hany3
September 20th, 2008, 10:25 AM
hi folks ,
despite i'm relatively new to sandboxie
but after 3 days of playing with the registered version of sandoxie
i wanted to share with , u what i've learned about some hidden advantages in sandboxie beside its main job of sandboxing and isolating environments
but for now i'll only begin by 2 great features in sandboxie
1-forced folders feature "only in the registered version"
2-internet access "in the resource access settings"
lets begin
1-anti-excutable and hips like features
by using the forced folder feature u can add any drive or even all ur drives so that any program " including malwares , viruses , trojans spywares , ....." if run at any time , it will be forced to run inside the sandboxie , even if autrun automatically , so that u will have the advantage of anti-excutable coz u will know instantly which is running at he moment even if it's automatically autorun , plus the advantage of hips by limiting the behaviour of such autorun malware by running it in the isolated environment of sandboxie , also it can terminate any malware process by the feature of lingering programs , in which sandboxie terminate any excutable that continue excuting after all other programs are ended
2-protection against autoruns and viruses of the flashdisks and foreign hard disks connected to ur pc
also u can add the flash drive letters and more drive letters to the forced folder section so that any autorun malware "whatever" is forced to run in the isolated environment of sandboxie causing no harm to ur original hard disk
3-firewall like features
depending on the forced folders feature and the internet access feature we can limit the internet access of all the application on ur pc to those applications spicified by u
depending on 2 facts :
A)all applications on ur pc will be forced to run sandboxied
B)we will limit the internet access to all sandboxied applications to few appliactions specified by u
so that
the end result is :
all malwares present on ur pc including trojans , spywares , viruses ,keyloggers ....ect will be prevented to access the internet
and even if they connected the internet throught another allowed application like for example ur sandboxied browser , it will have nothing to do , because it is only allowed to run in the isolated environment of sandboxie
that was a summary of some extra-advantages that can be found in sandboxie
to be continued :,,,,
-----------------------------------------------------------
continue the 2nd part of the article
4-sandboxie for registery protection
register protection is on of the hips specific features
but using the above mention sandboxie strategy , sandboxie may offer registery protection near to this offered by other hips
-setting the forced folders settings to cover most of the hard disk
-setting the registery access for all the sandboxied programs "all the applications on the pc" according to the above condition
registery access is either
A) direct access "allowed" registery keys
B)blocked access "denied"registery keys
C)read only access
5-file and folder protection
also this feature is a hips specific feature and most of the well known hips include such feature
under the same strategy , sandboxie may offer file and folder protection near to that of hips
-forced folders feature covering most the pc"all applications on the hard disk
-setting the file access for all the sandboxied applications "in other words all the applications on the pc includings any present malwares as well"
A)direct access" files accessible to sandboxied programs"
B)full acccess"files accessible to sandboxied programs together with installed and downloaded files as well"
C)blocked access"files not accessible
D)read only acccess
also u can set which program is allowed to access certain files
and which one is completely blocked from reaching certain files
6-virtualizing feature
such feature is specific to the instant recovery sofwares like the FD-ISR , deep freeze , my favorite shadow defender , returnil ,.....and so on
understanding such feature is some what complicated "to little extent"
what are virtulaization softwares protecting the windows from
for ex.
1-installed applications
2-browser temp files
3-files copied inside the "c" drive by the simple copy and paste
4-autorun viruses and worms coming from external media . cd , or flashdisks
let's take them one by one
1-installed applications
all the applications are sandboxied even if u installed one program , the install will run in the sandbox so that no files reach the windows or the program files directory
but note "sometimes applications when installed sandboxied fails to run coz it fails to reach the registery or due to other causes and allowing registery access may solve most of such installation problems"
2-drowser temp files
as the browser is sandboxied , i think there's no problem here as this is the main fuction for which the sandboxie was 1st made
3-files copied into the system drive
for me, using a specific application like "burst copy" for copy and paste
so that running it sandboxied will cause no problem here
but if u use the normal copy and paste of the windows
i think it will not also cause any proglem
because copying 4ex. a movie in the system drive will be so easy for a child to remove or move it to any other non-system drive
4-autorun viruses , worms , trojans from external media like CDs , and flash disks
setting the forced folders to cover all the drives that are and that are not yet present on the pc from D:/ to Z:/
so that any autorun malware on such external media will be automatically sandboxied and isolated completely
"this will be discussed in details below
----------------------------------
big problem and simple solution
but while configuring the forced folders settings , u will face a big problem which is some what related to some defects in the sandboxie interface
when click forced folders ----then add folder---browse window will appear
and unfortunately u will find drives that are already present on ur hard disk ,
so how can u add other drives like the any flash disk that will be added to ur pc in the future
at 1st i used daemon tools and virtual clone drive to make virtual drives to use their letters in the forced folders settings then remove them from the daemon tools
but after a long search in the sandboxie forum i found a simple solution for this problem depending on editing the configuration notepad file of sandboxie "edit configuration"
so that u can add any all the drives letters available from D: to Z:
--------------------------------------
what is the overall strategy to use sandboxie as the only applcation so that it may replace the hips , firewalls , virtualizing softwares ,
"strategy sammary"
1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive
why???
please try to imagine with me
if we added the system drive to the forced folder so that any application on the C: drive will be forced to run sandboxied
so where is the problem???
Ohhh ,Dear
the sandboxie itself being installed on C: drive
when it runs it will be sandboxied , hehe i'm not jocking
the sandboxie will run sandboxied
sandboxie will run inside itself
and when it runs to sandboxie itselt , the latter will be also sandboxied and so on
a vicious circle will result
an endless series of sandboxies
so that when i tried to add the sytem drive to the forced folders , my theory succeeded , and the computer freezed
back to the strategy
remember 1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive
2-by editing configuration
we can add all the drive letters available to the forced folders from A: to Z:
3-using forced programs feature, we can add all the programs installed on the system drive "in the program files "
so we can add all of them one by one "ofcourse except the sandboxie itself"
so that all the applications on the hard disks are now covered
a)adding all the drive of the pc except the system drive to the forced folders section
b)adding all the installed softwares on the system drive to the forced programs
and by assuming that ur system drive contains to other hidden programs or malwares "clean system drive"
now u are supposed to have all the programs on ur pc covered"
-the non system drives are covered completely "good wares and malwares"
-the system drive , all the installed programs , assuming that it's clean "fresh windows"
4-in the internet access settings , u can add the only programs on ur pc that are allowed to acces the internet
so that all others applications on ur pc "good wares and malwares "will be blocked
5-continue configuring the sandboxie settings concerning other items :
-file access
-registery access
-IPC access
-windows access
-low level access
after all of that i've mentioned here
i hope u get some benefit from it
my friend , all of u are invited to discuss , add or remove whatever u see from all what i mentioned above
sorry for the long article
best regards
despite i'm relatively new to sandboxie
but after 3 days of playing with the registered version of sandoxie
i wanted to share with , u what i've learned about some hidden advantages in sandboxie beside its main job of sandboxing and isolating environments
but for now i'll only begin by 2 great features in sandboxie
1-forced folders feature "only in the registered version"
2-internet access "in the resource access settings"
lets begin
1-anti-excutable and hips like features
by using the forced folder feature u can add any drive or even all ur drives so that any program " including malwares , viruses , trojans spywares , ....." if run at any time , it will be forced to run inside the sandboxie , even if autrun automatically , so that u will have the advantage of anti-excutable coz u will know instantly which is running at he moment even if it's automatically autorun , plus the advantage of hips by limiting the behaviour of such autorun malware by running it in the isolated environment of sandboxie , also it can terminate any malware process by the feature of lingering programs , in which sandboxie terminate any excutable that continue excuting after all other programs are ended
2-protection against autoruns and viruses of the flashdisks and foreign hard disks connected to ur pc
also u can add the flash drive letters and more drive letters to the forced folder section so that any autorun malware "whatever" is forced to run in the isolated environment of sandboxie causing no harm to ur original hard disk
3-firewall like features
depending on the forced folders feature and the internet access feature we can limit the internet access of all the application on ur pc to those applications spicified by u
depending on 2 facts :
A)all applications on ur pc will be forced to run sandboxied
B)we will limit the internet access to all sandboxied applications to few appliactions specified by u
so that
the end result is :
all malwares present on ur pc including trojans , spywares , viruses ,keyloggers ....ect will be prevented to access the internet
and even if they connected the internet throught another allowed application like for example ur sandboxied browser , it will have nothing to do , because it is only allowed to run in the isolated environment of sandboxie
that was a summary of some extra-advantages that can be found in sandboxie
to be continued :,,,,
-----------------------------------------------------------
continue the 2nd part of the article
4-sandboxie for registery protection
register protection is on of the hips specific features
but using the above mention sandboxie strategy , sandboxie may offer registery protection near to this offered by other hips
-setting the forced folders settings to cover most of the hard disk
-setting the registery access for all the sandboxied programs "all the applications on the pc" according to the above condition
registery access is either
A) direct access "allowed" registery keys
B)blocked access "denied"registery keys
C)read only access
5-file and folder protection
also this feature is a hips specific feature and most of the well known hips include such feature
under the same strategy , sandboxie may offer file and folder protection near to that of hips
-forced folders feature covering most the pc"all applications on the hard disk
-setting the file access for all the sandboxied applications "in other words all the applications on the pc includings any present malwares as well"
A)direct access" files accessible to sandboxied programs"
B)full acccess"files accessible to sandboxied programs together with installed and downloaded files as well"
C)blocked access"files not accessible
D)read only acccess
also u can set which program is allowed to access certain files
and which one is completely blocked from reaching certain files
6-virtualizing feature
such feature is specific to the instant recovery sofwares like the FD-ISR , deep freeze , my favorite shadow defender , returnil ,.....and so on
understanding such feature is some what complicated "to little extent"
what are virtulaization softwares protecting the windows from
for ex.
1-installed applications
2-browser temp files
3-files copied inside the "c" drive by the simple copy and paste
4-autorun viruses and worms coming from external media . cd , or flashdisks
let's take them one by one
1-installed applications
all the applications are sandboxied even if u installed one program , the install will run in the sandbox so that no files reach the windows or the program files directory
but note "sometimes applications when installed sandboxied fails to run coz it fails to reach the registery or due to other causes and allowing registery access may solve most of such installation problems"
2-drowser temp files
as the browser is sandboxied , i think there's no problem here as this is the main fuction for which the sandboxie was 1st made
3-files copied into the system drive
for me, using a specific application like "burst copy" for copy and paste
so that running it sandboxied will cause no problem here
but if u use the normal copy and paste of the windows
i think it will not also cause any proglem
because copying 4ex. a movie in the system drive will be so easy for a child to remove or move it to any other non-system drive
4-autorun viruses , worms , trojans from external media like CDs , and flash disks
setting the forced folders to cover all the drives that are and that are not yet present on the pc from D:/ to Z:/
so that any autorun malware on such external media will be automatically sandboxied and isolated completely
"this will be discussed in details below
----------------------------------
big problem and simple solution
but while configuring the forced folders settings , u will face a big problem which is some what related to some defects in the sandboxie interface
when click forced folders ----then add folder---browse window will appear
and unfortunately u will find drives that are already present on ur hard disk ,
so how can u add other drives like the any flash disk that will be added to ur pc in the future
at 1st i used daemon tools and virtual clone drive to make virtual drives to use their letters in the forced folders settings then remove them from the daemon tools
but after a long search in the sandboxie forum i found a simple solution for this problem depending on editing the configuration notepad file of sandboxie "edit configuration"
so that u can add any all the drives letters available from D: to Z:
--------------------------------------
what is the overall strategy to use sandboxie as the only applcation so that it may replace the hips , firewalls , virtualizing softwares ,
"strategy sammary"
1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive
why???
please try to imagine with me
if we added the system drive to the forced folder so that any application on the C: drive will be forced to run sandboxied
so where is the problem???
Ohhh ,Dear
the sandboxie itself being installed on C: drive
when it runs it will be sandboxied , hehe i'm not jocking
the sandboxie will run sandboxied
sandboxie will run inside itself
and when it runs to sandboxie itselt , the latter will be also sandboxied and so on
a vicious circle will result
an endless series of sandboxies
so that when i tried to add the sytem drive to the forced folders , my theory succeeded , and the computer freezed
back to the strategy
remember 1-sandboxie settings ----forced folders----- add folders ----add all the drives EXCEPT "C:" system drive
2-by editing configuration
we can add all the drive letters available to the forced folders from A: to Z:
3-using forced programs feature, we can add all the programs installed on the system drive "in the program files "
so we can add all of them one by one "ofcourse except the sandboxie itself"
so that all the applications on the hard disks are now covered
a)adding all the drive of the pc except the system drive to the forced folders section
b)adding all the installed softwares on the system drive to the forced programs
and by assuming that ur system drive contains to other hidden programs or malwares "clean system drive"
now u are supposed to have all the programs on ur pc covered"
-the non system drives are covered completely "good wares and malwares"
-the system drive , all the installed programs , assuming that it's clean "fresh windows"
4-in the internet access settings , u can add the only programs on ur pc that are allowed to acces the internet
so that all others applications on ur pc "good wares and malwares "will be blocked
5-continue configuring the sandboxie settings concerning other items :
-file access
-registery access
-IPC access
-windows access
-low level access
after all of that i've mentioned here
i hope u get some benefit from it
my friend , all of u are invited to discuss , add or remove whatever u see from all what i mentioned above
sorry for the long article
best regards