Need advice please - Settings for a "test" sandboxie sandbox.

Discussion in 'sandboxing & virtualization' started by Carbonyl, Aug 10, 2011.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Hi everyone.

    I've used Sandboxie for a while now in conjuction with my web-facing applications. I've set up a Sandbox for my browser, IM clients, and the like. However, recently I've come into a situation where I'd like to download and run software that I don't necessarily see as entirely trustworthy.

    The programs in question are pretty widely used, and investigation via VirusTotal/Jotti shows them as "clean", but I'd still rather not open my system to potential damage - be it from malicious code, or just mucking up system settings on install.

    Thus, I'd like to set up a sandbox specifically for testing programs. When I say that, I mean installing to and running from the sandbox. What settings would be ideal for this type of operation? Restricting access to sensitive document files is a given, but in the past trying to deny read/write access to the critical system directories has given me problems with trying to install programs. I feel somewhat adrift, and am not certain as to what settings and restrictions would be appropriate for protecting my system, while still permitting the installation and execution of the desired programs.

    Thanks much in advance for the help, and apologies for the greenhorn question.
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Whenever I want to install a program sandboxed, I just do it on a
    default settings sandbox, set to delete when closing. Programs
    will install sandboxed if Drop my Rights is not enabled so make
    sure its not.
    If you want to save the sandbox, you can set it up that way also
    and restrict it according to the program that you installed after
    its installed.
    The restrictions, really depend on whats the program that you are
    installing but I always allow as little as possible. Thats what I do.

    Bo
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I save everything to my "downloads" directory.

    I set the "downloads" directory to Low Integrity Level with inheritance to all sub files and directories.

    On my sandboxes, I have a "direct access" setting to the "downloads" directory, so that when I download a file it goes immediately to the real location and never has to be "recovered".

    Because all sandboxes have this setting, they may all save to one common place.

    The "download" directory is "forced" to open in my "downloads sandbox". This is my main test sandbox. My settings are that I disallow any and all outbound network activity for this sandbox. I have some custom file and registry restrictions in place for all sandboxes, but other than those, it is default with no outbound networking. I run files within that sandbox, be it .pdf files or installers or .zip files I extract and then execute what is within.

    If I feel a program needs outbound network access to fully evaluate, I have another sandbox that is pretty much at default except for my custom globals mentioned above. I test what I want in there, and might monitor what it does with ProcessExplorer or a firewall (currently have outpost installed but only run it when I am testing), or whatever tool you might need.

    If I like what the program/file does, I might submit it to jotti or scan with MBAM if I have it installed, but normally I just watch what it tries to do myself and decide whether to trust it or not. Most of the time it is a temporary install. Sometimes I let that downloads sandbox fill up with stuff, other times I delete it.

    I don't really worry about things escaping the sandbox, nor do I worry about it reading anything that I have locally, as there is nothing really worth finding. I went the extra step of stopping outbound comms just in case the tested application was trying to "phone home".

    If the program is intensive, like an AV or Firewall, I must use vmWare for testing. If I am unsure of the program, I might also start it in vmWare with other tools I don't normally use to examine what is going on.

    My favorite part of SBIE I think is that I am allowed to create as many sandboxes as I need, giving me some granular control over things. I like knowing only Chromium can start in one sandbox, and only Opera in another, and so forth.

    Thats just how I do it. There are probably a dozen different ways.

    Sul.
     
  4. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I don't think you can go wrong with an offline image just in case something unexpected happens during any kind of testing.

    SourMilk out
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hey Sully, I find myself creating more and more sandboxes and changing
    this setting or that setting all the time, to make isolation better and
    SBIE stronger. In a way, that makes SBIE not only stronger but also
    makes it a very exciting program to use. Great for security, not boring
    for sure.
    Thumbs up, for SBIE

    Bo
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    @bo

    You should look into the templates. If you mess with it a lot, it can speed things up a great deal. I rarely use the GUI if I am doing major tweaking, only for temporary settings.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.