Thinkof your PC as a piece of paper. Every program you run writes on the paper. Whenyou run your browser, it writes on the paper about every site you visited. Andany malware you come across will usually try to write itself into the paper.
Traditionalprivacy and anti-malware software try to locate and erase any writings theythink you wouldn’t want on the paper. Most of the times they get it right. Butfirst the makers of these solutions must teach the solution what to look for onthe paper, and also how to erase it safely.
Onthe other hand, the Sandboxie sandbox works like a transparency layer placedover the paper. Programs write on the transparency layer and to them it lookslike the real paper. When you delete the sandbox, it’s like removing thetransparency layer, the unchanged, real paper is revealed.
Youwould be quite safe using Sandboxie. It should be noted that, from time totime, people are able to find some vulnerability in Sandboxie, an open holethrough which malicious software can still infiltrate the system.
Sandboxiemay be your first line of defense, but it should certainly be complemented bythe more traditional anti-virus and anti-malware solutions. These solutions canlet you know if your system does become infected in any way.
Typically,those other solutions employ various forms of pattern matching to discovermalicious software and other threats. Sandboxie, on the other hand, quitesimply does not trust any software code enough to let it out of the sandbox.
- Web browsers
- mail and news readers
- instant messengers and chat clients
- peer-to-peer networking
In all caseson this list, your client-side program is exposed to remote software code,which could use the program as a channel to infiltrate your system. By runningthe program sandboxed, you greatly increase the control you have over thatchannel.
Sandboxiedoes not work on Windows 95, 98 or ME, or on Mac operating systems. There areno plans to support these environments.
There are noparticular hardware requirements. Sandboxie needs only a small amount of memoryand should have a very small impact on performance.
In theregistered version, Sandboxie can be configured to issue a warning SBOX1118 whenever aparticular program is launched outside the sandbox.
You can alsoconfigure Sandboxie to automatically sandbox particular programs, even whenthey are not launched explictly through Sandboxie.
Since version2.47, registered users can run sandboxed programs in any number of sandboxes atthe same time, while non-registered users can run sandboxed programs in onlyone sandbox at a time.
- Sandboxie must be licensed through either the Kagi online store or the PayPal online store.
- Technical support is provided through email or the Sandboxie forum.
This Agreement specificallyFORBIDS You from making copies of the
Software for purposes ofdistributing the Software into computers
or electronic media that are not owned by You. A license for
the Software may not beshared.
An exceptionto this is hereby made for owners of computer stores who sell computers, andwish to bundle Sandboxie in their new computer offering. This is permitted,provided that two conditions are met:
- 1. The customer is made aware of, and accepts, the Sandboxie EndUserLicenseAgreement.
- 2. One of the following is met:
- 2.1. An un-registered copy of Sandboxie is installed on the new computer;
- 2.2. The particular copy to be installed is registered for the sole use of the customer who is the recipient of the new computer.
If youbelieve your key should be available for you, and it is not, please contact meby email. See the Contact Author link at the very bottom of this page.
Sandboxieextends the operating system (OS) with sandboxing capabilities by blending intoit. Applications can never access hardware such as disk storage directly, theyhave to ask the OS to do it for them. Since Sandboxie integrates into the OS, itcan do what it does without risk of being circumvented.
The followingclasses of system objects are supervised by Sandboxie: Files, Disk Devices,Registry Keys, Process and Thread objects, Driver objects, and objects used forInter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs(Mutants in NT speak), Semaphores, Sections and LPC Ports. For some moreinformation on this, please see SandboxHierarchy.
Sandboxie alsotakes measures to prevent programs executing inside the sandbox from hijackingnon-sandboxed programs and using them as a vehicle to operate outside thesandbox.
Sandboxiealso prevents programs executing inside the sandbox from loading driversdirectly. It also prevents programs from asking a central system component,known as the Service Control Manager, to load drivers on their behalf. In thisway, drivers, and more importantly, rootkits, cannot be installed by asandboxed program.
It should benoted, however, that Sandboxie does not typically stop sandboxed programs fromreading your sensitive data. However, by careful configuration of the ClosedFilePathand ClosedKeyPathsettings, you can achieve this goal as well.
Yes, to someextent. First of all, your system (outside the sandbox) must not have beenalready compromised by an installed key-logger. Sandboxie can not protectagainst key-loggers that are already running outside the sandbox.
It is very difficultto reliably detect a key-logger. For a lengthy explanation, please see DetectingKeyLoggers.So the most important tool Sandboxie offers you for protection againstkey-loggers, is to delete the sandbox.
Changes tothe computing environment must eventually make their way to disk storage, ifthey are to be permanent. This obviously applies to files. But it also appliesto things like settings and preferences saved in the system registry.
Somecompeting products require a reboot before each use, because they sandbox diskstorage as a whole. They provide the operating system and everything in it witha single virtual disk, which is used to trap those permanent changes.
Sandboxiedoes not require a reboot because it sandboxes access to files, rather than tothe disk as a whole. It also sandboxes access to registry keys. It alsosandboxes access to many other classes of system components, in order to trickthe sandboxed program into believing that it isn’t being tricked.
Thislow-level sandboxing in some competing products makes it possible to install awider range of applications and system tools — including system drivers –into the sandbox. Sandboxie can install most applications into the sandbox, butnot system software.
When aprogram accesses a file, it declares what operations it plans to do on thefile: if it plans to read from the file, to write the file, to change itsattributes, and so on. Whenever a program declares any kind of write access toa file, Sandboxie copies it into the sandbox. In some cases, programs declarethey intend to write to the file when in fact they do not, but neverthelessSandboxie must copy the file into the sandbox.
Please see SandboxieRpcss
The WindowsInstaller service is a component of Microsoft Windows. Some software installation(or setup) packages require this service. The component copies files and makesregistry changes on behalf of the program being installed.
Sandboxiedoes not permit sandboxed programs to use the system Windows Installer. If thesandboxed program needs the service, it will fail and Sandboxie will tell youto start a sandboxed instance of the Windows Installer service.
- In Sandboxie Control, use the menu Options -> Run Sandboxie Control on System Startup, to stop Sandboxie Control from starting.
- Open the Windows Services configuration window: Start menu -> Control Panel -> Administrative Tools -> Services. Then locate the Sandboxie Service. Double click to bring up its properties window. Set its Startup type to Manual rather than automatic.
- The driver component of Sandboxie is started by the Sandboxie Service. Therefore, setting the service to start manually, indirectly also sets the driver to start manually.
Note forversions prior to 2.80: If you set the Sandboxie Service to start manually, youwill also need to start it manually before using Sandboxie. You canstart the service using the Windows Services configuration window.
If you useSandboxie with the GreenBorderOnline Test, the test will probably report that Sandboxie hasfailed, because test was able to copy files from the My Documents folder to afolder on the desktop named Stolen Files.
If you read What isSandboxie then you know Sandboxie is like a transparency layerplaced over the paper. (The paper is your computer.) When you save files(downloads, documents, emails, or anything else) through a sandboxed program,these files go into the transparency layer that is the sandbox.
You can use QuickRecovery toget these files out. Unless configured otherwise, QuickRecoverylooks in your My Documents folder, and Desktop folder. If you save the files toeither of these folders, then you can use QuickRecovery toeasily get them out.
Anotherapproach is configuring one or more folders as an OpenFilePath. Saving filesinto such folders bypasses the sandbox mechanism, and goes directly to the realfolders. Setting this is more complicated, but may also prove useful, in somecases.
Blogged with Flock