Sandboxie - free the explorer in you

We IT guys are a little bit like little children who need to take their toys apart to understand how they work.

We need to test software, mess with it, play it around and then move to another program and do the same, again and again.

Learning by doing is the only way to us.

But the same concept applies to everybody.

How many times have you installed a program and afterwards you found out it doesn't do what it promised or, yet worse, it's nothing but malware?

Sadly installing and uninstalling numerous programs is bad for any computer, regardless of the operating system, but it's particularly inadvisable for a Windows PC, because of the messy way Windows handles files (for more details about this topic, view my previous post How to maintain and speed up your computer - an out of the box guide (computer surge blues), part 2).

What if I told you that there's a way to test programs and applications in a secure area without actually installing them to your physical system?

Today I want to talk you about a handy program called Sandboxie that allows you to play with programs the same way you did with your toys.

Basic concepts

Sandboxie is based on an IT security concept called sandbox. In layman's terms, a sandbox implementation allows to run a program in a separate environment so that it doesn't impact your physical operating system.

Sandboxie sets up a virtual Windows system within the actual operating system, which runs alongside but independently of it and it comes in handy to test applications, but you can also use it for a safer browsing experience.

In fact, today's malware can infect a system not only through user interaction (such as opening an email attachment or installing a program) but also by simply browsing the Internet. Malicious websites (and sometimes legit websites as well, if they get taken over by hackers) can run harmful scripts and ActiveX that can compromise your computer without the need for you to install anything. If this happens while using a "sandboxed" browser, you can simply delete all the files in your sandbox (i.e. the secure area configured by the program) and you're good to go.

Your system will remain untouched as if nothing had occurred, because nothing actually happened to the physical OS. You have simply "simulated" to browse the Internet.

Program features

The installation is pretty straightforward. After completing it, there'll be a new rhombus-shaped icon in the taskbar, called Sandboxie Control, allowing you to handle all the program options.

Sandboxie is a shareware program, but it can be used after the trial expiration date with no need for the user to purchase a license (you only have to wait for 30 seconds before being allowed to open the program). The free version works pretty good for most needs and I've used it for years with my full satisfaction, but certain functionalities are fully available only in the premium version.

The current version now also supports  64-bit applications and has fixed several bugs.

How to run a program in sandboxed mode

You can do it in two different ways:

• First method: Right-click the icon of the program you want launched and select Run Sandboxed (fig. 1). At this point you'll be shown the familiar User Access Control (UAC) window prompting you for the installation of the requested program under Sandboxie; you want to click Yes to allow the installation (fig. 2). In the next window, click OK to launch the setup (fig. 3). If you flag Run as UAC Administrator, you can run the program with administrative privileges (it's the same as right-clicking the program icon of a program physically installed on the system and selecting Run As Administrator). Now you'll perform the actual "sandboxed" installation (fig. 4).

Fig. 1 (Click to enlarge)

Fig. 2

Fig. 3

Fig. 4

Every time you run an application, open a file or install a program through Sandboxie, the corresponding Windows Explorer window will display the name of the file, application or program as enclosed within two square brackets containing the pound symbol and will be surrounded by a colored border. In the above example you can see that the Explorer window displays [#] Sophos Anti-Rootkit 1.5.23 [#], meaning that I'm installing Sophos Anti-Rookit version 1.5.23 in sandboxed mode. You can also run the web browser in protected mode, by clicking the Run Browser Sandboxed shortcut on Windows desktop or selecting Run Web Browser from Sandboxie Control.

• Second method: right-click Sandboxie Control and select Run Any Program (fig. 2). At this point you can browse your computer to find the program you want to run (Fig. 5) or you can select Run Windows Explorer to access the file from Windows Explorer in sandboxed mode. Either way, you can open a file, install or run a program following the same steps described before.        

Fig. 5

How to save your work and customize the program settings

The whole logic of Sandboxie is to keep an application completely isolated from the host operating system. Everything you do within the sandbox remains there and doesn't affect the host OS.

This can not be very practical in certain situations, though, and the program settings allow to customize this behavior and bypass the sandbox.

These customizations must be used very carefully to avoid compromising your security, instead of enforcing it. 

Two very important features are Quick Recovery and Immediate Recovery.

Quick Recovery can be activated manually by clicking its button, or automatically when you close a sandbox. You'll be prompted to recover the contents of specific folders (My Documents, Favorites and Desktop, but you can add other ones), if you have saved some files to them while running Sandboxie (fig. 6).

Fig. 6

Fig. 7

Immediate Recovery monitors select folders and file extensions and suggests to move them out of the sandbox as soon as they get saved in a program being run sandboxed (fig. 7). This is a very handy functionality but can be very insecure (for the reasons explained above) and can be disabled by the user.

While you're using the sandbox the program icon will change, displaying red dots inside the yellow rhombus to mean data is being transferred (fig. 8).

Fig. 8

To terminate a sandbox you can simply close the program. You can also delete all the contents of a sandbox by choosing this option from the Sandboxie Control icon in the taskbar or from the main window of the program (the icon will change back to a plain yellow rhombus, without red dots).

 

 

 

 

Wrap-up

Sandboxie is an excellent solution to safely test applications and I warmly recommend it to improve the security level of Windows-based systems.

If correctly implemented, it prevents common infections sources, such as opening email attachments or executable files, and significantly increases security for Internet connections.

It's very reliable, and in fact I use it inside my Windows VM (so I use a virtualization app alongside another virtualization tool) and it still runs smoothly.

The only caveat is, in my opinion, the excessive customization possibilities for an average user, which can essentially undermine the security level you want to ensure.

In a corporate environment, these options should be disabled for standard users and reserved to the system administrator group.