The amazing product called Sandboxie

Discussion in 'sandboxing & virtualization' started by ssj100, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. ssj100

    ssj100 Guest

    I recently created a thread called "No such thing as 100%". Correct me if I'm wrong, but I don't recall anyone challenging those words by saying that they use Sandboxie. Now I wonder to myself why!

    I am certain there have been many threads on Wilders praising Sandboxie, but I think it deserves one more!

    Just to get things clear regarding how many Christmas dinners you're going to have to sacrifice per year (haha!) - Sandboxie can be used free of charge (but rather stripped down), or you can pay a one-off relatively reasonable sum of money (about the price of 2 expensive meals in my country) to get the full version...for life. Yes, for life, including updates for life. Incredible.

    I must thank the Wilders user "demoneye" for introducing me to Sandboxie and making sure I discovered its true power. Many thanks also to him for helping me setup the excellent (dare I say bullet-proof) configuration below. To be honest, I had installed and trialled Sandboxie about a year ago and very much disliked the fact that it slowed down the opening of my web browser. This has since much improved in the latest version, especially when enabling the force run sandbox option. For my setup (see my signature), opening my web browser sandboxed on cold start takes about 5 seconds longer. On warm starts, it takes about 4 seconds longer. This I can live with! Running my chat messenger program sandboxed doesn't noticeably affect performance at all.

    So here's how I setup Sandboxie on my system:
    Overall, I have 3 separate sandboxes:

    1. Sandbox DefaultBox - this would be used to test out any programs I was unsure about (or was suspicious that the program contained malware). All default options here, except I enable "Automatically delete contents of sandbox".

    2. Sandbox my chat messenger program - this is used to force start my messenger program sandboxed when run. I have restricted internet access in this sandbox to only my messenger program, my default web browser and Java. I have also restricted Start/Run Access to only my messenger program and my default web browser and Java (meaning that while using my chat messenger program, only my "web browser.exe" and my "messenger program.exe" can run at any time). In addition to all this, I have Drop rights enabled (which means that my chat messenger program will run with reduced rights, even though I'm running my overall system on an administrative account).

    3. Sandbox my web browsers - this is used to force start both the web browsers on my system sandboxed when run. I have restricted internet access in this sandbox to only the two web browsers and Java. I have also restricted Start/Run Access to only the two web browsers and Java (meaning that while using either of the web browsers, only their respective .exe components can run at any time). In addition to all this, I have Drop rights enabled (which means that my web browsers will run with reduced rights, even though I'm running my system on an administrative account).

    Everything is now setup and automated. Quite incredible really. For me, my web browsers and my messenger program are the main applications that access the internet daily, and thus have earned a separate sandbox configuration as above! The main reason for separating them is to make updating new versions of each application easier. Fellow Sandboxie users will understand this.

    Any other Sandboxie user please feel free to post how you setup your configurations! Together with my second layer of defense (gosh, I never expected CIS to be the second layer!), I think I am nearing that 100% mark. In fact, I think I could come up with an argument that all you need is Sandboxie alone to get near that 100%!
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I also use the Resource Access - File Access - Blocked Access setting that can prevent access to specific files, folders, partitions/drives. So theoretically with your setup not only can a non-specified program run and not have internet access, it can't access "sensitive areas" of your machine.

    More info here: http://www.sandboxie.com/index.php?ResourceAccessSettings
     
  3. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    you can also blocked any access on your data files....sandbox setting -> resource access -> file access -> blocked access -> add your data folder

    btw, what chat messeger program you are using? i have a hard time setting up Yahoo messenger webcam to run under sandbox, it wont run my built-in-camera. I need to run YM out of sandbox to run my webcam.
     
  4. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    where would sensitive areas on a machine be.I cant think of any on mine that i would call sensitive
     
  5. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    These I use for my Default Box. Added these to each internet facing application used with Sandboxie too. All chat messengers, browsers, Foxit, P2P's.

    Resource Access - Closed File Path Settings

    all other drives other than C:
    !,\Device\RawIp
    !,\Device\Ip*
    !,\Device\Tcp*
    !,\Device\Afd*
    C:\AUTOEXEC.BAT
    C:\boot.ini
    C:\ntldr
    C:\NTDETECT.COM
    !,*

    *NOTE* all of the above only work *trouble free* on my laptop. I found my router was unable to communicate at boot when I used these settings with my desktop computer. I managed to narrow it down to these below as working fine for me though. *custom rules they might not work for you*

    C:\AUTOEXEC.BAT
    C:\boot.ini
    C:\ntldr
    C:\NTDETECT.COM
    !,*

    Resource Access - Closed Key Paths

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

    Now and then I do away with my Anti Virus and rely solely on Sandboxie. My junkware scanning produces zero every month, I attribute that to using Sandboxie. So good I decided to pay for it.
     
    Last edited: Apr 21, 2009
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Around 2 gig of malware samples tested in a default sandbox with no breaches as yet.

    Latest one I found this morning which is a fake codec and installs a rogue AV.
    Waste of time trying to run samples in a hardened sandboxed as it's just too damn secure! :mad:
     
  7. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I had same problem with yahoo's voice not working. I gave yahoo messenger direct or full access to yahoo's folder. Solved the problem.
     
  8. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i am glade you like this software ssj100 , yes SB is a good products which gave its user a long range of possibilities to make his security environment secure.

    actually , i found time 2 time news thing in SB , to restrict thing up , and that is the beauty of it , its most flexible boxing utility ever created.

    i also agree with you about CIS cover all pc up , just in case something will go wrong , and its good 2 use free security products as much as u can so u can FREELY browse the net for your amusement ;)

    cheers
     
  9. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I also love this program but had one problem I couldn't figure out. It was a show stopper for me. Running SBIE with Firefox 3.1 or any FF version on my laptop using the synaptics mouse pad, I couldn't get the damn thing to scroll. I'm so use to working with the scroll function on the mouse pad that it's second nature to me. SBIE works fine with IE any version but I hated the random crashes IE would give. Plus FF is a faster browser. If someone can figure this out I would appreciate it. I tried the fix at Sandboxie's forum but it didn't work.

    Ice
     
  10. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Yeah, Sandboxie is a amazing Software. Currently, i using only 2 thing differents. I create different sandboxies like you from the Browsers and Instant messengers and put the windows directory in read only mode for it. Also, i garanted Start/run Access for Office and Foxit for read/see documents and presentations in the sandbox without the necessity of recovery the file and for explorer.exe, verclsid.exe and rundll32.exe, because i always use "Run Windows Explorer" feature to scan files with on-demand scans inside the sandboxie before recovery it.
     
  11. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    I'm approaching my one year anniversary with Sandboxie and am well-pleased with the product. My set-up keeps evolving, but currently it looks like this (note: I use the options settings in CCleaner to secure delete the contents of all sandboxes except my testboxes):
    • Defaultbox: Used for routine surfing. Default settings used except blocked access to My documents. Color border = green
    • Securebox: Used for banking and/or high-risk surfing. Restricted internet access to IE only. Start/Run Access limited to IE, Java, and Adobe. DropRights enabled. Blocked access to My documents. Color border = red
    • Forcefolderbox: Used solely to capture any surprise attacks from flash drives, etc. No internet access permitted. DropRights enabled. Blocked access to My documents. Alpha prefixes of my cd/dvd disk drives and flash drives identified as Forced Folders. Color border = orange
    • At the moment I have three separate Testboxes for testing software. Their settings vary. Color border = yellow
     
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    try maybe pm tzuk or post this issue on SB forum , coz its a something specify not a general bug/error.

    cheers
     
  13. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    I just use sandboxie for IE at the moment - and testing unknown apps. I have just the defaultbox set to delete contents when the last app finishes.

    I would be interested in configuring it to run Outlook 2007, Windows Live Mail and possibly Live Messenger - but in sandboxes that were perminant (well, perminant for Outlook and Live Mail)

    Any step by step guides on how to do this?

    When I try to rum my mail client from the Sandboxie menu, I get an error message saying the client is not set up to run sandboxed?
     
  14. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Yep. I did try posting over there but the solution given didn't work for me. On my main PC, FF and Sandboxie work great. It's this Synaptics mouse pad that has the issue with SBIE. There is probably such a small sample of people using this combo that it probably isn't worth finding a solution. No disrespect to tzuk but he probably has bigger fish to fry. It's really shame because any machine I work on I always recommend SBIE.

    Ice
     
  15. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
  16. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
  17. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    For example you had a "2007 taxes" folder or "software keys" folder in My Documents it might be a good idea to block access to them. Your software keys are worth money and your tax info could be used to steal your identity. That's what I mean by sensitive areas. In my case, I block access to my entire data partition.
     
  18. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    thanks! it works.

    btw, how can i check if my outlook is sandboxed? i follow the procedure but i dont see any # # when i open my outlook or open one email message. Anybody?
     
  19. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Open Sandboxie Control click File and then click 'Is this window sandboxed' and follow the instructions.
     
  20. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    i really have a hard time setting up my outlook to run sandboxed using the procedure at Sandboxie website....can you please give me step by step procedure how to do it. thanks
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I use an online email service so I'm not familiar with Outlook Express. I just glanced over the instructions and it looks like you just check the Outlook Express box and then test to make sure it's working properly.
    http://www.sandboxie.com/index.php?EmailProtection

    Is it the Test and Confirm Configuration that is confusing you? If so which parts? Is Outlook set to save it's data in the default location?
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Another way, is open an attachment, that will show the ##'s

    Pete
     
  23. N2thuWild

    N2thuWild Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    38
    I would really like to try Sandboxie. First question, I already have GeSWall Pro, can I have both on same computer? Second, can you copy and paste using Sandboxie?Third, basically do anything that you can do when not running sandboxed. Thanks,:D
     
  24. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I recently moved the Sandboxie container folder to a Ramdrive. Does seem a bit quicker loading pages.

    Thought while I'm at it I might as well move Firefox cache folder to the ramdrive, also. It all works together beautifully, so far!

    Anything lingering in the Firefox cache is deleted on reboot. Much less clutter!

    Heres the guide I followed for the ramdrive set up and Firefox cache redirection. Sandboxie container folder setting is in Sandboxie Control - Sandbox tab.
     
  25. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    There have been reports of conflicts between the two. Check out some of the older threads here at Wilders.
     
Loading...
Thread Status:
Not open for further replies.