54 replies to this topic 3 votes

[warwagon]

Sandboxie 3.62

Trust No Program!

http://www.sandboxie.com

I just thought I’d write a little review to spread the word about a free, small (250kb) and very useful sandbox utility called “Sandboxie”.

Depending on the person I explain it to, I usually get two completely different responses. When I explain what this program does, (which I’ll get to in a second) I’ve found that people who are tech oriented think the idea of this program is fantastic, while the average user responds with “cool” which pretty much means “whatever”.

How it works

The program lets you sandbox applications or the install of applications, so it does not have contract with the rest of your system. It does this by getting between the application and your computer and making it think its installing to c:\program files when in fact its installing to C:\Documents and Settings\(your username)\Application Data\Sandbox\DefaultBox\drive\C\Program Files, this goes for any directory on your hard drive. It also fakes the registry and it stores the registry entries for the application in a file called RegHive located in C:\Documents and Settings\(your user name)\Application Data\Sandbox\DefaultBox instead of the actual windows registry. An example of this would be to download an application that you are not quite sure about or just want to install without worrying about it damaging your system. You can right click the EXE and then choose “Run Sandboxed” It then proceeds to install the application to the sandboxed location. Because it installs everything in the sanbox its very easy to remove every trace of the application from the hard drive. You simply have to tell Sandboxie to delete the sandbox (function menu / contents of sandbox / delete contents) and the application you just installed is now gone from your computer.

While using sandboxie to install and test applications is nice, where Sandboxie really shines is while browsing the internet. When you sandbox your web browser (Internet Explorer, Firefox, Opera, ect…) it makes a shadow copy of your web browser and all the files it requires and copies them to the sandbox as it does with any sandboxed application, this happens faster than you might expect, you really don’t notice it much at all. The benefits of this are many but I’ll mention a few. One is privacy, you could install this on someone’s computer or use it on your own,and at the end of your browsing session, delete the sandbox and all traces of your activates are gone and I mean ALL traces. The other benefit is virus and spyware protection / prevention. Any file that you download and open from within the sandboxed web browser willalso be contained in the sandbox. If you download a virus it will affect the sandbox and not your computer, so to remove it just delete the sandbox. Same goes for spyware. Now I’m not saying this is fool proof, there has been mention of some spyware which are sandbox aware and can escape the sandbox. Nothing is perfect but this is the closest thing to it.

Tests

I thought I would test it to see just how well this program really works. I started by installing Sandboxie inside a virtual XP install inside virtualbox (just in case it didn’t work), then I proceeded to install Kazaa while sandboxed. During the install it threw a few errors at me but after it installed it ran just fine. After exploring the program files folder located in the sandbox directory, you could see all the crap it installed. You could also see the famous p2p networking running under processes in the task manager. Sense the p2p networking.exe got installed along side kazaa it was also sandboxed. Getting rid of kazaa was so easy it was almost fun. First I Told sandbox to kill all sandboxed processes, this included all the exe’s which were running after the kazaa install. This was done very easily by clicking the function menu and choosing terminates sandboxed processes. Once all the kazaa processes vanished I told it to delete the sandbox and *Poof* no more kazaa.

That was too easy, I mean had a normal computer gotten infected with the wrath of kazaa, it could have been uninstalled and spyware removers could have taken care of the rest, it was nothing that would have required a reformat. So I thought I needed a better test. I needed to find what I call “Pandora’s Box” I’m referring to one of those crack.exe files that are included in warez or program cracks, the kind of file that when you run it, it appears to have done nothing, but if you look at your process list, the CPU is spiked and you see so many random.exe files being loaded onto your system you just want to put your head between your legs and cry. I got a hold of one such file and downloaded it within a sandboxed Firefox and launched it. The only words to describe the activity that file produced is OMG. Because the file was opened with a sandboxed Firefox all the activity I saw on screen was also sandboxed. It took my running processes from 20 to 30. I then told it to Terminate all sandboxed processes, the processes list then dropped from 30 down to 20 instantly, I then told it to delete the sandbox and presto!, an event which had it occurred outside a sandbox would have required without a doubt a clean install of windows and a bleach bath. I preformed a boot time system scan with avast and current definition files. It found 27 infected files and all were located in the system restore directory, I’m not sure if that was from this test or a previous test I did before new about Sandboxie, in either case after an event like that its best to turn off system restore and turn it back on to delete all restore points. I was more than pleased with the results.

Conclusion

As you can tell I really love Sandboxie, I just wanted an opportunity to let otherwise know about this wonderful free little program. They do sell a version that does a few more things for $40/90 which is a life time of free upgrades (which I bought) but the free one does plenty. Included at the bottom is some screenshots of the interface, enjoy!

*Update 11/25/2011

I've been using sandboxie for the past 5 years (even before i wrote this review). Since writing the review Sandboxie now has a 64bit Version which runs great on Vista and Windows 7 64bit operating systems. Every machine in my home that is used to browse the internet has sandboxie installed.

Question - what happens if you get a malware infection?
Answer - If you get a malware infection from the internet, while your browser was being sandboxied, it's easy to remove. You simply tell Sandboxie to terminate all sandboxed processes. Then you tell sandboxie to delete the sandbox. That's it! The infection has been removed from your computer. It's not removed as it would be with a removal tools. With removal tools, while it might be removed you can never be sure you got it all.

Because the infection was sandboxed and contained you can be sure the entire infection was contained in the sandboxie and that you don't have anything left behind. It's as if the infection never happened.

Attached Images

• 
• 
• 

Edited by warwagon, 25 November 2011 - 20:05.

[The_Decryptor]

Yeah, Sandboxie is cool.

It was fun trying to explain to one of the security heads at MS what it was.

[Computer Guru]

I never heard of it before, but it sounds damn useful.
I've been doing my testing (for my own programs, not spyware infested crap) in a Virtual Machine (VMware 6 FTW!), but this looks like it could eliminate tons of overhead!

[null_]

How does this work with Windows Vista? It looks pretty neat.

[warwagon]

iCeFuSiOn, on May 26 2007, 09:44, said:

How does this work with Windows Vista? It looks pretty neat.

it says its compatible

its kind of funny, last night I opened winamp and it said there was a important update I had to do, so I went and downloaded it with firefox. When I got done installing it I had this icon next to my clock that said "get 50 free mp3s"

I was like @(()#()# , but then I realized that because I installed it from firefox it was a sandboxed install. I was like yay! So I told sandboxie to kill all sandboxied processes, and just deleted the sandbox, then reinstalled winamp, and then this time unchecked that box, problem solved!

Edited by warwagon, 26 May 2007 - 15:52.

[soldier1st]

there are similar apps like bufferzone and defensewall but sandboxie sounds alot better.

[haxaco]

question: Lets say i run most of my installed programs through sandboxie (games, photoshop, etc) and i were to reinstall windows, could i save that sandboxie "program files" folder with its registry and just install sandboxie on the new windows install and have all my old programs back with my previous settings?

[IceDogg]

I have heard of this before and thought about trying it a few times, but until now I hadn't seen it explained in a way that made me want to try it so bad. Good explaining! I do however have a question. You said you installed it "inside a virtual XP install inside virtualbox"... I'm wondering would a virtualbox be better and maybe could you point to something or explain what that is a little bit? The differences mostly.

[Kreuger]

I've heard of people using this to bypass internet filters and run programs such as msn in places like school/work to avoid detection but alas it doesnt support Win 98 so it's no good to me

[zeroday]

Looks cool. Would it be safe for me to test dodgy programs inside it? Don't wanna screw my pc up lol.

Also, how do I set it up to work from the context menu, I keep getting an error: "Could not invoke program".

[warwagon]

haxaco, on May 27 2007, 18:19, said:

question: Lets say i run most of my installed programs through sandboxie (games, photoshop, etc) and i were to reinstall windows, could i save that sandboxie "program files" folder with its registry and just install sandboxie on the new windows install and have all my old programs back with my previous settings?

That is a very good question, and i'm not sure, but I will test that out. Sandboxie does have the option to restore files from the sandbox. What that means is that when you are done or if you just feel like restoring a file it will move it from the sandbox location to the original location on the hard drive. It always gives you that option before you delete the sandox.

[haxaco]

warwagon, on May 27 2007, 17:17, said:

That is a very good question, and i'm not sure, but I will test that out. Sandboxie does have the option to restore files from the sandbox. What that means is that when you are done or if you just feel like restoring a file it will move it from the sandbox location to the original location on the hard drive. It always gives you that option before you delete the sandox.

Yea if its possible, im in. Im a pretty safe guy about what programs i install on my pc but if what i asked is possible on sandboxie, hell that would open a world of possibilites xD

[IceDogg]

IceDogg, on May 27 2007, 14:56, said:

I have heard of this before and thought about trying it a few times, but until now I hadn't seen it explained in a way that made me want to try it so bad. Good explaining! I do however have a question. You said you installed it "inside a virtual XP install inside virtualbox"... I'm wondering would a virtualbox be better and maybe could you point to something or explain what that is a little bit? The differences mostly.

Never mind, I got it on my own.. thanks tho. Sandboxie is nice.

[warwagon]

hasn't happened yet, but if in some point in time he gets sandboxie working off a USB stick, then any app installed sandboxed on the stick automatically gets turned into a portable app.

There is a guy working a script to make this happen, its on the sandboxie forum.

[Audioboxer]

I'm running my iBook just now but I can't wait to try this on the home pc when im back from vacation!

Couple of questions though...

Does Sandboxie run programs at full speed? Meaning they load/run as quickly as they would without it? I wouldn't see why not but its worth asking.

Whats memory usage like and do you have to have a Sanboxie "process" running with windows at all times?

Thanks, can't think of anymore questions just now!