Windows 8 and 8.1 Forums


Sandboxie - How does it work and be used?

  1. #11


    Posts : 176
    Windows 8.1 update 1


    Quote Originally Posted by oneeyed View Post
    Microsoft since Windows Vista strongly recommends to use what's called a Limited User or Standard User account for regular use of your desktop PC.( Why use a standard user account instead of an administrator account? )

    This a major security feature that follows the Principle of least privilege . Basically, under this account, the user and all the applications he launches are very limited in what they can do. They can't, for example, modify the system settings, the windows registry, other programs settings (like your browser default search engine, or toolbar, etc...). As you can see, this prevents most of what malware do, without even an anti-virus.

    In practice, if you're under a standard user (without administrator privileges) and you click something something suspicious in your browser, Windows will prevent it and give you a warning. You'll be presented with a prompt for your administrator password. At this point if you type the password and allow it, this is on you...

    This kind of security can be very annoying when you set up a fresh new installation of Windows since you get constant prompts for your administrator's password which is why many users don't follow Microsoft recommendations (and probably why you put UAC so low). But after this phase, it is mostly silent and is in practice only seen when installing new software or when you encounter malware.

    UAC is a response by Microsoft to the hassle of using a standard account : you can still use an administrator account (which is the norm under windows and is part of the culture of its customers) but get warnings when something tries to access restricted parts of the system. I still recommend creating a new account as limited user though. Unless you constantly install new software, this is in my opinion the safest course. Opinions may vary on this though.
    More info : UAC and Virtualization - some infos for all | Wilders Security Forums

    Anyway, as you can see a standard user account covers much of what sandboxing applications do : it limits the damage of any untrusted applications. At some point though, when you tell the system that you trust an application, you give them a lot of leeway to do whatever they want. It is very black and white. Untrusted can't do much, Trusted can do almost anything. That's when sandboxing can be nice since it allows you a finer control of what the applications can do. But for most users I don't think this is necessary (and as you'll see below, sandboxing is already implemented internally in some browsers). You should also note that malware can in some instance detect that they are run sandboxed or virtualized and will just stay stealthed and don't do anything, so you can never be sure something is safe by testing it this way.

    Here are my recommendations for a secure PC:

    * Principle of least privilege: use a standard user account for day-to day use.

    * Update regularly. This is very important, automatic updates help with that but can be very annoying when installing at the wrong moments. Windows Update is of course the first to check, but all your other applications and especially Internet facing ones (browser, email, messaging, etc..) are crucial too. This is to prevent Exploits.

    * Use a firewall and block all inbound traffic. The windows firewall does that perfectly by default so make sure it's enabled.

    * Use an anti-virus. I'm fine with Windows Defender but a lot of other choices exist. This isn't the be-all and end-all of your security contrary to what AV developers woud like to make us believe, only one of the layers to protect you.

    * Disable Autorun. IIRC by default in windows 8, autorun is disabled on USB/CD. If it's not, turn it off, you don't want anything to execute without your consent, since USB sticks have become a major mean of malware transmission. More info : How to disable the Autorun functionality in Windows

    * Install and use EMET (Download Enhanced Mitigation Experience Toolkit 5.0 from Official Microsoft Download Center). This is a great tool by Microsoft to prevent most current exploits. Be careful with the options though, and use the recommended settings if you don't know what you're doing. More info : Quickly Secure Your Computer With Microsoft?s Enhanced Mitigation Experience Toolkit (EMET)

    * Be careful with what you authorize to run on your PC. Use google to check that anything new you install is safe. Check the Digital signature of the executables. Use additional virus scanners than your main one, I recommend VirusTotal which simplifies this process.

    * A lot of people will say that you should be careful where you browse on Internet, and it's true... up to a point. Be aware that a lot of malware come from visiting legit and very popular sites, not underground ones. The main culprit are ads which are hosted outside the official sites and can lead to malicious programs or sites. This is why the choice of your browser, no matter if you have safe browsing habits or not, should at least partly be based on how secure it is it is.
    Chrome (Sandbox FAQ - The Chromium Projects) and IE (Enhanced Protected Mode - IEBlog - Site Home - MSDN Blogs) implement internal sandboxing, and at least with Chrome it is in theory safer than Sandboxie against exploits and Drive-by downloads. Firefox lacks this (although Mozilla is working on it : https://wiki.mozilla.org/Electrolysis), but some of its extensions are very good for security like AbBlock and NoScript.

    * Disable/Uninstall what you don't use. This is to lower your attack surface. The more applications/plugins/services/protocols/etc... you have running, the more vulnerable you are. In theory, you should disable everything you don't need. In practice, I recommend disabling/uninstalling Java. Flash is another big offender and if you can I think you should disable it too. At least you should enable the Click To Play Plugins feature in your browser which allows to you selectively run plugins when you want, not all the time.

    * Finally : Backup. Backup. Backup. Check for disk-imaging/cloning solutions, free ones exist and speed up the process of restoring your system. Don't rely on anti-virus for clearing your PC when infected but restore to a clean state from your backups.
    Thanks for such a detailed reply.
    I am so busy with work at the moment I have not got round to making a 'standard user account' - this will be my first priority.

    I have never heard of EMET and think it will be a good idea to install it.

    I watched a video on Youtube about EMET, but this was for Windows 7 64bit.

    Microsoft EMET setup explained for the Home User - YouTube

    I have Sumatra pdf reader (as mentioned in the video), so I will have to add that to the list of prgrams to be protected.
    I'm just wondering what other programs I need to protect?

    One question about EMET: If I want to uninstall it, will there be problems - will it cause problems with any programs for instance, or with my computer?
    It most probably won't, but you never know.

    There are so many things to think about and how these changes will affect the way I use my computer.

      My System SpecsSystem Spec

  2. #12


    Posts : 328
    Windows 8.1 (x64)


    EMET is very lightweight, and you can install/uninstall it without any problems.

    Any application can be added to EMET but some need tinkering with what features you select.
    The apps you want the most to protect with EMET are all your Internet facing programs, specifically your browser(s), mail reader, etc.. But you can also add multimedia players, office apps (word, excel, ..).
      My System SpecsSystem Spec

  3. #13


    Hafnarfjörður IS
    Posts : 4,376
    Linux Centos 7, W8.1, W7, W2K3 Server W10


    Hi there

    A Virtual machine is far better IMO. That is far better protection --also if the Virtual machine gets infected just fire up a new one.

    I always HATE with a passion anything that says "Go Pro".

    XP machines can still run quite nicely with FREE Virtualisation software - HYPER-V, VBOX or VMWARE.

    This whole "Go Pro" stuff when it used to be free just gets my goat.

    Decent VM's are isolated from the host so not any chance of the HOST getting infected. Just clone some VM's and then you can tinker around to your hearts content. Modern machines can run VM's almost as fast as the Native Host.

    Cheers
    jimbo
      My System SpecsSystem Spec

  4. #14


    Posts : 176
    Windows 8.1 update 1


    Quote Originally Posted by jimbo45 View Post
    Hi there

    A Virtual machine is far better IMO. That is far better protection --also if the Virtual machine gets infected just fire up a new one.

    I always HATE with a passion anything that says "Go Pro".

    XP machines can still run quite nicely with FREE Virtualisation software - HYPER-V, VBOX or VMWARE.

    This whole "Go Pro" stuff when it used to be free just gets my goat.

    Decent VM's are isolated from the host so not any chance of the HOST getting infected. Just clone some VM's and then you can tinker around to your hearts content. Modern machines can run VM's almost as fast as the Native Host.

    Cheers
    jimbo
    Any changes that are made in the 'virtual machine' won't be saved will they?
    So if I installed a new program it will be deleted when I close the 'virtual machine'?
      My System SpecsSystem Spec

  5. #15


    Posts : 2,130
    Windows 8.0 x64


    Any changes that are made in the 'virtual machine' won't be saved will they?
    So if I installed a new program it will be deleted when I close the 'virtual machine'?

    The VM saves when you shut down the same as Windows. If you delete the VM then all is gone. The point being a file inside the VM virtual disc can't be accessed while the VM is not running for all intents and purposes. If you surf in a VM and get a virus you can just delete the VM. Also for VMs like VMWare Player you can copy the Virtual Machines folder as a backup. If a VM gets infected. delete it and copy the old one back from the Virtual Machines folder backup.

    Edit: That type of backup is quick and dirty and OK if you have another drive with plenty of space. To get some compression you can back up using an imaging program such as Macrium Reflect.
      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12
Sandboxie - How does it work and be used?
Related Threads
Solved Will this work in Graphic Cards
At the moment I have a corsair520HX power supply running 2 external & 4 internal HD, with a Gigabyte GTX560, but would like to use a GTX760, would this power supply be fine, as the 760 only uses 20w more than my current card. I have seen plenty of reviews that say it needs a minimum of a 500w...
I have checked everywhere online, and I haven't found a single explanation for this. I have 3 user accounts. 1. Administrator 2. initial user 3. new user So the initial user is the one you are forced to create when first setting up Windows 8.1. It's a local user meaning that I set it up...
Solved Will this work on my PC? in Drivers & Hardware
Will this Graphics Card and RAM work on my PC? HIS AMD/ATI Radeon HD 6670 GPU 1 GB DDR3 Corsair DDR3 4 GB (1 x 4 GB) PC RAM Please Reply Fast..
Since Malwarebytes blocked sites in sandboxie, does that mean Sandboxie isn't working correctly? Might be stupid question but it has me curious
Alright guys, Windows update has been really messing with my pc lately. I ran update and when it installed the updates my integrated mouse ended up not working. I rolled back update and installed the updates one by one and the one I ended up not installing was the camera codec pack. Now the problem...
Alright guys, I have just refreshed my pc because I was having numerous problems with it and it turned out to be a bad stick of RAM. However, now I am having software issues. Whenever I try to make a call on the desktop version of skype, the program crashes. Whenever I try to open HP support...
Sandboxie in Browsers & Mail
Hello I have been watching tutorials about this product and am confused. It seems that all content is sandboxed or not including email. While emailing, and in virtual mode, how do you actually send the email if you are in this environment? Thank you
Eight Forums Android App Eight Forums IOS App Follow us on Facebook