open files in site-specific sandbox (sandboxie?)

Discussion in 'other anti-malware software' started by dabruro, Jan 5, 2009.

Thread Status:
Not open for further replies.
  1. dabruro

    dabruro Registered Member

    Aug 23, 2006
    New York, US
    In sandboxie (or similar) I would like to isolate downloaded files from one another according to the domain that I downloaded them from.

    For example, is there a way to configure Firefox (or other browser) to substitute the domain or URL into the command it associates with the downloaded file type? This way I could explicitly specify the sandbox name in a sandboxie command line using the domain name.

    I feel that this would be a very powerful way to prevent one site from giving me malware that affects my interaction with another site -- similar to the domain-of-origin policy of javascript or java applets. Using a shared sandbox does not provide such protection -- any site whose downloads I opened in the sandbox (since the last time I cleared the sandbox) could possibly compromise my use of another site (e.g. steal password).

    Even if I *never* cleared the sandboxes, so long as I don't open the files outside their respective sandboxes, the most that could happen is that the files from the same site could infect and compromise one another.

    Of course ideally I would like to also execute the browser and plugins themselves within such a domain-specific sandbox, but I can't think of a way to do this (without major mods to browser) -- I don't believe even Google Chrome provides its sandboxes in a way that would securely isolate domains from one another (I once asked this on their forums).

    David R (Dabruro)
Thread Status:
Not open for further replies.