Thursday, January 24, 2013

[Review] Sandboxie

The Good :

- Load your applications in an isolated environment.
- Easy recovery of the isolated files.
- Light on system.
- Improved compatibility with some software.
- Highly developed and frequently updated.
- Free and Paid version offers the same basic protection
- Lifetime paid license.

The Bad :

- Free version have less options than the paid one (quite normal after all)




What is Sandboxie?

Sandboxie (aka Sbie) is part of what we call "light virtualization" softwares, it is a sandbox software.

Sandbox softwares' purposes is to run your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer (as shown on the image below), that gives to your system an increased security since everything that happen in the sandbox are not redirected to your real system.

[Image: wpVYa.gif]

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Benefits of the Isolated Sandbox:

- Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

- Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

-Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

- Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
Now that you have understand its function, let's go for a tour:

1- Sandboxie Control

The main interface of Sandboxie, where all the options and features are available; you can access it via the yellow tray icon.

[Image: Fubk5.jpg]

by clicking show window

[Image: IqL33.jpg]

As you can see, i have 2 sandboxes, one active the other inactive (the free version allows only one active sandbox at a time where the paid version allows many active sandboxes simultaneously)

- BankingBox: i create this one with some options for banking purposes
- Default Box: the default one (active).

2- Running an Application Sandboxed

As explained earlier the purpose of Sandboxie is to run any of your applications sandboxed so they can't modify your system and files.
I will use Firefox (aka FF) to describe its functionality.

For ease of use, Sbie create automatically an icon called "Run Web Browser Sandboxed " that will sandbox automatically your default browser.
Let's do it:

[Image: OYkzm.jpg]

You can see in the picture above , my Firefox is Sandboxed, it is indicated by a green border around Firefox. (you can choose another color)

At same time, if you open the "Sandboxie Control" window, you will see the various active processes ran sandboxed, Firefox is present (with the page i opened in it. The picture below is the "Program View"
The screenshot shows that more programs are running, SandboxieRpcss.exe and SandboxieDcomLaunch.exe. These support programs are part of Sandboxie. If they are needed, they will be automatically started, without any explicit action on your part.

[Image: CTjkA.jpg]

Alternately by clicking "View" > "Files and Folders", you will see the changes made in your system; this view allows you to track every modified files, very practical to see the behavior of the sandboxed program, for example if you open an audio player and it start to change your Hosts file , you can guess that something is wrong...

[Image: S3R2J.jpg]

Also, when Sandboxie is actively running programs in any of the sandboxes, the Sandboxie yellow tray icon (at the corner of the screen) displays red dots.

3- Recovering items

You know that every changes are isolated (so non-present in your real system), this also includes downloaded items, so you will ask me : "so how i do if i want keep the downloaded file?"

Luckily for you, Sbie has a features that allows you to recover the files changed/downloaded.

Quick/Immediate Recovery

By default, Sbie had set some locations as eligible for "Immediate and Quick Recovery", it means that any modified files located in those locations will be automatically recovered.

to show you the feature, i downloaded Comodo Dragon, and at the end of the Download , this windows automatically opens.

[Image: GpX2N.jpg]

You can see in the upper window , the virtual location of the file, i have then the option to recover it in that folder or to another one.
By choosing "recover" , the files will appears in my real system, if not it will remains sandboxed.

Manual Recovery

Sometimes some files are modified/created outside the locations eligible for "Immediate Recovery", it is now the job of the "Quick/Immediate Recovery" function.

i will show you how it is by downloading Comodo Dragon again but this time outside my eligible folders.

[Image: nJlPD.jpg]

As you can see, Dragon is located on my "D:" drive.

4- Terminate the application & Deleting the sandbox

When you are done with the sandboxed software and you have recovered all the needed files, you can terminate the application and delete the sandbox contents via the tray icon.

[Image: bYqAc.jpg]

in the case some files are still present inside the sandbox, this windows appears:

[Image: ZNe2D.jpg]

You can then recover or delete the contents as you wish.

Final Notes

Now you surely realized the huge security potential of Sandboxie, this program is a must have if you are a bit concerned by securing your system.

I rate it 5/5.

Sandboxie has many tweaking options that may fit your particular needs, they are too numerous to be explained here, but you can for example set Sbie to protect you from keyloggers.
The paid version allows you to force your browser to be runned sandboxed, so your kids will not infect/bloat your system by downloading dozen of toolbars and games Wink

i hope this review helped you to understand what is Sandboxie.

Thank you for reading.

Umbra Corp.

No comments:

Post a Comment