Sandboxie

Discussion in 'sandboxing & virtualization' started by whitedragon551, Dec 1, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    How do you run suspect programs in the sandbox?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    is the sandboxie new licence system life time?
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  4. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    right click on suspect program run sandboxed from context menu :D
     
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    My plan is to have a sandbox for browsers and then all other internet facing applications separately. Ill also have a hardened sandbox for suspect files.
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have been doing what you suggest for some time now.

    My "downloads" directory is forced to start in SBIE. It allows all to run, but denies network access to everything.

    I have another box that I labeled "Live Test". I can install/run items in there that I do want to allow net access but still keep in a controlled environment.

    I have a "media" sandbox for any program that might connect to a network resource outside of my LAN.

    It works very well. I haven't touched my configuration much at all since I finished it.

    Sul.
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Ive also removed the default Sandbox configuration in Sandboxie. Created my own folder called Sandboxie and have it set to hidden. I then configured Sandboxie to use that hidden folder so there is no chance of my wife or kids browsing to it and bringing a nasty out accidentally.
     
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If you start explorer, navigate to c:\sandbox, execute a file, it should open in the correct sandbox. So if your wife/kid were to go there, it is still contained to within the sandbox. Hiding helps too, but maybe is not needed depending on what the goals are.
    (it may only work on sandbox contents that are 'forced' even though you are exploring c:\sandbox)
    Sul.
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    There are of course many ways to approach it.

    Personally, my approach was to segregate threats into different sandboxes. It is all individual tastes I suppose.

    I have a sandbox for each browser. The sandbox restricts only approved applications to start and access the network. This ensures when I use Chrome, only chrome and associated programs (like foxit) will be allowed. I use one browser for online transactions, and that sandbox is set to delete itself - keeps a clean state for online transactions.

    Other browsers keep settings/cookies, but these are never used for sensitive browsing.

    Media players are housed in a different sandbox(es).

    I allow all sandboxes direct access to my downloads directory, so I don't have to do any recovering of those files.

    The downloads directory itself is forced into another sandbox. This sandbox allows all executions but denies any outbound network activity. It is here that I do most of my "testing" of new things that will work in SBIE.

    I have other boxes, such as LiveTest for unhindered testing, and TestBox for specialized purposes.

    All of my boxes are configured to lock down specific files and registry areas that might pose issues within the sandbox environment.

    The way I set mine up is really to achieve 2 main purposes. First is of course so that each box is as secure as is reasonably possible, but second, and probably the more important for me, is to keep track of what is in the sandbox environment. I know if I install flash into the Opera sandbox, I can delete any other sandbox and know still what is in the Opera sandbox. As well, if I want to find something I used in a sandbox, I know which one it will be in. I rarely use the recovery feature because almost everything I might want to recover is downloaded and in the downloads directory, for all boxes to use.

    For example if I download a setup program, it goes into my downloads folder, no recovery needed. If I browse there and execute the setup, it is forced into my "downloads" sandbox. I know right where to look if I need to. I can also choose to execute that setup program into my LiveTest sandbox. Again, I know right where to look to get something if I need to. The original setup program is always untouched in the downloads folder. If, after testing it in a sandbox, I want something, I open that sandboxes directory and copy it out. Or if I want to install it to the real system, I copy it out of the downloads directory and place it somewhere else (desktop) and run the setup. If I like the new program, I might then archive it to another area.

    Thats just how I do it. For me, it could be different, but could never be setup to require me to "recover" all the time. I don't like to take the time for that, and don't want to build up a "recovery list" to will include all the places "out of the ordinary" that are not recovered by default.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.