Sandboxes are popular among Wilders members who use them exclusively as a security measure or in different combinations with other antimalware software. An important aspect of these Sanbozes is that: None of them limits the intenet access of sandboxed applications by default. Obvious reason is that the Sandboxes are used to protect internet facing applications and addition of Internet Access Control might add complexity for a norma sandbox user. However in my opinion Internet Access Control is very important in a sandbox and the complexity of this feature can be over come by adding a default DENY rule for all applicatiosn while specifying exemptions for common applications like Browsers, Mail Clients and Messengers etc. I did a very small experiment with twoi internet worms: 1- NetSky worm 2- Warezo worm Both of these are mass mailing worms with their own SMTP engines. I used then in GesWall and SafeSpace with default rules. Both were able to execute within the sandbox and they were able to send malicious mails while running in the Sandbox. A reboot of PC/ Termination of all sandboxed applications/ Cleaning of Sandbox contents would have stopped this behaviour but at least the two worms were able to send malicious mail during the session until I killed them or rebooted my PC. Here are some screenshots to explain, first for Netsky worm.