Windows 8 and 8.1 Forums


Sandboxie - How does it work and be used?

  1. #1


    Posts : 176
    Windows 8.1 update 1

    Sandboxie - How does it work and be used?


    I have just installed this program and am still getting used to it.

    I understand that I can run my browser in the sandbox but if I download a program or create some new tabs in my browser they won't be saved.

    I have also read that you can run 'windows explorer' sandboxed so if you have a crash you can continue because of 'windows explorer' being sandboxed.

    I don't even know what 'windows explorer' is: What I want to know, is if any information that needs to be saved won't be saved because it's in the sandbox.

    This is what I'm trying to get my head round: What is happening when something is in the sandbox.

    What else could I sandbox which would be useful.

    I know that I can play a game sandboxed, or open a file using 'Sandboxie' to view the contents and I will be protected if there is anything bad inside the file.

    How do users of 'Sandboxie' use it, to give me an idea of how it can be used.
    How do you go about installing new programs?

    How can I run everything sandboxed and do everything I used to do on my laptop, but with extra protection.

    Any thoughts will be appreciated.

    Thanks

      My System SpecsSystem Spec

  2. #2


    Posts : 2,130
    Windows 8.0 x64


    I stopped using Sandboxie in version 2.x. I've forgotten most of it. So I recommend the Sandboxie Quick Questions Forum
      My System SpecsSystem Spec

  3. #3


    Canada
    Posts : 1,950
    windows 8.1 Update 1 Pro 64bit
      My System SpecsSystem Spec

  4. #4


    Posts : 176
    Windows 8.1 update 1


    So you don't use any kind of sandbox program?
      My System SpecsSystem Spec

  5. #5


    Posts : 2,130
    Windows 8.0 x64


    Quote Originally Posted by Autobahn View Post
    So you don't use any kind of sandbox program?
    Occasionally I use ToolWiz TimeFreeze. Sandboxie was excellent for 32 bit. But with 64 bit Microsoft prevented the kernel from being patched. That means the 64 bit Sandboxie has to use different techniques than the 32 bit. What you use is highly dependent on how you use the machine etc..

    If you paid for Sandboxie I would participate in the forums there. I did for several years. It's kind of complex to discuss on a single thread here. Especially since I haven't updated past version 2.x.
      My System SpecsSystem Spec

  6. #6


    Posts : 328
    Windows 8.1 (x64)


    Sandboxie is a great program... For Windows XP.
    It was one of my essential programs when I was under XP, specifically for any Internet applications like browsers and emails.

    In Windows 7 and 8 though, you're better off using a Standard User Account instead of Administrator, and putting UAC on High. This is more than enough for most users. If an application tries to modify something it isn't allowed to (any system settings), then you'll get a warning and an UAC prompt.
    If you want more info on the benefits of using a User Account, check this :
    Standard User Account | CyberCoyote.org | HTCC

    For power users, you can put some applications in Low Integrity Level, this is basically what Metro Apps and Internet Explorer in Protected Mode use. This a new built-in way to sandbox applications in Windows since Vista, sadly you have to do it manually if your program isn't already designed to do that. I use ICACLS (Icacls) to do that via command-line and while you need to be a little tech-savy, I find it actually much better than Sandboxie. It restricts the programs much more than usual, they can't write or modify anything that isn't also at Low Integrity (apart from the Download folder nothing should be on a default Windows setup).
    More info :
    https://isc.sans.edu/diary/Limiting+...y+Levels/10531
    What is the Windows Integrity Mechanism?

    The only thing Sandboxie might still be good at under Win 7/8 is when you want to test suspicious programs. In theory if it is malicious, Sandboxie will allow you to restrict anything it does to the system. But honestly, the sandbox mechanisms it provides aren't foolproof (there are various ways to bypass them), and if you really are security conscious you are better off using virtualization (Virtualization - Windows 8 Forums) , which isn't foolproof either but is a step higher in the difficulty to exploit, combined with disk imaging.
    Last edited by oneeyed; 30 Sep 2014 at 09:18.
      My System SpecsSystem Spec

  7. #7


    Posts : 176
    Windows 8.1 update 1


    Quote Originally Posted by oneeyed View Post
    Sandboxie is a great program... For Windows XP.
    It was one of my essential programs when I was under XP, specifically for any Internet applications like browsers and emails.

    In Windows 7 and 8 though, you're better off using a Standard User Account instead of Administrator, and putting UAC on High. This is more than enough for most users. If an application tries to modify something it isn't allowed to (any system settings), then you'll get a warning and an UAC prompt.
    If you want more info on the benefits of using a User Account, check this :
    Standard User Account | CyberCoyote.org | HTCC

    For power users, you can put some applications in Low Integrity Level, this is basically what Metro Apps and Internet Explorer in Protected Mode use. This a new built-in way to sandbox applications in Windows since Vista, sadly you have to do it manually if your program isn't already designed to do that. I use ICACLS (Icacls) to do that via command-line and while you need to be a little tech-savy, I find it actually much better than Sandboxie. It restricts the programs much more than usual, they can't write or modify anything that isn't also at Low Integrity (apart from the Download folder nothing should be on a default Windows setup).
    More info :
    https://isc.sans.edu/diary/Limiting+...y+Levels/10531
    What is the Windows Integrity Mechanism?

    The only thing Sandboxie might still be good at under Win 7/8 is when you want to test suspicious programs. In theory if it is malicious, Sandboxie will allow you to restrict anything it does to the system. But honestly, the sandbox mechanisms it provides aren't foolproof (there are various ways to bypass them), and if you really are security conscious you are better off using virtualization (Virtualization - Windows 8 Forums) , which isn't foolproof either but is a step higher in the difficulty to exploit, combined with disk imaging.
    Thanks for the detailed reply.

    Completely forgot about UAC - how exactly does it protect me? What will happen if I am searching Google on a certain subject and click on a dodgy website by mistake or download a program that includes browser search hijack for instance?

    Mine was set at the absolute minimum - don't know why I set it as low as that!?

    I read the link: 'Cybercoyote' and will have to read it again - too much information and I could not get my head round it all.

    I don't really understand about 'user accounts' and what the difference is between 'standard' and ' administrator'.

    My user account says:
    Local Account
    Administrator

    I can't work out why it is best to create a new 'user account' and why it is best for it to be a 'standard' one?

    I have now set the UAC to 'Always notify' but I am still an 'administrator'.

    Can I leave it like that or is it best to now create a new 'user account'?
      My System SpecsSystem Spec

  8. #8


    Posts : 328
    Windows 8.1 (x64)


    Microsoft since Windows Vista strongly recommends to use what's called a Limited User or Standard User account for regular use of your desktop PC.( Why use a standard user account instead of an administrator account? )

    This a major security feature that follows the Principle of least privilege . Basically, under this account, the user and all the applications he launches are very limited in what they can do. They can't, for example, modify the system settings, the windows registry, other programs settings (like your browser default search engine, or toolbar, etc...). As you can see, this prevents most of what malware do, without even an anti-virus.

    In practice, if you're under a standard user (without administrator privileges) and you click something something suspicious in your browser, Windows will prevent it and give you a warning. You'll be presented with a prompt for your administrator password. At this point if you type the password and allow it, this is on you...

    This kind of security can be very annoying when you set up a fresh new installation of Windows since you get constant prompts for your administrator's password which is why many users don't follow Microsoft recommendations (and probably why you put UAC so low). But after this phase, it is mostly silent and is in practice only seen when installing new software or when you encounter malware.

    UAC is a response by Microsoft to the hassle of using a standard account : you can still use an administrator account (which is the norm under windows and is part of the culture of its customers) but get warnings when something tries to access restricted parts of the system. I still recommend creating a new account as limited user though. Unless you constantly install new software, this is in my opinion the safest course. Opinions may vary on this though.
    More info : UAC and Virtualization - some infos for all | Wilders Security Forums

    Anyway, as you can see a standard user account covers much of what sandboxing applications do : it limits the damage of any untrusted applications. At some point though, when you tell the system that you trust an application, you give them a lot of leeway to do whatever they want. It is very black and white. Untrusted can't do much, Trusted can do almost anything. That's when sandboxing can be nice since it allows you a finer control of what the applications can do. But for most users I don't think this is necessary (and as you'll see below, sandboxing is already implemented internally in some browsers). You should also note that malware can in some instance detect that they are run sandboxed or virtualized and will just stay stealthed and don't do anything, so you can never be sure something is safe by testing it this way.

    Here are my recommendations for a secure PC:

    * Principle of least privilege: use a standard user account for day-to day use.

    * Update regularly. This is very important, automatic updates help with that but can be very annoying when installing at the wrong moments. Windows Update is of course the first to check, but all your other applications and especially Internet facing ones (browser, email, messaging, etc..) are crucial too. This is to prevent Exploits.

    * Use a firewall and block all inbound traffic. The windows firewall does that perfectly by default so make sure it's enabled.

    * Use an anti-virus. I'm fine with Windows Defender but a lot of other choices exist. This isn't the be-all and end-all of your security contrary to what AV developers woud like to make us believe, only one of the layers to protect you.

    * Disable Autorun. IIRC by default in windows 8, autorun is disabled on USB/CD. If it's not, turn it off, you don't want anything to execute without your consent, since USB sticks have become a major mean of malware transmission. More info : How to disable the Autorun functionality in Windows

    * Install and use EMET (Download Enhanced Mitigation Experience Toolkit 5.0 from Official Microsoft Download Center). This is a great tool by Microsoft to prevent most current exploits. Be careful with the options though, and use the recommended settings if you don't know what you're doing. More info : Quickly Secure Your Computer With Microsoft?s Enhanced Mitigation Experience Toolkit (EMET)

    * Be careful with what you authorize to run on your PC. Use google to check that anything new you install is safe. Check the Digital signature of the executables. Use additional virus scanners than your main one, I recommend VirusTotal which simplifies this process.

    * A lot of people will say that you should be careful where you browse on Internet, and it's true... up to a point. Be aware that a lot of malware come from visiting legit and very popular sites, not underground ones. The main culprit are ads which are hosted outside the official sites and can lead to malicious programs or sites. This is why the choice of your browser, no matter if you have safe browsing habits or not, should at least partly be based on how secure it is it is.
    Chrome (Sandbox FAQ - The Chromium Projects) and IE (Enhanced Protected Mode - IEBlog - Site Home - MSDN Blogs) implement internal sandboxing, and at least with Chrome it is in theory safer than Sandboxie against exploits and Drive-by downloads. Firefox lacks this (although Mozilla is working on it : https://wiki.mozilla.org/Electrolysis), but some of its extensions are very good for security like AbBlock and NoScript.

    * Disable/Uninstall what you don't use. This is to lower your attack surface. The more applications/plugins/services/protocols/etc... you have running, the more vulnerable you are. In theory, you should disable everything you don't need. In practice, I recommend disabling/uninstalling Java. Flash is another big offender and if you can I think you should disable it too. At least you should enable the Click To Play Plugins feature in your browser which allows to you selectively run plugins when you want, not all the time.

    * Finally : Backup. Backup. Backup. Check for disk-imaging/cloning solutions, free ones exist and speed up the process of restoring your system. Don't rely on anti-virus for clearing your PC when infected but restore to a clean state from your backups.
    Last edited by oneeyed; 04 Oct 2014 at 16:18.
      My System SpecsSystem Spec

  9. #9


    I prefer Deep Freeze over something like Sandboxie. But, it's a bit of a different application. Deep Freeze is more geared towards you always running your PC in "frozen" mode unless you want to make a change and then you temporarily suspend Deep Freeze to make your changes then refreeze the system again. But, you want to be sure you have a dedicated data drive to save items you don't want deleted at next reboot.
      My System SpecsSystem Spec

  10. #10


    Posts : 2,130
    Windows 8.0 x64


    Quote Originally Posted by orlandotek View Post
    I prefer Deep Freeze over something like Sandboxie. But, it's a bit of a different application. Deep Freeze is more geared towards you always running your PC in "frozen" mode unless you want to make a change and then you temporarily suspend Deep Freeze to make your changes then refreeze the system again. But, you want to be sure you have a dedicated data drive to save items you don't want deleted at next reboot.
    Deep Freeze looks more comprehensive. But for a single user freeware ToolWiz TimeFreeze seems to work well. By default it only shadows the system partition. But that is adjustable. I liked to run it backwards. Have it come up with Windows but disabled. That way I can turn it off and on without a reboot. Undo changes is just leave it running and reboot. I did notice a bit of a performance hit but it's impossible to have redirection of disk writes without some type of penalty.

    Edit: Much simpler to configue than Sandboxie. But SB is for sandboxing applications individually.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
Sandboxie - How does it work and be used?
Related Threads
Solved Will this work in Graphic Cards
At the moment I have a corsair520HX power supply running 2 external & 4 internal HD, with a Gigabyte GTX560, but would like to use a GTX760, would this power supply be fine, as the 760 only uses 20w more than my current card. I have seen plenty of reviews that say it needs a minimum of a 500w...
I have checked everywhere online, and I haven't found a single explanation for this. I have 3 user accounts. 1. Administrator 2. initial user 3. new user So the initial user is the one you are forced to create when first setting up Windows 8.1. It's a local user meaning that I set it up...
Solved Will this work on my PC? in Drivers & Hardware
Will this Graphics Card and RAM work on my PC? HIS AMD/ATI Radeon HD 6670 GPU 1 GB DDR3 Corsair DDR3 4 GB (1 x 4 GB) PC RAM Please Reply Fast..
Since Malwarebytes blocked sites in sandboxie, does that mean Sandboxie isn't working correctly? Might be stupid question but it has me curious
Alright guys, Windows update has been really messing with my pc lately. I ran update and when it installed the updates my integrated mouse ended up not working. I rolled back update and installed the updates one by one and the one I ended up not installing was the camera codec pack. Now the problem...
Alright guys, I have just refreshed my pc because I was having numerous problems with it and it turned out to be a bad stick of RAM. However, now I am having software issues. Whenever I try to make a call on the desktop version of skype, the program crashes. Whenever I try to open HP support...
Sandboxie in Browsers & Mail
Hello I have been watching tutorials about this product and am confused. It seems that all content is sandboxed or not including email. While emailing, and in virtual mode, how do you actually send the email if you are in this environment? Thank you
Eight Forums Android App Eight Forums IOS App Follow us on Facebook