code,which could use the program as a channel to infiltrateyour system. By runningthe program sandboxed, you greatly increase the controlyou have over thatchannel.
Sandboxieworks on Windows 2000, Windows XP, Windows VistaandWindows Server 2003. There is some support for 64-bit versions of Windows:see the downloadpage.
Sandboxiedoes not work onWindows 95, 98 or ME, or on Mac operating systems. There areno plans to supportthese environments.
There are noparticularhardware requirements. Sandboxie needs only a small amount of memoryand shouldhave a very small impact on performance.
In theregistered version, Sandboxie can be configured to issue awarning SBOX1118 wheneveraparticular program is launched outside the sandbox.
You can alsoconfigureSandboxie to automatically sandbox particular programs, even whenthey are notlaunched explictly through Sandboxie.
Since version2.47, registeredusers can run sandboxed programs in any number of sandboxes atthe same time,while non-registered users can run sandboxed programs in onlyone sandbox at atime.
Yes. You mayuse the Sandboxie software on any number of computersthat you, as anindividual, own. This does not apply to commercial use. Pleasesee the EndUserLicenseAgreementformore information.
You may notuse Sandboxie commercially as-is, but acommercial organization mayevaluate Sandboxie. Please contact the author todiscuss specific licensingterms. The following terms are non-negotiable.
- Sandboxie must be licensed through either the Kagi online store or the PayPal online store.
- Technical support is provided through email or the Sandboxie forum.
This AgreementspecificallyFORBIDS You from making copies of the
Software for purposesofdistributing the Software into computers
or electronicmedia that are not owned by You. A license for
the Software may notbeshared.
An exceptionto this is herebymade for owners of computer stores who sell computers, andwish to bundleSandboxie in their new computer offering. This is permitted,provided that twoconditions are met:
- 1. The customer is made aware of, and accepts, the Sandboxie EndUserLicenseAgreement.
- 2. One of the following is met:
- 2.1. An un-registered copy of Sandboxie is installed on the new computer;
- 2.2. The particular copy to be installed is registered for the sole use of the customer who is the recipient of the new computer.
Registrationkeys are not sent by email. Visit this pageto receive yourregistration key. Your key should be available for you one hourafter paymenthas been made.
If youbelieve your key shouldbe available for you, and it is not, please contact meby email. See the ContactAuthor link at the very bottom of this page.
Sandboxieextends the operating system (OS) with sandboxingcapabilities by blending intoit. Applications can never access hardware such asdisk storage directly, theyhave to ask the OS to do it for them. SinceSandboxie integrates into the OS, itcan do what it does without risk of beingcircumvented.
The followingclasses of system objects are supervised bySandboxie: Files, Disk Devices,Registry Keys, Process and Thread objects,Driver objects, and objects used forInter-process communication: Named Pipesand Mailbox Objects, Events, Mutexs(Mutants in NT speak), Semaphores, Sectionsand LPC Ports. For some moreinformation on this, please see SandboxHierarchy.
Sandboxie alsotakes measuresto prevent programs executing inside the sandbox from hijackingnon-sandboxedprograms and using them as a vehicle to operate outside thesandbox.
Sandboxiealso preventsprograms executing inside the sandbox from loading driversdirectly. It alsoprevents programs from asking a central system component,known as the ServiceControl Manager, to load drivers on their behalf. In thisway, drivers, and moreimportantly, rootkits, cannot be installed by asandboxed program.
It should benoted, however,that Sandboxie does not typically stop sandboxed programs fromreading yoursensitive data. However, by careful configuration of the ClosedFilePathandClosedKeyPathsettings,you can achieve this goal as well.
Yes, to someextent. First of all, your system (outside thesandbox) must not have beenalready compromised by an installed key-logger.Sandboxie can not protectagainst key-loggers that are already running outsidethe sandbox.
You may wantto consider always browsing sandboxed, so you don’taccidentally get anykey-loggers into your system.
It is very difficultto reliably detect a key-logger. For a lengthyexplanation, please see DetectingKeyLoggers.Sothe most important tool Sandboxie offers you for protection againstkey-loggers,is to delete the sandbox.
When you stopall sandboxed activity (in all sandboxes), thenproceed to delete the sandboxyou’re about to use, you can be fairly certainthat all key-loggers are dead.
Changes tothe computing environment must eventually make their wayto disk storage, ifthey are to be permanent. This obviously applies to files.But it also appliesto things like settings and preferences saved in the systemregistry.
Somecompeting products require a reboot before each use, becausethey sandbox diskstorage as a whole. They provide the operating system andeverything in it witha single virtual disk, which is used to trap thosepermanent changes.
The operatingsystem is not designed to use one disk for sometasks, and another disk forother tasks. Therefore a reboot is required toswitch to and from the virtualdisk.
Sandboxiedoes not require a reboot because it sandboxes access tofiles, rather than tothe disk as a whole. It also sandboxes access to registrykeys. It alsosandboxes access to many other classes of system components, inorder to trickthe sandboxed program into believing that it isn’t being tricked.
Thislow-level sandboxing in some competing products makes itpossible to install awider range of applications and system tools — includingsystem drivers –into the sandbox. Sandboxie can install most applications intothe sandbox, butnot system software.
It becomesapparent that, like most other things, each tool has itsadvantages anddisadvantages, and one must choose the best tool for the task athand.
Not allmessages are errors, some simply inform you of an eventthat has occurred. Formore information, please see CommonMessages
When aprogram accesses a file, it declares what operations itplans to do on thefile: if it plans to read from the file, to write the file,to change itsattributes, and so on. Whenever a program declares any kind ofwrite access toa file, Sandboxie copies it into the sandbox. In some cases, programsdeclarethey intend to write to the file when in fact they do not, butneverthelessSandboxie must copy the file into the sandbox.
Please see SandboxieRpcss
The WindowsInstaller service is a component of Microsoft Windows.Some software installation(or setup) packages require this service. Thecomponent copies files and makesregistry changes on behalf of the program beinginstalled.
Sandboxiedoes not permit sandboxed programs to use the systemWindows Installer. If thesandboxed program needs the service, it will fail andSandboxie will tell youto start a sandboxed instance of the Windows Installerservice.
In this case,use the SandboxieControl action Run Sandboxed -> Windows Installer Service,tostart the sandboxed instance. Then re-run the failed installation.
Please seefull article: EmailProtection.
By defaultSandboxie is configured to load and start automatically.To have Sandboxie loadonly when you need it, make the following changes.
- In Sandboxie Control, use the menu Options -> Run Sandboxie Control on System Startup, to stop Sandboxie Control from starting.
- Open the Windows Services configuration window: Start menu -> Control Panel -> Administrative Tools -> Services. Then locate the Sandboxie Service. Double click to bring up its properties window. Set its Startup type to Manual rather than automatic.
- The driver component of Sandboxie is started by the Sandboxie Service. Therefore, setting the service to start manually, indirectly also sets the driver to start manually.
Note forversions prior to 2.80: If you set the Sandboxie Serviceto start manually, youwill also need to start it manually before usingSandboxie. You canstart the service using the Windows Services configurationwindow.
In version2.80 and later, starting Sandboxie Control will alsostart the service. (Butnote that Administrative rights are required to start aservice.)
If you useSandboxie with the GreenBorderOnlineTest, the test will probably report thatSandboxie hasfailed, because test was able to copy files from the My Documentsfolder to afolder on the desktop named Stolen Files.
But thiscan’t really be considered a failure on the part ofSandboxie.
First, thedefault Sandboxie settings do not block any files frombeing read, andthis includes the files in My Documents. But see ClosedFilePathformore information.
The secondreason why Sandboxie hasn’t failed, is that the StolenFiles folder iscreated within the sandbox.
You may notsee all your folders in Quick Recovery, as only a feware configured by defaultin the initial installation. See also QuickRecovery
If you read What isSandboxiethen you know Sandboxie is like a transparency layerplaced over the paper. (Thepaper is your computer.) When you save files(downloads, documents, emails, oranything else) through a sandboxed program,these files go into the transparencylayer that is the sandbox.
You can use QuickRecovery toget these files out. Unlessconfigured otherwise, QuickRecoverylooks in your My Documents folder, andDesktop folder. If you save the files toeither of these folders, then you canuse QuickRecoverytoeasily get them out.
Anotherapproach is configuring one or more folders as an OpenFilePath. Saving filesinto such folders bypassesthe sandbox mechanism, and goes directly to the realfolders. Setting this ismore complicated, but may also prove useful, in somecases.
This happensfor some people. Try this program:
For moreinformation, please see a forum discussion on this issue:
So,all you need is a good firewall and agood anti-virus program and good anti-spyware programme . Aggregating these with a good sandbox and you will have better security than other userswho employ five or more different levels of active securitysoftware/freeware protective cover
Your PC will be faster; a counterpoint to machines runningmultiple security protection products.
This article updated on Dec. 30 2007
Blogged with Flock