Sandboxing - what applications, and why?

I would like to know, of the users who utilize sandboxing technology, what applications you run sandboxed, with a brief explanation of why you find it wise to run said program sandboxed, and maybe a quick example of how running said program sandboxed would theoretically save you against malware....

 

Newsreader, emailclient and webbrowser. new malware wich are not detected yet by any anti virus/malware by signatures or heuristics is for the most part safely isolated from your main system trough a sandbox. The programs i mentioned should be the most obvious ways from ways of infections. I say most cause there is malware out there capable of breaking out the sandbox. However with your anti virus, anti malware, anti spyware, firewall, anti ads, alternate browser, hips and sandbox you need not worry.

Cheers.

 

Thanks for the reply- if you run your email client sandboxed, wouldnt you lose your emails, when you empty the sandbox?

 

You may find some insight re: sandboxing & email clients here:
http://sandboxie.com/phpbb/viewtopic.php?=&p=5332
http://www.sandboxie.com/index.php?EmailProtection

 

I don't much use anymore any email clients, but Sandboxie has an option to Thunderbird mail client. So all my ISP email posts will remain in my local hard disk TB mail box, even after clearing out the sandbox.

I feel though more comfortable using my gmail email and that only in web browser instead in an email client. Cause of possible exploits and a web browser is always sandboxed tight!

That leaves of course the trust to google to keep them private. My emails though have not much to hide or to exploited so that someone possibly could make a fortune on them. Private they should remain and that is a trust factor we all depend who use a gmail account.

Jarmo

 

Just about any sandboxing utility will do as long as you have control over outgoing communications. Anyone who wants to be very secure will have a good firewall that will stop most leaks and run a sandbox that empties on reboot.

SourMilk out

 

I do sandbox besides browsers also email client, instant messengers (Skype included) and also torrent client. They need some effort to save chats and downloaded stuff if wanting, but thats the way I like to keep it.

I agree, the foremost thing is the browser. Sandboxie has the option to allow bookmarks (favorites in IE) to be unsandboxed.
The Firefox extensions that are to be permanent has to be installed in unsandboxed browser, but you can try them of course first sandboxed.

 

Pete:

Hm, I see-

I use opera run through proxomitron, with outpost firewall-blockpost plugin enabled - could I catch a virus like this just from surfing and without intervention?

The only virus i've ever caught is that one we were discussing on the isr forum a few weeks back, and that wasn't from just surfing, I deliberatly allowed it by clicking on something suspicious I downloaded. I don't think i've ever had any trouble just from surfing, maybe someone could post a link towards some reading on this ?

Thanks for all the input by the way

 

Anything you try to install or run with a sandboxed browser session should also be sandboxed. That is the main reason of using a sandbox.

 

Good point to bear in mind. Sandboxie does an excellent job of keeping stuff off your system. Not as well at preventing stuff from leaving your system.
My Sandboxie rational:
One of my primary reasons for liking this software (enough to register), is it's convenience, aside from all the security benefits (and they are substantial).
Before SandboxIE, I was constantly turning cookies on/off (depending on site visiting), as well as Java, JavaScripting, etc. Made me crazy.
OK, I'm at Wilders, cookies on. Browsing elsewhere, cookies off. Other trusted sites, damn, they're not rendering correctly, Java/JavaScript on.
Constantly clicking permission stuff depending where on the web I was.
At the end of sessions, I was constantly reviewing, subsequently selecting/deleting cookies, as well as clearing history, etc.
Ahhhh....With SandboxIE, I find the browsing experience much more relaxed.
Cookies, Java, JavaScripting, all ON.
Browsing done, close browser, EVERYTHING gone.
Surf with virtual impunity.
Simplistic approach. I like simple.

 

Bob D,

You make good points- but surfing with everything on in a sandbox, while your security wouldn't be compromised, what about your privacy?

Myself, I use agnitum firewalls active content plugin to control these things- globally I set most active content elements off, then I add site exclusions as necessary, for instance with Wilder's it's set to allow cookies, referers, javascript, etc.

I understand your points about convenience and not sacrificing security, but I wonder about privacy.

 

Pete,

Exactly- that's why I don't understand with his case for surfing with all active content allowed, because though it empties after the sandbox session, those active elements can compromise privacy while surfing.

But basically I think what's being said, is, in spite of your other defense layers, go ahead and surf sandboxed, just in case, right?

 

i run my web browsers sandboxed, that's about it, use it as a layer of security against anything AV may not recognise, from a privacy perspective I use Opera which controls cookies, referrer logging, JS, and plugins, etc.

 

I agree, but I'm not terribly worried about tracking cookies telling "Site A" that I subsequently visited "Site B".
And IF I should decide to surf the dark side, I turn cookies, java, etc OFF. (With K-Meleon's "privacy bar", control / visibility of these is so easy).
Any nasties that do "run" are constrained to the sandbox.
Any serious violations (i.e.: outgoing), should be picked up by FW/HIPs.
Common sense (and a modicum of paranoia) prevails. For instance when doing online banking or the like, I typically close browser, re-open browser, do transactions, close browser, re-open browser, continue surfing.

 

Sandboxie and any AV rated Standard or better will secure 95 percent of you. Sandbox your web browser and email.

 

I agree with trjam that SandboxIE will do the job. Make sure you configure SandboxIE correctly with your browser and email client though. Then add any good AV to it and that is sufficient.

dja2k

 

I've been trying out SandboxIE, and have read through the FAQ sections on the SandboxIE website, but am not sure what needs to be configured. Any recommendations would be appreciated.

 

Cloudcroft I have sent you a PM about your question.

dja2k

 

You can also alter Sandboxies configuration file to tighten things up. For example, you can add a line that blocks a Sandboxed program from My Documents.

 

I was actually referring to that exactly plus other configurations.

dja2k

 

Add the four lines to Sandboxie's ini file.Replace firefox with the browser that you will use then go over to the leaktests site and see how you go.

Of course nothing else, except your browser, that is sandboxed should be able to connect,

Code:

ClosedFilePath=!firefox.exe,\Device\Afd*
ClosedFilePath=!firefox.exe,\Device\Tcp
ClosedFilePath=!firefox.exe,\Device\Udp
ClosedFilePath=!firefox.exe,\Device\RawIp

Leaktests

 

Just a thought... No one mentioned Returnil as a sandbox option. I have been thinking of trying it and wonder how many people are using it rather than Sandboxie.

 

Using both here with no probs or slowdowns on all my Vista/XP drives.

Exceptionally fine and rock solid apps the both of em.(for me anyways)