What is Sandboxie and how / when to use it?

[berryracer]

I always here about Sandboxie but I dont know what it is, what for? and when to use it

I am protected well having Bitdefender Internet Security 2013 + MBAM (on demand) + SAS (on demand) + MVPS Hosts file

I dont know why should I be using a sandboxie and how or when

please enlighten teh meh

[Sully]

I always like the analogy of a literal sandbox.

When you start a program within the sandbox, it stays there and not in the yard because of the sandbox perimeter - like a steel box that keeps the sand inside. Things that happen in the sandbox stay there, and it seems as if everything is going on as normal to the user.

However, when you get a problem in the sandbox, you rake it flat and all those castles and moats are gone, leaving a clean sandbox for you to start building in again.

One thing to remember is that if you build somthing in the sandbox that you want to keep, you have to put it in the yard before you rake it flat, or it will be lost. Think of the files you download or documents you create while you are in the sandbox, they must be taken out of the sandbox to be kept permenantely or they will be gone when you delete the sandbox.

One issue that seems to be common with users of sandboxie is they don't understand where thier files are. They went to the sandbox, and made some nice toys out of sand, and then the next day they look for those toys in the back yard. But, they are not thinking - they made them in the sandbox, so where would you expect them to find the new toys? Still in the sandbox, unless they explicitly move them to the yard.

In computer terms it is pretty easy. Every sandbox you make gets a folder created for it at c:\sandbox\<sandbox directory structure>

This sandbox folder contains everything that happens in the sandbox. What you download, the cache, anything and everything will be there. You must "recover" items from the sandbox to the real system to keep it.

Another thing people are sometimes confused about is why the contents of a given sandbox will have the exact same files and folders of thier real system. It is because, if a file is in the real system, sandboxie might make a copy of it to use in the sandbox for different reasons. This is what keeps things so nice and clean and secure. A copy is made if needed, and all work is done off the copy - so if you delete the sandbox, all your REAL files are still in order and only your NEW FILES that are in the sandbox only are deleted. So it pays to understand just what sandboxie is doing, how it segregates things apart and how you go about recovering things before you wipe a sandbox clean.

Yeah, not so techy, but I think it describes it well for those who have no idea about it.

Sul.

[Dark Shadow]

LOL I Think you mean Sandboxie. Here is a little discription of it.


Benefits of the Isolated Sandbox

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

[Hungry Man]

Sandboxie is a security program that implements a copy-on-write file system. Essentially you run an application that has read access to your file system but any time it tries to write to a file system the write gets redirected to the Sandboxie file system.

If program A tries to write a file to C:\Users\Desktop Sandboxie redirects it to C:\Sandboxie\ProgramA\Users\Desktop, which isolates the program from the file system.

Each application gets its own Sandboxie file system to live in and do as it pleases. You can also install multiple applications to the same file system.

You could even install malware to the Sandboxie file system and it wouldn't be able to touch your real file system - meaning all it takes is wiping the specific sandbox and you're free from malware.

Sandboxie also restricts Inter Process Communication - meaning Application A can't talk to Application B.

Sandboxie can also be set up to create a Mandatory Access Control sandbox - meaning that you can restrict reads/writes (separately) to specific files and folders. This can prevent remote/ local exploitation.

Sandboxie also allows blocking of internet access to specific programs/ whitelisting internet access within a sandbox. It can also allow only specific file executables to run.

You can configure to allow sandboxie to write to specific areas of your file system, which allows for ease of use and program compatibility.

[bo elam]

Quote:

Originally Posted by berryracer

I dont know why should I be using a sandiebox and how or when

I tell you why I use it. About three and a half years ago, after an ugly rootkit infection that somehow I was able to get rid on my own, I decided to look for some real protection against rootkits. All of the sudden, I had 100 programs in front of my face all telling me that they were the greatest against malware, somehow I got lucky and was able to pick a little and quiet program that was sitting in the corner, that program was Sandboxie.

I have been using the program ever since and infections don't come around anymore. Infections stopped the day I started using Sandboxie.To me, that's a very good reason to keep using SBIE and it is why I always recommend the program.

When to use SBIE? That really depends on the user. Most users start by running the browser sandboxed. That's what I did, eventually I also started running my EMail client in a sandbox and now I run just about any file or program that I regularly use in a sandbox.

Bo

[Wendi]

I also have a few questions about Sandboxie.

From what I understand, Sandboxie is program-selective compared to an LV program (such as Shadow Defender) that sandboxes (virtualizes) the entire partition, is that correct?

Does Sandboxie provide a wizard to help select the programs that you would like to run sandboxed?

Assuming that just about everyone would sandbox their browser and downloads, how do you allow ligitimate Microsoft updates to get through ?

Wendi

[berryracer]

Quote:

Originally Posted by Hungry Man

Sandboxie is a security program that implements a copy-on-write file system. Essentially you run an application that has read access to your file system but any time it tries to write to a file system the write gets redirected to the Sandboxie file system.

If program A tries to write a file to C:\Users\Desktop Sandboxie redirects it to C:\Sandboxie\ProgramA\Users\Desktop, which isolates the program from the file system.

Each application gets its own Sandboxie file system to live in and do as it pleases. You can also install multiple applications to the same file system.

You could even install malware to the Sandboxie file system and it wouldn't be able to touch your real file system - meaning all it takes is wiping the specific sandbox and you're free from malware.

Sandboxie also restricts Inter Process Communication - meaning Application A can't talk to Application B.

Sandboxie can also be set up to create a Mandatory Access Control sandbox - meaning that you can restrict reads/writes (separately) to specific files and folders. This can prevent remote/ local exploitation.

Sandboxie also allows blocking of internet access to specific programs/ whitelisting internet access within a sandbox. It can also allow only specific file executables to run.

You can configure to allow sandboxie to write to specific areas of your file system, which allows for ease of use and program compatibility.

Thank you very much sir for this nice write up and thanks to the above user as well.

To me, as nice as this may sound, this seems to be more of a headache having

I wish I could see someone using it infront of me...

I have never needed more than a good antivirus, good anti malware, and not going to stupid sites obviously in my life.....dunno if I really need this headache

[Hungry Man]

Quote:

From what I understand, Sandboxie is program-selective compared to an LV program (such as Shadow Defender) that sandboxes (virtualizes) the entire partition, is that correct?

That is correct. Shadow Defender virtualizes the registry for all programs that access it. Sandboxie only virtualizes the file system and registry for programs contained in the sandboxes.

Quote:

Does Sandboxie provide a wizard to help select the programs that you would like to run sandboxed?

I don't believe so but the UI is very simple. You simple select the .exe you wish to confine.

Quote:

Assuming that just about everyone would sandbox their browser and downloads, how do you allow ligitimate Microsoft updates to get through ?

MS downloades are handled by Windows Update, which you would run unsandboxed.

[Hungry Man]

Quote:

Thank you very much sir for this nice write up and thanks to the above user as well.

To me, as nice as this may sound, this seems to be more of a headache having

I wish I could see someone using it infront of me...

I have never needed more than a good antivirus, good anti malware, and not going to stupid sites obviously in my life.....dunno if I really need this headache

The headache is only in setting it up. Once you do this it may take a bit of playing around to get it 'just right' but it should be entirely silent after that.

You could, for example, run your browser in it. All you'd need is to allow 'Full Access' to the Downloads directory and it would be like new - or just direct access.

There is a slight learning curve to get the terminology but overall I found it very simple when I used it.

[pegr]

Quote:

Originally Posted by Hungry Man

MS downloades are handled by Windows Update, which you would run unsandboxed.

@Wendi: Just to add to that, if you want to use Internet Explorer to manually download MS updates, temporarily run IE outside of the sandbox while doing it.

[blasev]

sandboxie also can be used to maintain clean os

eg:
trying new app/game by installing it inside sandbox, if we don't like it we can always delete and gone all the trace.

its one of the "feature" that I like most

[bo elam]

Quote:

Originally Posted by Wendi

Assuming that just about everyone would sandbox their browser and downloads, how do you allow ligitimate Microsoft updates to get through ?

Wendi

If MS updates are set to be downloaded and installed automatically, Sandboxie doesn't interfere with the process. If updates are done manually, as mentioned, do the updates running IE out of the sandbox.

Bo

[IceCube1010]

Quote:

Originally Posted by berryracer

I always here about Sandiebox but I dont know what it is, what for? and when to use it

I am protected well having Bitdefender Internet Security 2013 + MBAM (on demand) + SAS (on demand) + MVPS Hosts file

I dont know why should I be using a sandiebox and how or when

please enlighten teh meh

Believe it or not, some people just use windows firewall with Sandboxie and that's it! When used correctly, this program rocks! A little tweaking is needed for complete control. Definitely worth the time to learn it.

Ice

[arsenaloyal]

Quote:

Originally Posted by bo elam

I tell you why I use it. About three and a half years ago, after an ugly rootkit infection that somehow I was able to get rid on my own, I decided to look for some real protection against rootkits. All of the sudden, I had 100 programs in front of my face all telling me that they were the greatest against malware, somehow I got lucky and was able to pick a little and quiet program that was sitting in the corner, that program was Sandboxie.

I have been using the program ever since and infections don't come around anymore. Infections stopped the day I started using Sandboxie.To me, that's a very good reason to keep using SBIE and it is why I always recommend the program.

When to use SBIE? That really depends on the user. Most users start by running the browser sandboxed. That's what I did, eventually I also started running my EMail client in a sandbox and now I run just about any file or program that I regularly use in a sandbox.

Bo

I agree with you Bo, i have been using sandboxie for the past 5 years and honestly a good firewall and sandboxie is all you need.

And at 29 Euros for the lifetime license which includes all the PC's that you personaly own (including VM'S) its the best out there.
I honestly have not encountered a single infection since i started using sandboxie.
on the flip side it does get a bit of know how,but as you said bo most users should be fine by running the browser sandboxed.
heck i cannot imagine an unsandboxed browser!

[bo elam]

Quote:

Originally Posted by arsenaloyal

heck i cannot imagine an unsandboxed browser!

I cant either. To me, running unsandboxed is the same as......being naked.

Bo

[AMD]

Quote:

Originally Posted by blasev

sandboxie also can be used to maintain clean os

eg:
trying new app/game by installing it inside sandbox, if we don't like it we can always delete and gone all the trace.

its one of the "feature" that I like most

Can you please explain how you do this. If I want to test a program, do I simply launch the .exe file in windows explorer ?

[CSKfan]

Quote:

Originally Posted by AMD

Can you please explain how you do this. If I want to test a program, do I simply launch the .exe file in windows explorer ?

Right click the executable of the program that you want to execute and click Run Sandboxed.This is one way of doing what you wanted to do.

[gugarci]

Sully and Hungry Man I love your Sandboxie explanations.
Sully yours should be in a book called "Sandboxie for Dummies".

[caspian]

Quote:

Originally Posted by berryracer

Thank you very much sir for this nice write up and thanks to the above user as well.

To me, as nice as this may sound, this seems to be more of a headache having

I wish I could see someone using it infront of me...

I have never needed more than a good antivirus, good anti malware, and not going to stupid sites obviously in my life.....dunno if I really need this headache

Hey let me tell you my story. I started reading Wilders quite some time ago. I bet I had read posts about Sandboxie for more than a year before I tried it. I figured that it was probably too advanced for me. But I finally tried it.

So here's what happened. I downloaded it and installed it. It left a little icon on my desktop. When I clicked on the icon, it opened up my web browser sandboxed. That's it. Could this possible have been any simpler or more straight forward?

Then I learned how to delete the sandbox. You just right click on the little icon in the system tray and choose "default box", "delete contents" and then a box pops up and you click on the Delete Contents button. That's it, haha! Isn't that special?

Now let me tell you a little story about a friend of mine, Jeff. He is in his 40's and is particularly clueless on the computer. I installed Sandboxie on his computer. I explained to him that it would protect him if something happened while he was browsing the internet. I told him that it was like a virtual copy of his web browser....a sort of ghost copy. Now my friend Jeff has a young nephew. He is 19 or 20. He sometimes stayed there with Jeff and would surf porn, like so many young'uns do these days. But Jeff had insisted that he ALWAYS use the Sandboxie icon to surf the web.

Well one day Jeff called and something horrible had happened. He kept getting this popup that said his computer was infected and that he needed to buy an antivirus to get rid of it. I asked him if his nephew was using Sandboxie when this happened. He said yes. So I went over to his apt. and sure enough, his home page was highjacked and there were constant popups warning of a terrible virus. So here's where the fun came in. I went down to the system tray and deleted the sandbox.....and POOF!.... It was all gone as if it had never happened. We laughed.

If you haven't at least tried Sandboxie, I personally think that you should. It is so simple and yet so amazing! I also use Shadow Defender. But I use my web browser sandboxed over top of that. I don't want any kind of infection even just for that session. A keylogger can steal a lot of information in a short period of time. So I delete the sandbox often. In between message boards, facebook or wherever. But anyway, download it and give it a try. You'll be glad you did.

[bo elam]

Nice stories, thanks for sharing Caspian.

Bo

[AlexC]

Yes, Sandboxie provides a simple and powerful protection and this combination is not very easy to find...

[Amit]

Quote:

Originally Posted by caspian

A keylogger can steal a lot of information in a short period of time. So I delete the sandbox often. In between message boards, facebook or wherever. But anyway, download it and give it a try. You'll be glad you did.

Why not set sbie to auto-delete contents of a sandbox when an app is closed?

[Sully]

To handle keyloggers, restrict processes that may run in a given sandbox, or restrict processes that are allowed network comms. Better yet, restrict both what processes may run and what processes have network comms.

As long as you have a clean system when you integrate this, you won't have to worry about keyloggers again within a given sandbox, unless you introduce one into your real system.

Sul.

[bo elam]

Quote:

Originally Posted by Sully

As long as you have a clean system when you integrate this, you won't have to worry about keyloggers again within a given sandbox, unless you introduce one into your real system.

Sul.

Installing an infected addon or installing a program that introduces an infected addon into our system can get a KL in our system. Lets be careful with the addons we use.

Bo

[TonyW]

I used to use Sandboxie regularly, especially when testing fake/rogue software. I've not done such testing for a while. I personally do not feel the need to sandbox every browsing session. In this instance I only have Wilders open in one tab; I honestly don't think it's necessary to sandbox this.