Sandboxie Configuration Question

Discussion in 'sandboxing & virtualization' started by Brocke, Apr 10, 2011.

Thread Status:
Not open for further replies.
  1. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    What a good configuration for sandboxie? right now i have IE9 to force sandbox and always delete the contents of the sandbox when closed.

    anything else that would be consided to change for better security?

    thanks
    Brock
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    1. Read-Only Access file access to C:\Windows
    2. Drop Rights enabled
    3. Internet Access Restrictions (web browser and your pdf reader or whatever else you need.)
    4. Start/Run Access Restrictions (web browser and your pdf reader or whatever else you need.)
    5. Password protection if someone else uses the PC.

    Some more ideas are given here:

    -http://ssj100.fullsubject.com/t4-ssj100-s-security-setup-
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    About two years after this was mentioned on some old thread, I still do not get the purpose of this. It is already read-only by default/design.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I agree. I was just repeating what others have said.
     
  5. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    true option 1 is that way in vista and 7.


    but thanks for the input
     
  6. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    is sandboxing Windows Explorer risky? havnt done it and wondering if anyone has.
     
  7. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Default deletion is not secure deletion.
    You might want to use the secure deletion, which is essentially the difference between deleting and erasing.
     
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Not so much risky like impractical. Whatever you copy/move/modify will end up in sandbox. :D
     
  9. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    yeah looking at it SB just just a RMDir command, the the difference with SDelete and Erease5 then?
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Yes... check out this thread on Sandboxie restriction advice.
    Right off you will see some ideas and methods of configuration that should be what you are looking for... like enabling Drop Rights and adding programs into both Internet Access and Start/Run Access settings.

    As I noted on that thread, the way I understand it, the moment I enter a program name into one of the Access settings, I have effectively reversed the "All programs can access the Internet" (or can start and run) setting, and I have then changed the access from all to just the one (or more) programs I have entered. To me, that seems huge. :)
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Yes. Here's a Secure Delete Sandbox help file.
     
  12. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    kool thanks guys!


    does SB i see it works under the Guest account now does that config file carry over from account to account?
     
  13. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    yeah i kinda figured that lol
     
  14. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    %WINDIR%\sandboxie.ini, so - completely account independent. See Configure - Lock Configuration for protection options.

    Also see http://www.sandboxie.com/index.php?ConfigurationProtection
     
  15. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    Secure deletion? Is your mom certified in computer forensic so you are afraid she finds the porn sites you visit? :p
     
  16. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    haha well me being 26 id hope not haha :D
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    So, you've met my Mom!
     
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    In addition to what others have said: -

    Blocked File Access to all folders containing personal data (web browser and anything else that doesn't need access to personal data).
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I disagree. The internet is full of our personal data. Just take a look at e-mail, instant messaging, and social media for example.
     
  20. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I would expect personal data held on a cloud server to be secured against unauthorised access. If not then perhaps the user should question whether that particular service is appropriate for the storing of sensitive, confidential data. Irrespective of whether data is held locally or remotely, it makes sense to ensure that personal data is guarded against unauthorised access, wherever possible.

    Locking down which programs can run and access the Internet sandboxed is obviously a good idea but so is controlling what data they have access to. Restricting access to personal data held locally on the PC is an additional precaution against data and identity theft via the browser that costs nothing extra to implement.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Not risky and it is impractical for people using the registered version, as
    doktornotor said, but I think that it is convenient to open files sandboxed,
    using a sandboxed Windows Explorer, when using the free version.
    You have the registered version, you don't need a sandboxed Windows
    Explorer.

    Bo
     
Loading...
Thread Status:
Not open for further replies.