Are the default configurations in Sandboxie good enough?

Just curious if the default settings that comes w/ Sandboxie free are good enough for ordinary users...

Will starting up browser in sandboxed mode secure enough?

What are the other things under the hood that it really protects (in its default config) every time it is running?

Sorry for the ignorance, I just want some kind of shortcuts here from experts. ...tnx....

 

Expert? No.
Avid user and learner? Yes!
My contribution to this thread is to remind you that by default, SBIE allows everything (all programs) Start/Run Access and Internet Access.
It isn't until adding one program that a user begins to utilize restrictions.
At that point, only the program added is allowed access.
So adding Chrome.exe only to Start/Run Access and Internet Access means no other program can access net or start in the sandbox.
Also, by default, Drop Rights is not enabled, and I like the restrictions it puts in place, so I usually enable it.
HTH

 

Isn't the entire file system virtualized by default?

 

Yes, that is true AFAIK.

The default box allows any execution within it, which could mean you get a keylogger etc to run within the virtual environment. A keylogger in a virtual environment is no different than the real system for most intents and purposes.

The default box allows reading of any file/reg key. That itself is not really a concern for many.

The default box does not allow things like browsers to save bookmarks to the real locations.

The default box prompts to recover to MyDocs and Desktop, but needs you to respond to the prompt to do so.

The default box will allow a clean system to stay clean, but might allow things to run in the sandbox that you don't want, and allows things to communicate outbound. Your system will most likely stay clean, but you don't know that the sandbox environment itself will. That is the cons of the default box IMO.

Sul.

 

If I have Windows 7 with UAC enabled and maxed out (running as admin) do I still need to enable the drop rights of SBIE?

Also, if I force a program to run sandboxed, for instance windows media player, will that program be able to update itself? I'm assuming that if I force a program to run sandboxed that I can allow/restrict its internet access?

 

The idea is that within the sandbox, you want to restrict AS IF you were in the real system. The DropRights feature, when enabled, means you are treated as a user WITHIN the sandbox, the same as you would be OUTSIDE the sandbox when using UAC/LUA.

Generally speaking in my experience, programs can update themselves if you allow it, but the updated file(s) are within the sandbox. Thus if you delete the sandbox or run the program outside of the sandbox, the updates won't be realized.

Sul.

 

According to Tzuk's Help & FAQ, Drop Rights "has little effect if you are already running under a non-Administrator user account".

That's correct.

 

thanks for the answers!

 

99% of the time. Secure it for 99.99%. Of course, those are just estimates, but probably can be true on Windows 64-bit.

 

I know they are good but restricting the sandbox and using multiple sandboxes makes SBIE better as only whats allowed, runs and connects to the internet.
I know people that run SBIE with most settings on default and don't get infected anymore.

Bo

 

Thats why it is important for people to remember to flush out the default box and start a new browser session before log in any data especially sensitive data.

I also recommend not to take for granted a security program is reading inside the box,this goes for keylogger protection.Example if I am not mistaken WSA does not see whats going on inside the box unless recovered out is when it springs into action if needed.




Defaults are strong but restrictions of what can execute or call out is better and a more secure way to stay clean and a better chance of ones indentity to stay intact.

Cheers Djohn