Sandboxie + Limited User Account = Extra Security?

I use psexec from Sysinternals to launch Internet Explorer with limited user rights from within Sandboxie. This way, not only is Internet Explorer sandboxed but it's also running with limited rights.

Sandboxie > psexec -l > Internet Explorer

I was wondering what your thoughts are concerning this combo? Good/Bad?

Thanks!

 

A bit overkill imo but it doesnt hurt your computer and if it makes you feel safer go for it.

 

Well, I basically do about the same, I´ve restricted certain vulnerable tools with SSM Pro (so without virtualization) and in addition I also run them in limited mode, this all will make it difficult for malware (trying to exploit zero day bugs) to do any damage. Of course Sandboxie already restricts apps automaticly, but if it will ever fail to protect you, non-admin mode might still be able to stop malware from doing any damage.

 

I do the same with DropMyRights and Sandboxie. I'm not sure if it helps, but I guess it doesn't hurt. Everything seems to work just dandy.

 

I'm trying to do the same thing with DMR and Sandboxie but DMR doesn't seem to be invoked. It does run but it doesn't limit installations from inside of the browser (Firefox). I've read up just a bit on Sandboxie's site but I must confess to not really understanding what I'm reading.

Could you tell me -- specifically -- how you set up DMR and Sandboxie to run a limited browser inside the sandbox?

Thanks.

 

Have you tried psexec from Sysinternals? It does the same thing as DMR but offers much more control.

Just use the following syntax: psexec -l some-program.exe

 

Hi Beggar, I'm not sure about what you mean by installation from inside the browser. I believe there are ways to tweak dropmyrights but they are over my head. This site goes into it further. It's under advanced option in the article.
http://msdn2.microsoft.com/en-us/library/ms972827.aspx

I set up an icon to start Sandboxie and dropmyrights and set the target as this.

"C:\Program Files\Sandboxie\Start.exe" "C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Mozilla Firefox\Firefox.exe"

I can see that it is working by using Process Explorer and right-clicking Firefox and in the Security tab it says Deny, Owner. I'm not sure of what to change to keep installations from happening in Firefox. Are talking about extensions? I think I can install them too, but they are contained by Sandboxie and are removed when I empty the sandbox. The link I posted may have tweak to stop this behavior. I wish I could help more.

innerpeace