Sandboxie: place sandbox into RAM disk?

Hello,

I was wondering if placing the Sandbox into a RAM disk could increase security and browsing speed...

Anyone tried it? What do you guys think?
Thanks!

 

If you set up Sandboxie to automatically delete files, then the security difference is negligible. Same can be said for speed, unless you put your profile, cache, and/or browser in the ramdisk.

 

Maybe so......but even if files are deleted automaticly,there are still traces left.....even if you use a preset delete command,it's still not as secure as a ramdisk.
But for most users,using a ramdisk is overkill....

I have a dualboot system with 6 GB of RAM,Vista 64 bit and win7 32 bit......as you know,win 7 leaves 2 GB of RAM unused,that's why I pointed my sandboxes and my pagefile to a ramdrive......as this system is used mostly for web browsing,I think that a ramdrive is ok in this case........

 

Interesting to know what the experts say on this. Have you also asked on the Sandboxie forum?

 

I don't think there are any security benefits for ram disk/drive browsing. Maybe if you're looking to ensure browsing tracks are going to be dumped at reboot, maybe there is a privacy benefit to browsing in one?. I can't say I notice any speed increases, TBH.

I use a ramdrive/disk for my browsing, but only because I've switched to a SSD drive, just to cut down a load of HD writes. Like J_L, I think the deletion of sandboxes when you close the leader application is a good policy. And I prefer the secure deletion using Heidi Eraser over to the default RMDIR command.

I have always bumped into problems with the default Sandboxie deletion. Sometimes it's worked and sometimes not. With the secure deletion of Eraser you get the peace of mind knowing at least it will wipe out any non deletions of sandboxes that may have occured - I am guessing the Queue command see's to it that any failed deletions will be stacked up and booted out the next time deletion is evoked.

If you're not already using Heidi Eraser to secure delete your sandboxes - I recommend it.

*You will have to download a previous version of Heidi Eraser, version 5 for the Sandboxie command to work.

 

Thanks for your answers!
In fact my goal is to assure that no malware can stay in the sandbox, even if Sandboxie eventually crashes or fail to delete (never happened to me, but never know, new malware is created everyday and sandboxie is my first line of defense). Maybe i will post this question in Sandboxie forum, as suggested by vasa1.

How about running the sandbox into a ram partition, and also place that partition under Shadow Defender?

And is there any way to restrict the partition where the sandbox is placed in order to make it unable to write/save files to anywhere else?

 

Was using 5.8.8 US DoD 5220.22-M (8-306./E) 3 passes and deleting seemed to take forever. I found 5.7 and would like to give it a try. Any advantages of one over the other ? (Don't mean to hi-jack this thread)

 

If you really want to increase security, enforce Drop Rights and Restrictions.

 

You really don't have anything to worry about if sandboxie crashes or
fails to delete the contents. If that happens, everything that was in
the sandbox will remain in the sandbox. You can delete it after a
reboot.
I know you thinking using the RAM disk for safety but personally I feel
safer knowing that malware or whatever it was in the sandbox, its still
inside the sandbox, waiting to be deleted after the reboot.
Trust Sandboxie, nothing will scape the sandbox.

Bo

 

Hi, you can change the amount of passes Eraser makes, have a look at THIS You will have to apply the command manually to each sandbox you have. It might speed the process up a bit. I'm using Eraser 5.8 and it's ok.

 

Thanks for the reply. The only difference between the 5.7 and 5.8.8 that I can see is the eraserl (launcher) for 5.7 is in program files and with 5.8.8 it's in windows system 32. Anyway, I have also tried out sdelete 1.51 using 7 passes US DoD 5220.22-M and it seems to erase much faster than eraserl using 3 passes. Am wondering if it's just as effective. Thanks again.

 

@J_L
Thanks for the tips, i´m already familiar with those options

@bo elam
I trust Sandboxie. I´m trying this mostly for fun and because of my specific config (C:\ is excluded from AV real-time protection, and Sandbox and download locations are placed in another partition).

I´m trying DataRam RamDisk, and until now everything is working fine and web pages seems to load a bit faster.

 

Re: Sandboxie + RAMdisk

The RAMDISK concept is extremly fast. RAMDISK is a lot faster than SSD. See it for yourself:

(Watch in Fullscreen in HD) RAMDISK vs. SSD
http://www.youtube.com/watch?v=v_Ve8cEnNC0&hd=1

So for performance reasons: if you typically empty your sandbox (all data lost) every time after you restart - ram disk (all data lost) is the perfect fast addition, especially if you install your browser in the sandbox on your ramdisk.


You can use for example

- Dataram RAMDisk -- Freeware (up to 4GB disk size)
http://memory.dataram.com/products-and-services/software/ramdisk


You can't secure delete anything (files) on your disk with Heidi Eraser, IF you are using a SSD. You can only delete the whole disk space with special DOS tools like HDDErase.

Source: http://www.ghacks.net/2010/06/20/delete-data-on-ssd-permanently/ and http://www.google.com/search?&q=ssd delete files


So it much easier to just install a browser (Mozilla Firefox Portable Edition or whatever) on a RAMDISK, than having to deal with special tools to erase all data from a SSD.

http://www.ghacks.net/2007/12/14/use-a-ramdisk-to-increase-firefox-security/


And another idea how to use Sandboxie + Ramdisk

http://www.ghacks.net/2007/12/14/use-a-ramdisk-to-increase-firefox-security/

 

I also use a ramdisk for Sandboxie.. There are a couple reason.

The first reason is that every so often I'd have trouble with the Sandbox not really clearing itself. This really doesn't effect my level of protection, but some times it would screw with my browser (changes made outside the Sandbox would be reverted because Sandboxie always reads from the Sandbox first). With a ramdisk, this never happens..

Secondly, the ramdisk is a way to ensure its completely private. No files get left behind, or are ever recoverable through data analysis.. Not them I'm ever really doing anything wrong, but its better than switching my browser to "private mode" or anything like that.

Finally, the last reason is that it is a little faster..