Sandboxie: place sandbox into RAM disk?

Discussion in 'sandboxing & virtualization' started by AlexC, Apr 22, 2011.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Hello,

    I was wondering if placing the Sandbox into a RAM disk could increase security and browsing speed...

    Anyone tried it? What do you guys think?
    Thanks!
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you set up Sandboxie to automatically delete files, then the security difference is negligible. Same can be said for speed, unless you put your profile, cache, and/or browser in the ramdisk.
     
  3. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    Maybe so......but even if files are deleted automaticly,there are still traces left.....even if you use a preset delete command,it's still not as secure as a ramdisk.
    But for most users,using a ramdisk is overkill....:D

    I have a dualboot system with 6 GB of RAM,Vista 64 bit and win7 32 bit......as you know,win 7 leaves 2 GB of RAM unused,that's why I pointed my sandboxes and my pagefile to a ramdrive......as this system is used mostly for web browsing,I think that a ramdrive is ok in this case...;).....
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Interesting to know what the experts say on this. Have you also asked on the Sandboxie forum?
     
  5. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I don't think there are any security benefits for ram disk/drive browsing. Maybe if you're looking to ensure browsing tracks are going to be dumped at reboot, maybe there is a privacy benefit to browsing in one?. I can't say I notice any speed increases, TBH.

    I use a ramdrive/disk for my browsing, but only because I've switched to a SSD drive, just to cut down a load of HD writes. Like J_L, I think the deletion of sandboxes when you close the leader application is a good policy. And I prefer the secure deletion using Heidi Eraser over to the default RMDIR command.

    I have always bumped into problems with the default Sandboxie deletion. Sometimes it's worked and sometimes not. With the secure deletion of Eraser you get the peace of mind knowing at least it will wipe out any non deletions of sandboxes that may have occured - I am guessing the Queue command see's to it that any failed deletions will be stacked up and booted out the next time deletion is evoked.

    If you're not already using Heidi Eraser to secure delete your sandboxes - I recommend it.

    *You will have to download a previous version of Heidi Eraser, version 5 for the Sandboxie command to work.
     
  6. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Thanks for your answers!
    In fact my goal is to assure that no malware can stay in the sandbox, even if Sandboxie eventually crashes or fail to delete (never happened to me, but never know, new malware is created everyday and sandboxie is my first line of defense). Maybe i will post this question in Sandboxie forum, as suggested by vasa1.

    How about running the sandbox into a ram partition, and also place that partition under Shadow Defender? o_O

    And is there any way to restrict the partition where the sandbox is placed in order to make it unable to write/save files to anywhere else?
     
  7. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196
    Was using 5.8.8 US DoD 5220.22-M (8-306./E) 3 passes and deleting seemed to take forever. I found 5.7 and would like to give it a try. Any advantages of one over the other ? (Don't mean to hi-jack this thread)
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you really want to increase security, enforce Drop Rights and Restrictions.
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    You really don't have anything to worry about if sandboxie crashes or
    fails to delete the contents. If that happens, everything that was in
    the sandbox will remain in the sandbox. You can delete it after a
    reboot.
    I know you thinking using the RAM disk for safety but personally I feel
    safer knowing that malware or whatever it was in the sandbox, its still
    inside the sandbox, waiting to be deleted after the reboot.
    Trust Sandboxie, nothing will scape the sandbox.

    Bo
     
  10. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Hi, you can change the amount of passes Eraser makes, have a look at THIS You will have to apply the command manually to each sandbox you have. It might speed the process up a bit. I'm using Eraser 5.8 and it's ok.
     
  11. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196
    Thanks for the reply. The only difference between the 5.7 and 5.8.8 that I can see is the eraserl (launcher) for 5.7 is in program files and with 5.8.8 it's in windows system 32. Anyway, I have also tried out sdelete 1.51 using 7 passes US DoD 5220.22-M and it seems to erase much faster than eraserl using 3 passes. Am wondering if it's just as effective. Thanks again.
     
  12. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    @J_L
    Thanks for the tips, i´m already familiar with those options:thumb:

    @bo elam
    I trust Sandboxie. I´m trying this mostly for fun and because of my specific config (C:\ is excluded from AV real-time protection, and Sandbox and download locations are placed in another partition).

    I´m trying DataRam RamDisk, and until now everything is working fine and web pages seems to load a bit faster.
     
  13. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    Re: Sandboxie + RAMdisk

    The RAMDISK concept is extremly fast. RAMDISK is a lot faster than SSD. See it for yourself:

    (Watch in Fullscreen in HD) RAMDISK vs. SSD
    http://www.youtube.com/watch?v=v_Ve8cEnNC0&hd=1

    So for performance reasons: if you typically empty your sandbox (all data lost) every time after you restart - ram disk (all data lost) is the perfect fast addition, especially if you install your browser in the sandbox on your ramdisk.


    You can use for example

    - Dataram RAMDisk -- Freeware (up to 4GB disk size)
    http://memory.dataram.com/products-and-services/software/ramdisk


    You can't secure delete anything (files) on your disk with Heidi Eraser, IF you are using a SSD. You can only delete the whole disk space with special DOS tools like HDDErase.

    Source: http://www.ghacks.net/2010/06/20/delete-data-on-ssd-permanently/ and http://www.google.com/search?&q=ssd delete files


    So it much easier to just install a browser (Mozilla Firefox Portable Edition or whatever) on a RAMDISK, than having to deal with special tools to erase all data from a SSD.


    http://www.ghacks.net/2007/12/14/use-a-ramdisk-to-increase-firefox-security/


    And another idea how to use Sandboxie + Ramdisk
    http://www.ghacks.net/2007/12/14/use-a-ramdisk-to-increase-firefox-security/
     
    Last edited: Jun 10, 2011
  14. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    I also use a ramdisk for Sandboxie.. There are a couple reason.

    The first reason is that every so often I'd have trouble with the Sandbox not really clearing itself. This really doesn't effect my level of protection, but some times it would screw with my browser (changes made outside the Sandbox would be reverted because Sandboxie always reads from the Sandbox first). With a ramdisk, this never happens..

    Secondly, the ramdisk is a way to ensure its completely private. No files get left behind, or are ever recoverable through data analysis.. Not them I'm ever really doing anything wrong, but its better than switching my browser to "private mode" or anything like that.

    Finally, the last reason is that it is a little faster..
     
Loading...
Thread Status:
Not open for further replies.