Sandboxie Configuration Question

What a good configuration for sandboxie? right now i have IE9 to force sandbox and always delete the contents of the sandbox when closed.

anything else that would be consided to change for better security?

thanks
Brock

 

1. Read-Only Access file access to C:\Windows
2. Drop Rights enabled
3. Internet Access Restrictions (web browser and your pdf reader or whatever else you need.)
4. Start/Run Access Restrictions (web browser and your pdf reader or whatever else you need.)
5. Password protection if someone else uses the PC.

Some more ideas are given here:

-http://ssj100.fullsubject.com/t4-ssj100-s-security-setup-

 

About two years after this was mentioned on some old thread, I still do not get the purpose of this. It is already read-only by default/design.

 

I agree. I was just repeating what others have said.

 

true option 1 is that way in vista and 7.


but thanks for the input

 

is sandboxing Windows Explorer risky? havnt done it and wondering if anyone has.

 

Default deletion is not secure deletion.
You might want to use the secure deletion, which is essentially the difference between deleting and erasing.

 

Not so much risky like impractical. Whatever you copy/move/modify will end up in sandbox.

 

yeah looking at it SB just just a RMDir command, the the difference with SDelete and Erease5 then?

 

Yes... check out this thread on Sandboxie restriction advice.
Right off you will see some ideas and methods of configuration that should be what you are looking for... like enabling Drop Rights and adding programs into both Internet Access and Start/Run Access settings.

As I noted on that thread, the way I understand it, the moment I enter a program name into one of the Access settings, I have effectively reversed the "All programs can access the Internet" (or can start and run) setting, and I have then changed the access from all to just the one (or more) programs I have entered. To me, that seems huge.

 

Yes. Here's a Secure Delete Sandbox help file.

 

kool thanks guys!


does SB i see it works under the Guest account now does that config file carry over from account to account?

 

yeah i kinda figured that lol

 

%WINDIR%\sandboxie.ini, so - completely account independent. See Configure - Lock Configuration for protection options.

Also see http://www.sandboxie.com/index.php?ConfigurationProtection

 

Secure deletion? Is your mom certified in computer forensic so you are afraid she finds the porn sites you visit?

 

haha well me being 26 id hope not haha

 

So, you've met my Mom!

 

In addition to what others have said: -

Blocked File Access to all folders containing personal data (web browser and anything else that doesn't need access to personal data).

 

I disagree. The internet is full of our personal data. Just take a look at e-mail, instant messaging, and social media for example.

 

I would expect personal data held on a cloud server to be secured against unauthorised access. If not then perhaps the user should question whether that particular service is appropriate for the storing of sensitive, confidential data. Irrespective of whether data is held locally or remotely, it makes sense to ensure that personal data is guarded against unauthorised access, wherever possible.

Locking down which programs can run and access the Internet sandboxed is obviously a good idea but so is controlling what data they have access to. Restricting access to personal data held locally on the PC is an additional precaution against data and identity theft via the browser that costs nothing extra to implement.

 

Not risky and it is impractical for people using the registered version, as
doktornotor said, but I think that it is convenient to open files sandboxed,
using a sandboxed Windows Explorer, when using the free version.
You have the registered version, you don't need a sandboxed Windows
Explorer.

Bo