Sandboxing using the following 3 requirements

Discussion in 'sandboxing & virtualization' started by Dii, Jul 1, 2021.

  1. Dii

    Dii Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    15
    Location:
    USA
    I'm looking for a software that can assure that media files(videos,music,pictures) or executable files inside specific folders I make can:
    1.not interact with the rest of the system/OS.
    2.can not access the internet or network.
    3.can not execute themselves in the background without my knowledge.

    Please let me know what software choices exist that fulfill the above requirements. Thank you!
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    I'm not sure what you are trying to achieve? A tool like EXE Radar will only allow whitelisted software to run and a firewall like TinyWall will block network access, but I don't see what this has to do with sandboxing.
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,967
    windows (not home) has the feature for whitelisted executables. anything else sounds like kiosk mode, restricted access to whatever.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    what OS are you using? I'm also not entirely sure what you're trying to achieve, but if my hunch is correct, you don't need sandboxing for it. If you have Pro windows, you could create folders with tight restrictions for the user account they exist in. for example I created one in my user account called "Test" and applied only Read & Write permissions to it. Any file dropped into it will inherit these restrictions.

    This is just one way I can think of off the top of my head, though there are no doubt other ways too accomplish what you want.

    folder permissions.png
     
  5. Dii

    Dii Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    15
    Location:
    USA
    And with Read & Write enabled is it truly enough for all folders in my PC to act like I outlined in my 3 requirements? Can those settings even protect against ransomware?
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,967
    nothing like this can help you vs ransomware. if ransomware can access your system you already were lost long before. create a decent security layer instead, the web is full of examples.
     
  7. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    172
    If your data is important you should have atleast 2 offline backups (like on different external HDD). Every AV can fail that's what backups are for.
     
    Last edited: Jul 5, 2021
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    Okay so you are looking for protection against Ransomware. Then as others have mentioned, you need something else. There are anti-executable solutions and OS hardening measures available, and of course backups offline as mentioned above.
     
    Last edited: Jul 5, 2021
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,967
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,981
    Location:
    Nicaragua
    If what you want is top notch protection against ransomware, Sandboxie protects you. If you get hit by ransomware and you are using a sandboxed browser or if you open infected files under the supervision of Sandboxie, you files and registry, you system is protected. Ransomware can not touch your file system.

    Malware can read your system but can not touch it, it can not modify it. Something that was not mentioned in your other thread is that Sandboxie has settings that you can enable to protect your personal files from being read or accessed by sandboxed programs. This are good settings to protect your personal and sensitive files from being read or stolen by sandboxed programs.

    Bo
     
  11. Dii

    Dii Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    15
    Location:
    USA
    Ok so what are the concrete anti-executable solutions and OS hardening instructions?
    The web is filled with all kind of superficial guides. What are actually exhaustive step by step guides I can follow from people with both good enough qualifications and actual accomplishments in the field of security?

    Can you tell me please what I need to enable to achieve that?
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,981
    Location:
    Nicaragua
    See the picture below. You can use The Blocked, Read or Write access settings. This settings were designed to protect your personal and sensitive files from being read or stolen. Some people use them to hide or block the access to system files or files in AppData but in my opinion, that's the wrong way of using them.

    Sin título.jpg

    In the picture you can see that I am blocking access to only one text file and two folders. By doing that, I am protecting all my sensitive files. I am able to do this because I don't have sensitive files all over the place. So, it helps to keep files together. If I didn't do it this way, I would have to block a much larger number of files and folders.

    Keep in mind that if you block access to personal files, then if you try to upload them while sandboxed, you wont be able to. So, is good to do the protection in all of your sandboxes except one. And use this one when you need to upload files to a mail, etc. Or, you can also make copies of files you want to upload and place the copy in the desktop, and upload them from there.

    Bo
     
  13. Dii

    Dii Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    15
    Location:
    USA
    Thanks so much BO! So far you helped me the most since joining this forum.
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,967
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,981
    Location:
    Nicaragua
    You are welcome. I am glad to help.

    Bo
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,243
    Location:
    Pennsylvania.
    Sandboxie can restrict internet, and running privileges.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.