Sandboxie + Java = How do I protect myself?

I stopped using AV for some time, and unfortunately I have to use Java.

How can I configure Sandboxie to protect myself from attacks in Java?

My browser is isolated, it would be enough?

Thank you!

 

Thanks for starting this topic.

 

Depends what you mean by Java attack. Different exploits do different things so need different mitigation but if your sandboxed browser starts the java process then java and anything spawned from it will be sandboxed also and therefore subject to any restrictions you add to your sandbox.

So if your worried about java exploits reading private data then block access to important files. If you are worried about exploits escalating privilege use 'drop-rights'. If your worried about java being used to download and run malicious files or starting other processes to do the same use start/run restrictions and so on.

In other words use what you would anyway safe in the knowledge emptying the sandbox will get rid of it anyway .

Cheers

 

Typical start/run restrictions. Typical internet restrictions. Block access where you can.

 

Thanks, I have restricted my browser, only a few applications can start - including Java.

If I understand if I go into an infected page running Java (To do any damage to your computer) so I'll clear my sandbox without infection.

So great, Sandboxie is undoubtedly fantastic!

 

You could go a bit further, though.

When I don't need Java, which is often , I simply keep my Java firewall rules disabled; when I do need Java, then I enabled them back.

If you don't want to do that, but still want to prevent Java from connecting to the Internet when you don't need it, you could force Java to a sandbox, then in the start/run permissions enter some fake process name - something like IamBlockingJavaCosIsNasty.exe Or, you could simply force it to run in a sandbox, and block Internet access for that sandbox. Whatever works for you.

 

You can install it in a dedicated sandbox that don't delete. If Java is required, run the browser or program that requires it in the Java sandbox.

If you want to keep using it like you are doing now, in a restricted browser sandbox, if you are using Firefox you could use NoScript to block Java on all sites except when you allow it. I used it this way until I figured out that I don't need Java at all and uninstalled it.

If I was to use Java again, I would use the dedicated sandbox.

Bo