All You Need To Know About Sandboxes

I'm sure most of you have heard of sandboxes (talking computer security here), but not a lot of people know exactly what they are and why or how to use them. So let's start out with the main aspect: why do you need them? Even if you have the best antivirus software available, dealing with shady or infected applications is still a problem as getting rid of possible malware could cost you a lot of time. So what do you do when you really need to use an application which you know or suspect to contain malware? You install it in a sandbox.

Theory

To put it in layman's terms, a sandbox is a sort of virtual box that keeps a certain area of your hard-disk or memory separated from the rest. In this virtual space you can safely install and run untrusted applications without the risk of infecting your operating system or the rest of your files. All you need is enough storage space to make a sandbox large enough to run the application, and you are all set. There are very few situations when sandboxing a program won't yield the desired results. As far as I know, there are very few malware capable of countering sandboxes (they do so by filling the allotted space with bogus commands, thus making you unable to run them).

There are a bunch of things that are already sandboxed on your PC, even though you don't know about it. For example, both Google Chrome and Internet Explorer run in their own sandboxes so that they can't affect your other systems or applications. Furthermore, browser plug-ins, Adobe Reader and Microsoft Office all run in protected virtual spaces. Theoretically speaking, the Windows UAC (user account control) also sandboxes your application, but the protection it offers is minimal and most people bypass it without even a second thought.

Practical Solutions

Wondering how to set up your own sandbox? There are two solutions for this process and you may already know one of them as I've written about it in a previous article. You can either use a virtual machine or applications that are specifically designed to sandbox applications. However, using the first solution just for this purpose is a bit complicated as you need to download and install the VM application, install the operating and system, and only then you can safely install and run the sandboxed application.

As I've said, there are a few applications specifically designed to help regular users create their own sandboxes. Here are the three tools which I found to be the best for this purpose:

Sandboxie

SandboxieSandboxie

Sandboxie is a very handy Windows tool which allows you to create a sandbox using your hard-disk's storage space, thus installing and using the applications internally. In case your Internet connection isn't the greatest, then this is the best solution for you. What's really cool is that the application is easy to install and pretty straightforward as far as usage goes, so even if you're not a tech-savvy person, you can quickly get the hang of it. Furthermore, after you install it, the application displays a compatibility screen which allows you to improve the way certain tools work with it.

You can use Sandboxie to access webpages or install and run applications in a safe environment. All you have to do is to browse to the desired application from Sandboxie's interface and run it. All the sandboxed programs will have a # symbol at the end of their names in the title bar, so you will always know which ones of your applications is sandboxed and which are not. For additional security, you can first run your browser in Sandboxie and then download the desired program, which will also place the setup file safely. Once you've determined that an application is safe, and it doesn't need to be sandboxed go to Sandbox --> DefaultBox --> QuickRecovery and select the folders or apps which you want to get out of the sandbox.

Unfortunately, Sandboxie has a couple of disadvantages. The biggest drawback is that you can't use it on 64-bit systems because of driver issues. The other problem is that it will automatically download or install applications in its own directory, so you must make sure that the drive you placed it on has enough space for all your sandboxed content.

Spoon.net

Spoon.netSpoon.net

Unlike Sandboxie, Spoon.net is a sandboxing service which allows you to run your browsers in a secure virtual machine (sandbox). The basic features of this Windows-only tool can be used for free, but if that's not enough, you will have to pay for a subscription. This tool also provides a function called Browser Studio, which allows you to preset specific extensions and preferred settings for any of the browsers you use. (These settings and extensions will also run in a sandboxed environment).

AirGap

If you're looking for a business-oriented sandboxing solution, then AirGap is what you want. This powerful tool is designed to completely separate the browser from the user both physically and virtually. What this means is that no code coming from your browser will be able to interact or affect your software, nor your hardware. A big advantage is that this service isn't only available for Windows users, but also works on Mac OS and Linux.

Referenced Windows applications
Discussion

Comments

1 comment
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strike> <strong>

..hmm, Sandboxes can be really useful, thanks.

Reply   |   Comment by Alexander  –  2 years ago  –  Was it helpful? yes | no (0)