The purpose of this article is to explain concepts of sandbox so the end users can apply these concepts through various applications that are available on the market and make their computer and Internet experience more secure.
What is a sandbox? How can I use sandbox to protect my computer and browser? How can I protect my privacy with sandbox? I’ll answer these questions and give you the real time scenario how I infected my computer, so you can see how sandbox protected my browser and computer.
Sandbox represents a virtual environment where an application runs in the ordinary way, but changes that this application made doesn’t affect your operating system. Sandbox applications see the real operating system with the real hardware you own, so they are different from applications like VMWare Workstation or Microsoft VirtualPC, where operating system and hardware are virtualized. If you are a developer, you can apply sandbox to safely test the behavior of your potentially unstable application with no worry about the impact to your system or will it crash your system.
You can apply this concept of sandboxing in two major ways:
1) Per-file sandboxing – this approach makes virtual copies only of those files created and changed by sandbox applications. Sandboxie, BufferZone, GesWall and other use this approach. How this stuff works I’ll explain using Sandboxie application.
2) Freeze sandboxing – I improvised this name a bit to refer to those applications that base its logic on freezing the current state and cache all changes on the operating system. Changes can be applied or discarded within sandbox application. How this stuff works I’ll explain using Toolwiz Time Freeze application.
* Download: http://www.sandboxie.com/
* Size: 2.60 MB
Sandboxie runs applications in an isolated space called sandbox. Applications, put in sandbox, run in a regular way, with no performance loss. Changes that these sandboxed applications make are not permanently applied to the operating system; changes are controlled in an isolated space.
The most important component of Sandboxie is the low level driver responsible for creating this isolated space and application execution within isolated space. It’s recommended to temporarily turn off your security software before you install this software because the installation of the low level driver might fail. Run downloaded setup file to install Sandboxie; the window below will appear:
You can configure Sandboxie through the component called Sandboxie Control (Start – All Programs – Sandboxie – Sandboxie Control). Note a yellow icon in the Notification area when you run Sandboxie Control; you can set Sandboxie’s most common options, by clicking it with the right mouse button.
After you install Sandboxie, you can start using it with default area and default options – Sandbox DefaultBox. You can also create your own box with custom parameters.
OK, I want to start Firefox (or other application) in the default sandbox, how do I do that? Run Sandboxie and drag shortcut of that application on Sandboxie’s window. Indicator that an application is running in the sandbox is yellow window border of that application. You can see that border in the following screenshot:
Icon in the Notification area is quite handy, you can run any application from there, explore its content and much more:
Let’s see how this stuff really works using two experiments.
Open Internet Explorer in the default sandbox, click on Tools and select Manage Add-Ons.
- Disable all extensions in Toolbars and Extensions
- Remove all Search Providers except Bing
- Remove all Accelerators and add one new: Youtube
Now, exit Internet Explorer and run it again, in normal mode – you can see that Internet Explorer remains unchanged:
- all extensions are enabled
- all providers are present, like at the first place
- all accelerators are present, except Youtube.
Then I opened Mozilla Firefox in the default sandbox and simulated an infection with the sample of malicious extension for Mozilla Firefox. It’s called Youtube extension, so you can’t tell by its name whether it’s malicious or not. Average user probably assumes that this is a legitimate Youtube extension:
Restart Firefox to complete installation.
The picture below shows that installation completed successfully (you can also see one other legitimate extension I installed). If I had signed in to Facebook, I would have infected my friends by sending links to see my alleged pictures or writing on their wall, etc.
Malicious extensions can be bot-alike, they can “chat” instead of you “How, how are you“, greeting your friends and sending them malicious links to see you drunk or other stuff. If your friend opens that link he will infect himself, and his computer will open various Ads, or continue infecting your computer further – by disabling your antivirus software, redirecting you to fake Facebook page, stealing your login data and preventing true Facebook page to load.
How to get rid of this menace? Simple, you just need to close Firefox and run it again in normal mode, and voila – the malicious extension is gone:
OK, this experiment shows you how to protect yourself with sandbox. Sandbox can be used also to protect your privacy because all cookies, stored passwords, etc. will be deleted when you exit your browser, or any other program.
And the last thing that’s left to cover with this article is access to content in the sandbox. Let’s assume you run your favorite Web browser in sandbox and you download a file that you want to get out of sandbox. Note that:
- all created and modified files are stored in isolated space (sandbox),
- all files in sandbox aren’t visible outside this isolated area,
- access to the files in the sandbox is allowed just via Sandboxie (its low level driver, to be precise).
Download something. I downloaded security software – Ad Aware:
When the download finishes, the Automatic recovery dialog pops up. That’s the easiest way to restore a file to a non-sandboxed area (real environment).
You can also browse your isolated content by right clicking Sandboxie icon and choosing Explore Contents:
Finally, you have Quick Recovery option for an easy restoration:
Applications with the same purpose as Sandboxie are, e.g. BufferZone and GesWall.
Toolwiz Time Freeze
Size: 2.92 MB
Time Freeze needs a reboot to install its driver and complete the installation (Sandboxie didn’t).
Also, the approach is different, like we mentioned before; when you click on Start TimeFreeze, your computer “freezes” in such sense that application remembers current state of your computer and caches every change made to your computer in an isolated area on the disk.
OK, that’s the only screenshot left of my computer. Other screenshots I made while the system was “frozen” 😛 , so they are destroyed.
The point is, when you freeze the operating system – you can continue to use your computer like before freeze: to install programs, drivers, surf the Internet, or infect your computer 🙂 I run few samples of worms, surf a bit, and installed couple of applications. Low level driver caches all the changes, and the max size of the cache is 4 GB. When you finish your work, click on Stop TimeFreeze; software will ask you do you wish to apply the changes or reject them. I rejected changes, computer restarted and all files, worms, and other were destroyed (so are the screenshots).
– you don’t have to restart your computer to enter in some special freeze mode.
– the process of caching has an impact on system performance
– there is no way of entering the isolated area and acquiring desired files. You can just accept all or reject all changes made to the system.
– you can’t postpone your decision about accepting files (you can’t make a decision after you reboot your computer)
Applications with the similar functionalities: Wondershare Time Freeze, Shadow Defender, Windows SteadyState (discontinued, but I mention it because it had “Persist mode”, that could keep cached data through multiple computer reboots), DeepFreeze (but you can also create thawed area, not affected by deep freeze of the computer).
Returnil System Safe 2011, was a promise, because it included new features like Virus Guard, real time monitoring module, access to cached content, making of permanent changes from frozen state, and even virtual disk (default: Z:), that represents safe storage for important files made in “frozen sessions”. Today it is discontinued.
If you have some questions, leave a comment, or register, sign in, and start a new thread in our Community section.
How to use Sandbox applications
The purpose of this article is to explain concepts of <em>sandbox</em> so the end users can apply these concepts through various applications that are available on the market and make their computer and Internet experience more secure.