Discussion in 'sandboxing & virtualization' started by Boost, Feb 3, 2009.
Whats the most effective way to set it up protection-wise thanks!
It depends on what you want.
Just do a search, there a lots of topics about configuring SBIE.
I'll give you one example. I use separate sandboxes for browsers and for Outlook.
In my Firefox Sandbox, for example, I restrict Firefox, Foxit PDF Reader and Windows Media Player as the only apps that can run, and Firefox as the only app that can access the internet. I also block access to My Documents and my d: drive.
Boost, I remember reading a thread with some good screenshots.
Finally found it - see post by LoneWolf:
I don't think there's one best way. Your set-up should be tailored to your own particular needs and comfort level.
Here's my set-up.
Defaultbox: Used for "normal" browsing. The only change I made from the default settings is to block access to My Documents.
Securebox: Used for browsing in choppy waters or banking. IE is the only program that can access the internet. Start/Run is restricted to IE, Adobe, and Java. Drop Rights is activated. Access blocked to My Documents.
ForcedFoldersbox: I have my flash drives, cd and dvd drives, and backup drive identified in Forced folders so any program that runs from these sources does so sandboxed. That's the sole purpose of this sandbox. (Easy to temporarily disable by right-clicking the Sandboxie tray icon.) No internet access allowed. Drop Rights is activated. Access blocked to My Documents.
Testbox1, 2, 3 etc: I have several of these used to store programs that I'm testing. No internet access, Drop Rights activated, Access blocked to My Documents.
Secure delete set up for all sandboxes.
I set mine like this.
1.Invocation,Auto Delete contens when Sandboxie becomes inactive.
2.Forced folders E drive-Cd/DVD run sanboxie
3.Forced programs,Thunderbird email.
4.Internet Access,Opera web browser and thunderbird mail.
5.Start/run access opera,thunderbird mail,windows media player.
6.Drop my rights.
7.File Acess,Block to documents.
I dont let sandboxie to write anywhere, only let it read
Only read only is not the best of choices,for example Opera and mailreaders need OpenFilePath in order to function properly ( bookmarks,mailboxes etc.).
i guess, but i only use sandboxie for risky surfing so i dont need bookmarks or any writing, if i download something i just recover it, and it seems to work fine with FF and Iron browsers.
I thought that everything outside or the sandbox was allready blocked by Default?
Can someone confrim this?
No. For example you are in your browser and want to upload a file. Those area's aren't blocked by default, but you can block them. Downside is if I want to upload something, I have to move it to the desktop.
Write access is blocked by default - a ClosedFilePath also blocks Read access. An OpenFilePath opens Write access.
Is there a limit to how many single sandboxes Sandboxie is able to safely make for users?
Don't know for sure. I use 5. One for each of my 3 browsers, one for Outlook, and the default box for testing stuff that I don't want to reach the internet.
Probably a question better posed to it's developer then, wouldn't you agree? 5 boxes is good though!!!
I would just post the question on the Sandboxie forum.
But I agree 5 is pretty adequate.
well I have about 7 and have no problems.
1 for each of my 3 browsers.
1 for msn messenger
1 for vlc movies
1 for jpg images
1 for warcraft3
Thats about all most people would need really. I sandbox movies and image files incase they have viruses attached to them. I also extract downloaded zip files in a sandbox as well.
Separate names with a comma.