What apps do you run sandboxed?

I'm the type who finds sandboxing unnecessary for installed apps since I'm not a happy clicker, especially with anti-exploit and AppContainer.

But since I gave up on virtual machines (or at least the sluggish VirtualBox), SBIE is my go-to program for trying out anything suspicious (at least according to VirusTotal) or unknown.

Then again, I might use it for programs I need to run, but automatically installs or leaves behind a lot of junk or other unwanted crap. Good thing those are non-existent right now.

*And I'm not as dedicated to privacy as before, so yeah. Currently I care more about my devices than the data within them. All the data I care about are in my head or encrypted elsewhere.

 

so you double sandboxing chrome? since it sandboxes itself.

 

I thought it was pretty clear I didn't? I really don't want to go back to this topic again... 2 giant threads is long enough.

*Oh but I do sandbox some of what it downloads...

 

what about Skype, etc.. no one bothering to sandbox or are you not using VOIP/messaging

 

I only sandbox Firefox x64, Chrome x64 and SumatraPDF. Ah, and I use Shadow Defender all the time.

I don't see why I would create more sandboxes, everything runs without ANY problem/interruption.

Maybe I will create some sandbox to my USB Drives, but I connect (safe) external HDs with frequency so I don't know...

 

right now just cyberfox.

chrome is auto sandboxed by the dev's unless you on XP.

everything else I use doesnt really need it.

 

I know some people see Sandboxie as a browser in a sandbox but thats not what Sandboxie is. Sandboxie is an application sandbox, that to get the most of it, you use it to sandbox most files and programs that run in your computer everyday. Thats what I do with SBIE. If a file is gonna run in my computer, its gonna run sandboxed during its lifetime, until it gets deleted.

You can sandbox all kind of files and programs. PDF Readers, video players, Office programs, you name it, just about anty program you run in a daily basis, you can run it sandboxed. It gives me peace of mind knowing that I am protected when I run anything that I download or any file that I introduce in the PC, and without the need of signatures. Sandboxie is the perfect protection against zero day threats.

You as I read links that people post here at the forum about new threats doing this and that to fool people into doing what it takes to get infected, that's of no concern of mine, the only times I really concern myself about a file is when I am going to run it unsandboxed. And thats very rare. Almost never happens.

If you have the paid version, use SBIE to force your USB drives. And if you dont have the paid version, get in the habit of using a sandboxed Windows explorer for navigating to the USB drives. You can do that with the free version, this is great protection specially so if you have the bad habit of plug in other peoples flash drives in your PC.

Bo

 

Hi rm22, I dont use Skype but if I did, I would install it in my real system, force it, and run it sandboxed.

Bo

 

Firefox, Deluge, and Hexchat

 

Do you mind sharing the config for your streaming sandbox? Also what's the issue that would otherwise prevent streaming from working? Thanks Bo.

 

Every folder/process having contact with internet

 

I run everything sandboxed, regardless if it has connection or not Specially Office programs, where all it takes is one specially crafted document to take over an entire system.

Games, 3D software, GIMP, Iceweasel, VLC.... anything that can take in outside code is sandboxed.

The only things I don't sandbox are like the Calculator, the Terminal, and System Settings (and a few others)

 

Hi RJ. I have two computers, an XP and W7. The browser I use for streaming is Firefox. In the W7 I don't have to do anything special for streaming NBA/MLB/NFL games from sites like the one below. Or for anything else that requires flash.

http://goatd.net/

But in my XP, and this is the computer that I use for fun, I found that some videos in sites like cbssports.com or sites like the one I linked above, content doesn't play if Drop rights is enabled. So, for watching sports and I watch a lot of games, I have to use a sandbox with Drop rights unticked. Here is an example of a video from CBS that I cant watch in the XP if I am using a sandbox with Drop rights ticked.

http://www.cbssports.com/nfl/news/j-j-watt-reportedly-undergoes-back-surgery-will-start-camp-on-pup-list/

I call my sports sandbox, FirefoxAllRights. Like most everything regarding Sandboxie, I dont have to do anything fancy with settings.

[FirefoxAllRights]

Enabled=y
ConfigLevel=7
Template=Firefox_Bookmarks_DirectAccess
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
RecoverFolder=C:\A1\c1
RecoverFolder=%Desktop%
BorderColor=#00FFFF,off
AutoDelete=y
NeverDelete=n
BoxNameTitle=n
ClosedFilePath=%Desktop%\Otros.txt
ClosedFilePath=\Device\Mup\
ClosedFilePath=%Personal%\my documents on Bo\
ClosedFilePath=%Personal%\xxxxxxxx.pdf
ClosedFilePath=%Personal%\xx.txt
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
NotifyInternetAccessDenied=y
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,foxitreaderportable.exe,foxitreader.exe
ProcessGroup=<InternetAccess>,firefox.exe,plugin-container.exe
NotifyStartRunAccessDenied=y
ClosedIpcPath=!<StartRunAccess>,*

If you do a lot streaming from sites like goatd, in my opinion, as important as using Sandboxie is using something like NoScript and AdblockPlus. This addons tame sites like that. Sites like that one become totally harmless and games are easy to watch when using NoScript/AdblockPlus when otherwise someone can easily become infected by visiting this sites without SBIE or the addons.

Bo

 

Regarding Office files, even when creating a Word or Excel document, I do them under Sandboxie. I do that automatically without thinking or feeling being inconvenient in any way. For me doing them like that feels natural.

Bo

 

We're on the same track, I guess. I don't know how Sandboxie works, but I presume you can create documents and then save them outside the sandbox or something like that, using it more like a RESTRICTOR than a Full-fledged sandbox. I use Firejail but not really like a full sandbox for most of the times; it disables some syscalls, blocks a ton of important directories and such, but I'm able to open and save documents as I wish.

But then I created a new shortcut for Iceweasel and THIS is 100% sandboxed by Firejail (--private switch), it cannot see my real files, it's like it's on a whole different computer. I use this browser for Facebook, Google, YouTube, etc. Then when I close it, all files are deleted.

 

Yes. you set Recovery in the Office sandbox same as you do with browsers. Same principle. So, for example, if you set Recovery to the Desktop and untick Immediate recovery, after creating a document in the sandbox, before the sandbox gets deleted, you ll have the chance to save the document to the Desktop.

Or, if you make changes to an existing document that you have in the Desktop while running it sandboxed, when you close the edited document, you ll get a prompt asking you if you want to save the document, you accept and the edited document replaces the old one. I use Office in XP and Libre in W7. I use both programs the same way.

I am so used to using Sandboxie this way with just about anything that I do with the computer that all comes natural and feels that it is the proper way to do things.

Bo

 

Thanks for the clarification

 

I didn't know you were using Sandboxie as much as you are, I am glad you are.

Bo

 

I'm not That's why I didn't know how it works I didn't have the money to pay for it, so I just used the COMOD Sandbox while I used Windows. Now I'm back on Linux, so I'm using Firejail.

 

You can do with Sandboxies free version what I wrote about Office and recovering files. The only thing you cant do with the free version in this regard is have Office files run sandboxed automatically when you click files. But people using the free version, can run Office files manually or navigate to them using a sandboxed Windows explorer. Protection, recovering files works the same with either version.

Bo

 

The only problem I had with the free version is that it doesn't allow multiple separate containers. But if I had the money, I'd definitely buy the program.

 

You can use multiple sandboxes in the free version, but to use more than one at a time, you need the license.

Bo

 

Exactly.

 

Cheers Bo. Yeah that looks straightforward. I wonder the issue is something to do with DRM.

My setups have a mix of MBAE/NoScript/uBlock along with SRP and disabling Powershell/WSH. Fairly lightweight way to block the majority of nasties. Some streaming sites I've noticed have such a mess of layered third party scripts, it's trial and error to determine the minimum required to actually load content. Since I put Sandboxie back on one of my PCs, I figured I may as well make use of it again.

 

I don't think having to use the slightly less restricted sandbox in XP than the one I use in W7 in the situations I described is an issue. I dont see it as an issue. I think it has to do with Sandboxie interacting differently with this particular type of content in different systems.

Trial and error for getting NoScript down pat in sites you use on a regular basis is the right thing to do. The benefits of doing it outweighs the seconds or minutes that it takes. In some of this sites if you try to watch a game as the site comes, is like trying to ride a wild Mustang. You tame it with NoScript and AdblockPlus, the site becomes a sleeping baby. The difference is like night and day.

I remember you told me about 2 years ago that you were going to put Sandboxie back, it took a while to do it. I hope you like it.

Bo