Sandboxie

I am astounded by the content of this thread, all positive and not a blemish in sight.

I have now installed Sandboxie. It went in like a dream with no problems.
So far I have not noticed any difference when surfing the net in Sandboxie. I did download an item just for fun and was prompted about recovery, which I did and the item went on my desktop OK.

I have arranged that the Sandbox deletes all content on log-off, being told that the system will prompt me if any items are in doubt.

Please just tel me :-

Does clearing the Sandbox on log-off delete anything that should not be deleted ?
Does my AV and Firewall act normally in a Sandboxed situation ?
What do I do when a virus is detected while Sandboxed ? If I just log-off, is the virus killed ?
If we use Sandboxie and all our browsing is done in a "stockade" where there is no possibility of infections contaminating our system, then why do we need an AV and Firewall ?

Apart from that, without the responses to this thread I would never have installed Sandboxie.
I am most grateful to every one of you and would recommend that anybody else who is looking for guidance on Sandboxie, read this thread.

I have read the Beginners Guide, but being new will take a while to use this system with confidence. In the early learning period, I just hope that I do not make any stupid mistakes and that the system is idiot-proof.

I cannot thank you all enough.

John B

 

Please go through the configuration options. For most of us, the programme suggests how we should set up things. One useful setting is the "drop my rights". If you set that as well Sandboxie can protect even better.

 

Vasa1
I looked on the Sandboxie menu and found "drop rights" but I do not know what it means.

Can you explain please ?

 

In an informal sense, it means (to me) that Sandboxie limits the various privileges of a programme to enhance security. A programme running sandboxed with limited rights may not be able to tinker with things the way it could if it were running with full rights.

A crude analogy would be the difference between an admin account and a LUA (limited user account).

If you just Google for "drop my rights", you'll get a lot of information.

Bottom line: I think it is a good idea to "drop my rights" as far as Sandboxie is concerned.

 

From the sanboxie web site: "The setting in this page causes Sandboxie to strip administrative rights from programs running in this sandbox.

Specifically, the security credentials used to start the sandboxed program will not include membership in the Administrators and Power Users groups.

Note that this has little effect if you are already running under a non-Administrator user account. "

 

Why use drop rights when everything that's done by something in the sandbox will be erased? Or isn't it?

 

I believe this is an additional security measure not related strictly with the sandboxing function. So if something escapes the sandbox at least runs with lower rights.

 

I have set my Sandboxie not to delete (or even prompt me to delete)...

I prefer to do this myself. One reason (that doesn't exist for me anymore) was that my AdBlock Plus modifications would be lost when the sandbox was emptied unless I exported the custom filters and then took the filter list out of the box first. The other is loss of the browser's cache. This second point is highly dependent on one's browsing style, though.)

In short, I delete the sandbox once a fortnight.

 

Agreed. It also makes it less likely that anything would be able to bypass sandbox security in the first place, as that kind of exploit may well require administrator rights to be succesful.

 

No. Clearing the sandbox only empties the sandbox folder. It does not touch the rest of the file system. If there is anything within the sandbox that you want to keep though, you must recover it prior to emptying the sandbox.

Yes. As the sandbox is only a folder within the file system, your AV and firewall should act normally. It goes without saying that you must not attempt to install your AV or firewall within the sandbox though; they need to be installed within the real file system.

Yes, terminating all running processes within the sandbox and emptying the sandbox would remove all traces of an infection. Bear in mind though that Sandboxie isn't designed to detect malware; it is designed to contain it. It is the job of your AV to detect malware. If malware running inside the sandbox is detected by your AV, it should be able to deal with it. If malware running inside the sandbox goes undetected by your AV, then Sandboxie will contain it.

You still need other security software because there are other ways of getting infected, not just via the browser. A layered defense is always best.

 

Just to clarify a few things:

My English is not very good. So I am not sure about the exact meaning of the term "log-off". Anyway, I think you mean the closing of the sandbox, or more exactly: the termination of the last running process within the sandbox (as pegr already described it too in his posting).

I mention it just to make clear that it has nothing to do with loging off from a certain website or with shutting down the computer. For example even after shutting down the computer and restarting it, the contents of your sandbox will still be there, unless you chose the option (in the Sandboxie configuration): "Automatically delete contents of sandbox" (something you obivously did [and I did too ] ):

http://www.abload.de/image.php?img=sbhmmy.jpg

I think it is useful to make it clear because this is an important difference to a program like "Shadow Defender" where indeed all depends on shutting down the computer: When shutting down the computer, all that had happened on it when Shadow Defender was activated, is gone.

Pegr is right. But additionally you have to bear in mind that whatever you make "within" your sandbox will be gone when the sandbox is emptied (that means in your [and my] configuration: when the sandbox is closed). This may affect also some activities as for example the following:

- You open your browser in the sandbox and within the sandbox you change (deliberately) something in the configuration of the browser. ---> This change will be eliminated again when the Sandbox is closed/emptied. It will not remain on your computer/in your browser.

- Or you make an update of an application (browser, messenger, player ...) when this application is running within the sandbox. ---> It happens the same: the update will be deleted after closing/emptying the sandbox.

So the conclusion is: If you want to change an application deliberately and permanently (e.g. updating of the program, modifying its configuration etc.) don't forget to do this with the application running outside of the sandbox.

On the other hand, if you would only like to test for example a modified configuration, it is ideal to accomplish this within the sandbox. Because if you finally do not like the change, you simply have to close/empty the sandbox.

An important argument, I think.

 

THX @ NoIos & Pegr. I have all sandboxes with drop rights enabled, because some time ago when I read about it I found it better to do so, but I forgot why . These are very clear arguments which I don't believe to have heard earlier.

 

The comments in this thread are better than Sandboxie or the general net provides. They certainly impress me. It is brewing up to be a "Beginner's Guide to Sandboxie" and I can only again compliment all the posters for a remarkable and most useful response.

I do hope that the thread will be made readily available to all new users of Sandboxie and not simply buried in the archives of the Forum.

 

@ John Bull:

When you are familiar to the general principles how Sandboxie works, it may be useful to study also this thread, although it is already a quite big one:

https://www.wilderssecurity.com/showthread.php?t=240008
("Sandboxie Configuration Recommendations")

And here you can also find various guidelines for creating and configuring a sandbox:

http://ssj100.fullsubject.com/free-for-all-f4/ssj100-s-security-setup-t4.htm
("ssj100's Security Setup", see the 16 points in the chapter "Sandboxie")

A (specific) configuration of the sandbox can provide you even more security than the one you have already with the default configuration. (Depending on what you use the sandbox for, your habits when surfing in the Internet etc.).

 

I am getting on with Sandboxie OK, but whilst the updating of programs in the Sandbox is of no consequence since I can update them out of the sandbox, I am concerned about Cookies, Bookmarks, History and other regular operations carried out in the sandbox that will not be reproduced in the un-sandboxed access unless recovered and I have no idea how to do this on an individual selective basis.

How do I ensure that these activities are entered into my normal access ?

I do not wish to do perfectly normal things in the sandbox that are excluded from my non-Sandboxed Internet access. The prospect of having two separate systems is not acceptable.

 

There are settings for each sandbox that allow you to block or keep history, cookies and more for each browser. (For example, Sandboxie can allow access to the entire Firefox profile. This would keep everything accessible related to Firefox settings.) The thing to keep in mind that the more one allows these settings to be real (UN-sandboxed) the higher risk one runs on having malware corrupt/infect something.

 

That's also part of the configuration of Sandboxie. Personally I do not allow any activities within the sandbox to have direct access to my real system (not even changes in cookies, bookmarks etc.). So I can only give you a rough description what you have to do:

In the settings of your sandbox you have to go to Resource Access ---> File Access ---> Direct Access ("OpenFilePath").

And there you have to add (in the field on the right side) the files in which are stored your cookies, your bookmarks, your history (or whatever you would like to give direct access).

Below is a picture of this part of the settings. I think other members will be able to say easily which specific files you have to add (or you will even find them somewhere in the links I posted above).

And important is HAN's remark which refers exactly to this part of the configuration ("Direct Access" / "OpenFilePath"):

 

I installed Sandboxie as a result of this thread two days ago.
No trouble or problems, seems to work fine, I don`t know it is there apart from the hashes and a red border.

I have made provision for Cookies, History, Bookmarks and added "patterns.ini" to allow Ablock-plus to work OK. All my updates will be done with an unsanboxed logon as far as I can. Sandboxie does not delete anything on shutdown - I have unchecked the box.

Please can you explain why : ?
The Quick Recovery Folders is empty - I have done a lot of surfing. Nothing has ever shown in this folder.
History only gives IE5 and Index.dat.
Cookies refer to Index.dat.
IE Cache and Index.dat is listed.
Temporary Internet Files refer to Content IE5 and Index.dat.
** FF does not use Index.dat files.

In other words where are my FF equivalents ?
I am not interested in IE, it is just an unused icon on my desktop.
Many thanks again.
John Bull

 

Right now I am using XP pro but down the road will probably get into windows 7. I also am using cable connect. My question is,i f I buy a sandboxie unlimited license and I either switch my program, move, or say go into dsl etc.. will that jeopardize my unlimited license with sandboxie ?
I totally agee with with all the postive posts regarding sandboxie and am interested in getting a life time license if I know that it will stay with me regardless. Thanks in advance.

 

Are you sure you ran FF sandboxed? If you right-click on the FF icon, you'll get a bunch of options in the context menu that opens: choose run sandboxed.

(Just a wild guess!)

 

You can, as has already been said, open up direct access paths using OpenFilePath, but the simplest way to add browser exclusions for Firefox are the settings found under Applications ---> Web Browser ---> Firefox.

You can even exclude the entire Firefox profile if you choose to. Bear in mind though that every exclusion weakens the security slightly. It's a trade off between convenience and security that only you can judge for yourself.

 

I think I misunderstood your issue.

You'll find stuff in the Quick Recovery folder only if you save something. For example, if you save this particular Wilders Security Forum thread page using the file >> save (or save as) option in FF, you'll find it there (in a directory you specify while saving).

 

To my mind: No. I think your question is answered indirectly by the following FAQ on the Sandboxie-website (see http://www.sandboxie.com/index.php?FAQ_Licensing):

---> If you can use a license even with more than one computers (if they are your personal use), it should also be possible to change your system (OS etc.) and continue the use of Sandboxie on the same computer.

Indeed. So it is much easier. I was not aware of this option.

Exactly. Or simply try to save a small picture. ---> It should be in the Quick Recovery Folder (respectively the Immediate Recovery Folder, according to your configuration).

 

Very informative thread thank you. I tested Sandboxie 2 years ago, and it would keep my CPU at 60% on a XP system. It's been running fine on my Vista notebook for 2 days, and I'll have to agree it is a fine piece of software.

I remember reading here at Wilders of the possibility to configure the sandbox to stop any malware from calling home (for example keyloggers). I can't find the thread, would anyone kindly explain how to configure Sandboxie for such a task?

 

With default settings applied to a sandbox, malware (such as keyloggers) can exist within that sandbox and call home. You can harden the sandbox to make this more difficult. Some steps to consider:

(a) configure the sandbox to automatically delete contents http://www.sandboxie.com/index.php?DeleteSettings (so that every time you use the sandbox it is fresh with no possibility of keyloggers, etc. lingering in it from a previous browsing session)

(b) configure the sandbox so only your browser has internet access http://www.sandboxie.com/index.php?RestrictionsSettings#internet

(c) if you have any private/personal information stored on your computer, such as tax return information or account numbers in My Documents, then use File Access>Blocked Access to restrict access to that information during your browsing session http://www.sandboxie.com/index.php?ResourceAccessSettings#file

(d) if the only program you need running during your browsing session is your browser, then use Start/Run Access to configure the sandbox accordingly. That way, in the unlikely event you pick up any malware it will not be able to run. http://www.sandboxie.com/index.php?RestrictionsSettings#startrun