Why should I empty my sandboxes? (Sandboxie)

I have Sandboxie installed on my laptop as my core security feature and I have a handful of sandboxes, each devoted to it's own purpose. I was thinking about some stuff which led me to wonder why emptying sandboxes is so important? I understand that emptying the sandbox you use your browser in is critical. But I have a sandbox for Steam and it's games and I don't see why I should ever empty this. A virus in this sandbox poses no real threat other than crashing a game or stealing bandwidth in which case a sandbox empty would be the easy fix. As of now, I have all of my sandboxes set to auto empty, and scanning my steam sandbox and then recovering everything every time I close steam is getting old. Am I missing something or should I simply not worry about emptying sandboxes like these?

 

Last time I checked, sandboxie doesn't stop outgoing communication between the trapped malicious agent and the internet. So while it poses no threat to your system, unless you recovery it; I'm of the understanding that malicious agents which capture and retransmit data can in theory capture sensitive data presuming its in the sandbox. If anyone knows for certain, they are welcome to correct me. I'm not a subject expert on sandboxie nor steam, but I believe that would apply to cached data such as cookies and web history.

Does steam require you to sign in or cache online content? If so, then the only way the malicious agent would end up in the sandbox is through steam itself. So presuming they manage to infect you, I'd be less concerned about the sandbox getting emptied and more concerned about the security of steam. The only other way you could get this hypothetical malicious agent is if your sharing the sandbox with another application like your browser or system is already infected at which point the argument is moot. Either way, I'm going to vote no. Why waste the time and effort? The only added benefit here is that previously cached data from steam is removed, which like running ccleaner on windows is good to do every once and while. Hopefully this was helpful. As you can tell from my setup, I personally lean on the paranoid side, so I delete religiously. Also it wouldn't hurt to check out the sandboxie forum. I read through it on occasion to keep informed. Might find a better answer there.

 

My main concern was when downloading content(maps, sounds, etc) from a games server. To my knowledge, there is nothing stopping a server from hosting malware. I am of course talking about servers hosted by random people and not servers that EA would use for instance. Like I said this sandbox is just for Steam and the games launched from it so there won't be any "contamination." As of now, I think I will stop worrying about emptying it but I'd like to here other peoples opinions.

That's a good idea. I will probably start doing that for a few different things. Thanks for the reply.

 

See Defending Against Key-Logger at bottom of this page:
http://www.sandboxie.com/index.php?DetectingKeyLoggers

Acadia

 

Not by default,but you can configure it to only allow set programs internet access.

 

Thanks andyman35,

Good idea, that would certainly help in fine tuning some of my sandboxes.

 

According to this, if I "Terminate Programs" in my Steam sandbox after use, I'm good; no empty required. But I also have internet access and Start/Run restrictions for the sandbox. So technically, I shouldn't have to do this. Also, according to this link, I'm protected form rootkit key-loggers and windows hook key-loggers. Scripted key-loggers would only apply to the program that got infected and thus wouldn't transfer outside the sandbox. I'm not sure about windows message key-loggers though. From what I can tell, they "can only reliably record activity within one program" so this would mean only the program that launched it, right? If so, there is nothing to steal from Steam or Counter Strike for instance so I'm good here too. Am I missing something?

 

Sandboxie is wonderfully granular when you delve into it.

 

Just an update, I posted a similar thread in the Sandboxie forums and was reminded of the leader program and terminate on exit setting. So Steam is now my leader program with the sandbox set to terminate all remaining programs when I close steam. This offers the same protection as emptying, without emptying it.

 

I think you misunderstood Guest10 a little. He gave you (quoting Guest10) a "reasonable approach for sandboxes that you do not delete" but nothing can take the place of Deleting contents when we are talking about SBIE.

Personally, I wouldn't keep a sandbox from getting deleted unless I have a program installed in the sandbox and I ll like to keep it. That is really the only time that I would keep a sandbox the way you want to do it. Just my opinion.

Bo

 

But if nothing is running, it poses no threat. Say I start steam again and it starts a keylogger. At most, it will steal my Steam password; which is different than any other password I use. I also have the email verifications enabled so even if my password was stollen, they wouldn't be able to use my account. I don't see what the issue is.

 

Crusher, yesterday when I wrote my post, I didn't take into consideration something very important, convenience and usability. That was wrong.

I think when we create a sandbox, the sandbox has to be as tight as possible but its got to feel convenient. Otherwise, we would not use it or would feel uncomfortable when we use it. Since in the case of your Steam sandbox, keeping contents is important to you, now I think you should do so.

Anyway, even if you don't delete the sandbox, nothing gets out. If you block your personal files and folders from being accessed you should be fine, IMO.

Bo

 

I guess I should have phrased it differently. I know that deleting everything is more secure but I guess I was just wondering how secure simply terminating all programs is because I wanted it to be more convenient. I guess we are both on the same page here. The only reason why I don't want to delete the contents is because it makes loading faster when changing maps and servers when you have the files already downloaded. Also, I wouldn't have to keep updating games then. I think I might just update games unsandboxed and then delete all contents when Steam closes. It seems like no many how many times I play the same map on the same server, there is always more to download anyways so I can wait an extra few seconds here.

 

Yes we are. You ll be OK doing what you want. Trading a little extra safety for a lot of convenience is worth it.

Bo