The powerful Icesword anti-rootkit tool has apparently very little problem breaking out of Sandboxie 2.11 (latest release, 19 October 2005). Executing Icesword in a "sandboxed" environment leads to worrying results. This is the picture of Icesword being executed with "File - > Run program" in Sandboxie; notice that, though working, it doesn't show in Sandboxie's process list. http://img306.imageshack.us/img306/7107/immagine1kh.gif Now let's do the following: from the sandboxed Icesword, let's terminate Sandboxie itself: http://img52.imageshack.us/img52/6751/immagine26vo.gif A few error alerts will show up: not too worring, though, as Icesword will happily continue to work. Sandboxie's Control.exe, on the other hand, is terminated with extreme prejudice. http://img84.imageshack.us/img84/5273/immagine36xf.gif Now let's save a log of the running processes from Icesword itself. Remember, the program wouldn't be able to access outside its sandbox if it were still under the control of Sandboxie: http://img173.imageshack.us/img173/5875/immagine42zk.gif Here's the "tested.log" file on the desktop. Clearly Icesword was able to reach outside the sandbox: http://img152.imageshack.us/img152/4776/immagine55dh.gif In other words, Sandboxie fails to stop rootkit-like programs from spreading outside the box. Tested on Windows XP SP2. Note that this test didn't succeed every single time: in one occasion on the same computer, Sandboxie failed to launch Icesword in a sandboxed environment, complaining about failing to install Icesword's kernel module. Note that the Sandboxie kernel module was installed and running in all occasions.