Why You Should Learn to Sandbox Your Browser

It’s no question that many of our work that’s being accomplished today is composed in our Internet browsers. There’s also no doubt that so much of our time spent on the Internet is through a browser of some sort. This is necessarily so because the browser can be thought of as the gateway between the Internet and our computers. We use our browsers to check emails, play games, visit websites, update our social status, stream videos, download files and so much more. Think about what would happen right now if you weren’t allowed to use a browser on your computer. Chances are, you wouldn’t get many things done as you normally could. Point is, a browser is very vital to our time spent on the Internet. However, it’s also through this browser that can cause so much headache for so many users. Because of the popularity of browsers, malicious users often use this channel to infect a users computer with malware and the such. Remember, think of your browser as a “gateway” and sometimes, what lurks on the other side of that gateway can be very scary indeed.

As a conduit to your PC, a browser can wreck all types of havoc. Of course, the browser itself is not to blame. It’s the malicious users who take advantage of security exploits that causes the harm. Remember, the more popular a browser is, the bigger the user base. The bigger the user base is, the chances of the malware successfully installing increases. As of now, there are a couple of popular browsers out there and chances are you’re using one or more of them: Microsoft’s Internet Explorer, Google Chrome, Mozilla Firefox, Opera, and Apple Safari. So much time has been spent on securing these products because as I mentioned above, so much of our time is being spent using these browsers. In fact, many of the so called malware and spyware today I see on computers consist of the typcial scareware and fake anti-virus applications. These got installed on the computer because a user was not being careful and visited a website that was infected. A user got “tricked” into thinking their computer was infected, they clicked on something and BAM! They’re infected.

How it Works

Steve Gibson talked about Sandboxie exclusively in episode 172 of the Security Now podcast which you can listen here.

A very efficient and quite brilliant way to protect yourself in these situations is to isolate your browser from your hard drive/operating system. In other words, think of putting your browser application in its own “sandbox” area. You can use the browser like how you normally could but behind the scenes, the browser is isolated to its own internal area. This area is separated from all of your other applications. When bad things tries to install themselves, while it might succeed, a simple reset of the sandbox is all that’s needed and the changes will be wiped away. Your operating system will then never be the wiser. Another way to think of this is picturing how your environment works right now. When you install an application (doesn’t matter what it is), it immediately makes changes such as updating the registry with new entries and installing the actual program codes onto your hard drive. These changes and updates are live, meaning it happens immediately. Once those changes have been applied, they are then made permanent, unless of course you uninstall them. By sandboxing an application, the applications will install and make changes as normal. However, because the “area” they get to work in is isolated from the rest of the system, those changes and updates happen only in their own sandbox area and will not affect the environment outside of it. To remove the application, simply empty out the sandbox area. From your other application and operating system’s perspective, it’s as if that application didn’t exist in the first place.

Sandboxie

You can download Sandboxie from here.

If you haven’t heard about Sandboxie until now, trust me, you’ll want to take the time to learn about it. It’s a beautiful application and it can help save you from a lot of headache when used properly. By viewing the animated picture below, you can easily get an idea of how Sandboxie works:

Sandboxie Animated

Sandboxie Legend

As you can see, Sandboxie doesn’t just help protect your computer from malware being installed via the browser. You can choose to put any application in its own sandbox. However, in many cases, if the application already got installed on your computer, then putting them in a sandbox might not do you a whole lot of good unless of course, it acts as some kind of gateway between the Internet and your computer like a browser. Therefore, Sandboxie is most useful when used to test new and/or untrusted applications. By running the new application in a sandbox, you can be assured that the application won’t do you any real harm should something go bad. Don’t like the application and its behavior? Simply empty the sandbox. If you conclude the application is useful, then simply empty the sandbox and then proceed to reinstall the application without using Sandboxie.

If you think about it for a second, Sandboxie is very similar to virtualization. In a past article, I detailed why you would want to use a virtual machine to test out new software. A virtual machine is awesome because software installed within the machine was isolated from your host operating system. In a way, this is similar to how Sandboxie works. With a virtual machine you could simply revert to a previous snapshot to undo the changes. With Sandboxie, you empty the sandbox. The advantage to using Sandboxie is that a user do not need to install a full blown operating system on top of their existing one. It can get confusing and without discipline, a user will simply just forget about using the virtual machine altogether because it can be a hassle to start it up each and every time. With Sandboxie, all it takes is just a couple of clicks.

Using Sandboxie

Getting used to how Sandboxie works in the beginning might trouble some users. Also, please remember that due to the sandbox, some of your applications might not work as expected and they might need some workaround.

You should have a pretty good understanding of how Sandboxie works by now. Even if you do, I would still advise you to go over the FAQ pages and topics of Sandboxie. Sandboxie installs itself like any other application. Once installed, you have a icon labeled “Sandboxed Web Browser”. If you open this app, your default web browser will launch in sandbox mode. The beauty with Sandboxie is that for the most part, it is platform independent. It doesn’t matter which default browser is set. How can you tell when an application is sandboxed? For one, the applications name in the title bar will be surrounded by the [#] symbol (also reflected within Task Manager). Second, if you try moving the application window around, you’ll see the entire window surrounded by a bright yellow border.

App NameBorder

To open any application in a sandbox using Sandboxie, simply right-click on the application icon and choose “Run Sandboxed”. That’s all there is to it. With that being done, the application will then be running in its own sandbox and should any harm come your way via that application, simply empty the sandbox area, which I’ll talk about a little later. With a sandboxed web browser, you’re probably now wondering just how the heck is it going to work when I want to download things? By default, Sandboxie includes several locations on your hard drive that should you download things to it, it will automatically allow you to “recover” those items to your actual computer. For example, if you tried to download a picture and the default location for saved files within your browser is to the Downloads folder, then Sandboxie will prompt you if you want to recover those files (the picture) to the same location on the hard drive. If you do so, you’ll then see the downloaded picture inside the Downloads folder. If you don’t choose to recover the file, then the picture will be placed within the Sandboxed content area and you’ll have to manually recover it later on.

Recovery

While using Sandboxie with a web browser or any other application, you have to keep in mind that any changes you make to the browser itself (such as installing a add-on or modifying a configuration setting) will not be reflected when you run the application in normal mode afterwards. Remember, the application is sandboxed and any changes will not be saved outside of it. The reverse is also true. For example, lets say you open Firefox in Sandboxie. You play around a bit and close it. Next you open up Firefox again but this time, you don’t run it in a sandbox. Next, you proceed to install a add-on and everything works wonderfully. You close Firefox and reopen it again in a sandbox. You then find the add-on missing from the browser. This is not a mistake and its how Sandboxie works. To use the add-on in sandboxed mode, you’ll have to first empty the sandbox area. Only then when you reopen the browser with Sandboxie will the add-on appear.

Sandboxie Control Area

Sandboxie is a freeware. However, there is a paid version that allows you to use more than one sandbox. As it is in the free version, you are allowed to only create multiple sandboxes with different configurations. However, you won’t be able to use more than one at a time so it’s pretty much pointless creating them if you’re not going for the paid route. You can open the control area by double-clicking on the Sandboxie system tray icon (looks like a yellow pizza with pepperoni). Here is where you can explore your sandbox as well as emptying it. As I’m using the free version, I’ll only have the Default Sandbox to play with it.

Sandboxie Control

Here, you can see that I have Firefox in sandboxed mode. I won’t go over every single detail here but only the one’s I feel are the most important and that is exploring your content and deleting your sandbox for a fresh start. Also, I want to mention that I’ve installed a simple application called Notepad++ under a sandbox as I want to show an example of how Sandboxie works. When you take a look at my installed applications in Control Panel, you can see no such item listed for Notepad++.

Missing Application

First, let’s explore our sandboxed contents within our default sandbox. Head over to the Sandbox menu, highlight the default sandbox, and select the Explore Contents menu option. As soon as you do, you’ll see a message box pop up with a warning. Basically, it’s telling us that the Explorer window that is about to open showing the sandbox contents will not be protected within a sandbox. However, Sandboxie is kind enough to help us here by opening whatever file you open in a protected sandbox.

Explore ContentsWarning

Once you OK the dialog box, an Explorer window will then appear. Here, you can freely explore the contents of your default sandbox. As you traverse the folder structure, you can tell that it looks very similar to the folder structure within your actual Windows. For example, you have the AppData folder and such. As I mentioned earlier, Sandboxie is similar to virtualization. In fact, I’m sure virtualization itself plays a big part in Sandboxie. What it does is creates a similar environment for the programs to operate in. By virtualizing these folder locations, the application will not be any wiser that it’s actually installing inside a sandbox area. Microsoft also employs virtualization techniques when it comes to the User Account Control feature within Windows. In the second picture, you can see my Firefox profile folder within the sandbox. It looks pretty the same as if I browsed for the profile on my hard drive natively. By exploring your contents this way, you can freely recover any files that you deem necessary. Remember, if a program natively tries to save a file to a pre-determined area in Sandboxie, it will instantly allow you to recover it from the popup dialog box and you won’t have to actually explore the contents as I’m doing here.

Folder Virtualization 1Folder Virtualization 2

Going back to my Notepad++ example, in the first of two pictures below, I browsed to the virtualized location Sandboxie installed the application. Remember, the Notepad++ application for all intents and purposes is not actually installed onto my Windows 7 machine. That is why you didn’t see it when I went into the control panel’s Program and Features applet. In the second picture, you can see Notepad++ running in a sandbox. If Notepad++ was a malicious application (trust me, its not!), then no harm will be done on my computer because it is running in the default sandbox.

Notepad LocationNotepad Opened

To delete the contents of a sandbox, simply head over to the Sandbox menu, highlight Default Sandbox and select the Delete Contents menu option. Once you do this, your sandbox will be emptied and you will no longer be able to recover files.

Delete Contents

In the same menu, if you select Sandbox Settings, you’ll be able to configure the behavior of your default sandbox. There are a lot of things you can control here. For example, you can configure the default recovery folders, restrict Internet access per program and a slew of other configuration settings. For the most part, you never really have to configure anything unless you really know what you are doing or you must configure Sandboxie a certain way in order to make certain applications work under sandboxed mode.

Sandboxie Settings

Misc. Information

Here are some important information before concluding this article on Sandboxie:

  • You must have a somewhat good understanding of how Sandboxie works. This is so that you are not lured into a false sense of security. In essence you should be aware of what Sandboxie can do to protect you along with what it cannot do.
  • Sandboxie cannot rewind time even if you delete its contents! In other words, if you open up Firefox under Sandboxie and sent an email you somehow wished you hadn’t, deleting the sandbox contents will not help! This might be obvious to some but you never know. For example, I wrote this entire article in a sandboxed Firefox browser. Once I publish this article, its as good as done and there is nothing Sandboxie can do to prevent that.
  • You may have a hard time getting certain applications to work correctly under Sandboxie. For example, your desktop email application is one of them. If this is the case, then my usual recommendation of searching online for an answer still applies. If your application is popular enough, there is a higher chance that someone out there also tried to get it to work under Sandboxie and came up with a solution.
  • Sandboxie does not replace education. If you download a dangerous piece of malware within a sandboxed browser and actually recover it and install it without running that application in a sandbox, you’re screwed.

In the end, I find Sandboxie a highly valuable addition to any personal computer system. If you have users in your household who just can’t seem to stay safe while browsing the Internet, teaching them to use Sandboxie can be a great help. If my sister can learn how to use Sandboxie and she’s a complete computer illiterate, then I’m sure so can other people as well! I’ve also recently introduced the awesome StumbleUpon feature to many users who didn’t exactly know how to explore the vast content floating out there on the Internet. Because they will be visiting all sorts of random sites with StumbleUpon, it’s imperative they have some sort of protection besides just their regular anti-virus software. With Sandboxie, you bring the complete security package to any browser as its not platform dependent. The other big advantage is that you can only choose to use Sandboxie when you want to. Its also a great solution to test out unknown software if you’re not willing to install a full blown virtual machine or have a spare computer to play with.

Sandboxie has been around for some time already and so I’m obviously late to the party in writing about it. Hopefully you’ve learned something here and to help spread the word about it as well!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Poll

For Windows 8 users on desktops and laptops, how often do you actually use "apps" downloaded through the Microsoft Store?

View Results

Loading ... Loading ...

Comments

  1. Its still a good tool to use to protect your system from other threats i will be testing it today.

  2. Shane Rutter says:

    I’m going to give this a shot over the weekend I can see the advantages to this and want to compare a sandbox and non sandbox version.

    I have just recently finished fixing a clients website which was infected with a wordpress virus, it installed a fake virus scanner on windows based operating systems (that is if your virus scanner doesn’t pick it up).

    This would have come in handy allowing me to test using my main pc instead of testing with a test virtual machine.

    • I’m sure you’re going to love Sandboxie. Like I mentioned in the article, I’m starting to really recommend this technology to a lot of folks, even if its just for web browsing. As many users only use their browser when on their computer, it should help a lot.

      I’m not exactly sure how foolproof Sandboxie is though when it comes to testing unknown software though. For the really nasty stuff, I sure would still recommend either using a dedicated virtual machine, dual-boot OS or even a physical test box. But for the normal stuff, I’m sure Sandboxie will get the job done. Hope you have fun with it!

      • The virus i was fixing worked by exsploiting a bug in Java so i would have still had to use a virtualmachine as Sandboxie would have only sandboxed the browser and not Java.

        Its still a good tool to use to protect your system from other threats i will be testing it today.

  3. I have using sandbox for quite some time and even organized a giveaway at my site.
    It is great app, no doubt. For those who need good security on their PC, installing sandbox is must. Most AV are now including this feature in their app too.

    As always, You have given detail explanation in simple words :)

    • Definitely. Before, I only recommended Sandboxie to select users because many people don’t like to try new things on their computers. However, nowadays, I’m starting to recommend it more often because although I don’t mind cleaning computers of malware and whatnot, it gets really depressing.

  4. Thanks for the post, nice read and very handy tool.

Speak Your Mind

*


(humans only, please) *