Sandboxie Delete Contents question

[Page42]

Newer Sandboxie user here.
Is there a way for me to Delete Contents of a web browser (IE8 ) sandbox without closing every browser window?
Currently I am using one sandbox for everything, and when I have multiple tabs open, like 5 or 6 websites, it seems like it would be cool to periodically delete the contents but not lose the web pages.
That's probably not possible, is it?

[J_L]

Take a look at this: http://helpdeskgeek.com/how-to/reopen-closed-tabs-ie/

[Page42]

Hi J L

Great tip, but for some reason it doesn't work for me.
I had 4 sandboxed browser windows open, including two where I was logged into a forum.
I Deleted Contents of the browser, all windows disappeared, then I opened one new sandboxed browser window and chose Reopen Last Browser Session. The tab I initially opened stayed blank, and only one more window opened, for a total of one out of four. Neither of the logged in forum windows opened either.

Edit in: As a test, I shut down SBIE, deleted contents, then opened 4 unsandboxed browser windows.
I then used Task Manager to close all iexplore.exe processes.
Upon reopening a window, IE8 asked if I wanted to reopen the old browser session.
I said Yes
and three out of four opened, including logged in forums.

[shadek]

Excuse me for stealing this thread a bit, but I have a question about deleting content in sandbox. Say I force Chrome to run sandboxed, and Chrome eventually updates itself. When I delete the sandboxed content, will my new Chrome version still remain or will it revert back to the original version of the browser?

[Sully]

@Page42

One would first ask, if everything is sandboxed, what would the advantage be to "periodically" delete the contents? It might prove useful, who can say, but probably not something used daily. I have never tested this though. Normally when a process is started (like IE ), files it uses are "locked" from deletion/modification. So typically, you could not delete "everything", but maybe those things not in use. I don't know how sandboxie handles this, but I should imagine the same as normal, meaning if the browser process is running, you can't delete (all) of the sandbox. It may be coded (again, haven't tested) to allow deletion of all objects not "locked" or it may be coded so that if "any" object is "locked" then the entire sandbox is denied deletion "until" all process (within the sandbox) are terminated.

@Shadek

Your question is, IMHO, the most common type of question. It relates to the fundamentals of how Sandboxie virtualizes the objects and containers. Many new users and some long time users struggle to understand it. No worries though, you only have to invest a small amount of time to learning about it, then it makes a lot of sense.

I find it best to refer to your OS and the underlying system as your "yard". Sandboxie creates one or more sandboxes in your yard. Each sandbox has a perimeter built of concrete etc which keeps the sand where it belongs, out of your yard and in the sandbox.

If you have a lawn chair in your yard, and you want to use it in your sandbox, sandboxie uses its "replicator gun", zaps the lawn chair, then places an exact duplicate in the sandbox. Now you may sit in the chair or just look at the chair as long as you like. When you are done with the chair (close the application), the replicated chair is gone, and the original is unaffected by whatever you did. (this is an analogy remember, so it is not truly what is happening )

Now, suppose that while you were sitting in your replicated lawn chair, in your sandbox, you decided to apply a fancy drink holder to the lawn chair. Since this is a modification of the lawn chair, sandboxie will no longer just remove it, nor will it modify the real lawn chair. Instead, it will create an area (directory) in the sandbox (c:\sandbox\boxname\etc\etc) that looks exactly like the yard, and place the replicated and modified lawn chair there.

The next time you go into the sandbox, that replicated and modified lawn chair is still there, and in fact will be until you delete the sandbox or the replicated chair. You use it indefinately.

But, when you decide to delete your sandbox, you rake it flat and that chair and all else is gone. If you updated the chair with a new model within the sandbox, it is gone. If you built a huge sandcastle, it is gone. All of it is gone.

Now, after deleting the sandbox, you go into it again, and decide you want that lawn chair again, the same process happens. If the lawn chair is still the same as it was, then you get the same thing. You can modify it again, you can upgrade it again, anything you want. But, unless you go out of the sandbox, and into the yard, and do something to the real lawn chair, it will never be any different.

EDIT: this of course does not address exceptions that might be used. You might give the sandbox "direct access" to the chair. So in the analogy, when you want to use the lawn chair, sandboxie replicates it and you use it in the sandbox. If you then, while in the sandbox, modify the lawn chair by adding a fancy cup holder, and you have allowed sandboxie direct access to the lawn chair, then the cupholder is actually placed on the real lawn chair in the yard. In this way, it allows you to keep "most" of what happens in the sandbox, but if needed "allow specific items" to be manipulated for real.

Sul.

[shadek]

Quote:

Originally Posted by Sully

@Shadek

Your question is, IMHO, the most common type of question. It relates to the fundamentals of how Sandboxie virtualizes the objects and containers. Many new users and some long time users struggle to understand it. No worries though, you only have to invest a small amount of time to learning about it, then it makes a lot of sense.

I find it best to refer to your OS and the underlying system as your "yard". Sandboxie creates one or more sandboxes in your yard. Each sandbox has a perimeter built of concrete etc which keeps the sand where it belongs, out of your yard and in the sandbox.

If you have a lawn chair in your yard, and you want to use it in your sandbox, sandboxie uses its "replicator gun", zaps the lawn chair, then places an exact duplicate in the sandbox. Now you may sit in the chair or just look at the chair as long as you like. When you are done with the chair (close the application), the replicated chair is gone, and the original is unaffected by whatever you did. (this is an analogy remember, so it is not truly what is happening )

Now, suppose that while you were sitting in your replicated lawn chair, in your sandbox, you decided to apply a fancy drink holder to the lawn chair. Since this is a modification of the lawn chair, sandboxie will no longer just remove it, nor will it modify the real lawn chair. Instead, it will create an area (directory) in the sandbox (c:\sandbox\boxname\etc\etc) that looks exactly like the yard, and place the replicated and modified lawn chair there.

The next time you go into the sandbox, that replicated and modified lawn chair is still there, and in fact will be until you delete the sandbox or the replicated chair. You use it indefinately.

But, when you decide to delete your sandbox, you rake it flat and that chair and all else is gone. If you updated the chair with a new model within the sandbox, it is gone. If you built a huge sandcastle, it is gone. All of it is gone.

Now, after deleting the sandbox, you go into it again, and decide you want that lawn chair again, the same process happens. If the lawn chair is still the same as it was, then you get the same thing. You can modify it again, you can upgrade it again, anything you want. But, unless you go out of the sandbox, and into the yard, and do something to the real lawn chair, it will never be any different.

EDIT: this of course does not address exceptions that might be used. You might give the sandbox "direct access" to the chair. So in the analogy, when you want to use the lawn chair, sandboxie replicates it and you use it in the sandbox. If you then, while in the sandbox, modify the lawn chair by adding a fancy cup holder, and you have allowed sandboxie direct access to the lawn chair, then the cupholder is actually placed on the real lawn chair in the yard. In this way, it allows you to keep "most" of what happens in the sandbox, but if needed "allow specific items" to be manipulated for real.

Sul.

Aha! Just as I suspected, and great analogy! So, in order for the applications I want to update properly, I need to add exceptions to them. Of course, that is a security risk itself. I don't see why Sandboxie would remind me every x day that it's a good idea to delete the sandboxed content, hence reverting all my updated applications during this period back to an old version. To me, it'd be better to just 'set and forget' the sandboxed material since I don't mind having a sandboxed folder where stuff is virtualized.

[Page42]

Quote:

Originally Posted by Sully

@Page42
One would first ask, if everything is sandboxed, what would the advantage be to "periodically" delete the contents? It might prove useful, who can say, but probably not something used daily.

I'd say you answered this question yourself, Sul, when you wrote about keyloggers taking effect inside the sandbox, or online transactions working well if you delete the contents periodically... which is why I have quickly decided that the most practical way to address the Delete Contents question I posed here is to create that separate "transaction" sandbox (or any other separate sandbox) that a user can delete contents of without impacting the general browsing sandbox.

Quote:

While things like registry startup keys and common files (boot.ini, autoexe.bat, etc etc) are virtalized if they are for some reason "tampered" with inside the sandbox, one must remember that until you delete the contents of the sandbox, it is live. Meaning, if you get a keylogger or something to autostart, it might not effect your real system, but it does take effect (if it can) inside the sandbox environment. Therefore, I lock down autostart keys and other basic areas, along with restricting what can actually execute and have network access. If all you are doing is looking at naked pictures, and not giving any data out etc, then maybe you don't need to worry about such things. But if you ever do ANYTHING with passwords/accounts, it is best to ensure your sandbox environment stays cleanly limited to only what you want. Also, as has been mentioned many many times, online transactions work very well if you delete the sandbox after you use it for transactions, and only use that sandbox/browser for transactions. Use 2 browsers, one for transactions ONLY, one for everything else.

[Page42]

Quote:

Originally Posted by shadek

Excuse me for stealing this thread a bit, but I have a question about deleting content in sandbox. Say I force Chrome to run sandboxed, and Chrome eventually updates itself. When I delete the sandboxed content, will my new Chrome version still remain or will it revert back to the original version of the browser?

@ shadek... not a problem.

Couldn't you also configure Chrome to not update itself, and when you become aware that an update is available, start it unsandboxed (Disable Forced Programs) and go ahead and make your changes that way?

Also, I see Prevx and Sandboxie in your signature... looks like a very smart combo. I have been tempted to go back to Prevx to pair it with SBIE (but not SafeOnline), as it always impressed me as light and strong protection.

[bo elam]

Quote:

Originally Posted by Page42

Couldn't you also configure Chrome to not update itself, and when you become aware that an update is available, start it unsandboxed (Disable Forced Programs) and go ahead and make your changes that way?

Your description is how I update my browser, Page. In my opinion the browser should be updated unsandboxed.
I have never used Prevx but I know that it conflicted with SBIE in the past, maybe its OK now.

Bo

[shadek]

Quote:

Originally Posted by Page42

@ shadek... not a problem.

Couldn't you also configure Chrome to not update itself, and when you become aware that an update is available, start it unsandboxed (Disable Forced Programs) and go ahead and make your changes that way?

Also, I see Prevx and Sandboxie in your signature... looks like a very smart combo. I have been tempted to go back to Prevx to pair it with SBIE (but not SafeOnline), as it always impressed me as light and strong protection.

You're having the exact same thoughts as me. I disabled the SO module in Prevx. Sandboxie alone would suffice as protection, but I find it wise to have a lightweight layered protection. I'll disable sandbox for Chrome from time to time to update it! Thanks for the great input Page42!

[Page42]

Quote:

Originally Posted by shadek

You're having the exact same thoughts as me. I disabled the SO module in Prevx. Sandboxie alone would suffice as protection, but I find it wise to have a lightweight layered protection. I'll disable sandbox for Chrome from time to time to update it! Thanks for the great input Page42!

Hi shadek... you're welcome, for sure.

[OT] Are you familiar with installing Prevx without SafeOnline, by using (/prop SECUREB=N) on the commandline? It's been discussed on the Prevx forum, and I've PMd with Joe about it. I used to install Prevx that way when I was running GeSWall Pro, and I saw an overlap there. Just save the file to C:\prevxcsifree.exe and then click Start - Run and type: c:\prevxcsifree.exe /prop SECUREB=N (insert spaces after exe and prop). Joe felt this was better than simply disabling SafeOnline, particularly if there is a perceived conflict. [/OT]

[Sully]

Quote:

Originally Posted by Page42

I'd say you answered this question yourself, Sul, when you wrote about keyloggers taking effect inside the sandbox, or online transactions working well if you delete the contents periodically... which is why I have quickly decided that the most practical way to address the Delete Contents question I posed here is to create that separate "transaction" sandbox (or any other separate sandbox) that a user can delete contents of without impacting the general browsing sandbox.

That is funny. I know deleting the box can be very useful, and indeed can be done multiple times a day especially in the instances regarding online transactions. I thought you were talking about having a browser open, and just for the sake of being "more safe" or whatever, periodically deleting the contents of the box while also leaving the browser window(s) open. I see maybe you and I are still on the same page, except you want to have the convenience of leaving the browser open? Not sure exactly, but regardless I don't think you will find much luck in deleting the contents of a sandbox while it is in use.

Sounds like you are developing your own ideas and twisting them about to fulfill your own specific needs. That is great. The more you dig into sandboxie, the more you "might" change/modify things because of what it can do for you. This sort of thing is what helped me to stop using some tools that I had used for years, after it all sank in I used sandboxie periodically (tested) for maybe a year at most. I wasn't too excited about it at first, mainly because back then there was a noticable delay when forcing programs. Once that issue was fixed (for me at least) and I could no longer tell the speed difference, I started playing with it more and more. Eventually I coupled all of the OS related information I had learned and threw sandboxie into the mix and out came something that for me is very secure and also very very light, which is exactly where I wanted to be.

Sul.

[Page42]

Quote:

Originally Posted by Sully

I thought you were talking about having a browser open, and just for the sake of being "more safe" or whatever, periodically deleting the contents of the box while also leaving the browser window(s) open.

You're 100% correct, Sul... that is what I was talking about when I created the thread. But I came to understand that it wasn't going to happen, and I shifted gears to a more workable plan, which involves multiple browser sandboxes (as needed) that can get contents deleted individually as desired.

Your input here is really helping. Thank you.