Sandboxie: Keeping Malware Off Your PC

Malware can infect your PC from anywhere on the Web, but the free Sandboxie application effectively blocks it.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 2)

There is no safe neighborhood anywhere on the Internet. Even honest reputable sites, such as The New York Times, can inadvertently serve up malware. If you don't keep all the software on your computer patched with the latest bug fixes, you are constantly at risk – malware exploits known bugs to install itself.

Now that Windows does a reasonably good job of self-updating, the bad guys have taken to attacking other software, such as the Adobe Acrobat Reader and the Flash player plug-in, which don't automatically install patches as well as Windows does. And, up to date antivirus software only provides limited protection.

The bottom line: just viewing a web page can infect a Windows computer.

Enter Sandboxie, an excellent program that builds a virtual sandbox around your web browser, making it impossible for your computer to accidentally get infected.

When you run a program in a sandbox, you are really running Sandboxie and it, in turn, is running the program in a walled-off virtual box. Originally developed for Internet Explorer, Sandboxie can now put a sandbox around any Windows program.

Programs running a sandbox can, by default, see everything on the computer. What they can't do is make any permanent changes.

When sandboxed programs try to read files, Sandboxie does not interfere. However, when they try to create new files, Sandboxie intercepts the requests and creates the files in another location. The running program is oblivious to this re-direction. It thinks it's talking to Windows, but it really is talking to Sandoxie. The movie The Truman Show offers a pretty good analogy.

If anything malicious gets accidentally installed on your computer while browsing with a sandboxed browser, it lives only in the sandbox. Specifically, the malware may think it got installed into C:Program Files, but it actually lives in
C:SandboxyouruseridDefaultBoxdriveCProgram Files.

Empty the sandbox and the malicious software is gone.

This is shown visually on the home page of sandboxie.com. The initial state of a computer is shown below:

Internet explorer 8 fixes, IE8 fixes

The top checkerboard pattern illustrates a hard disk with no sandbox. In the bottom one, the virtual sandbox is shown as a yellow box.

When a program runs, the changes it makes to the file system and the hard disk are shown as red boxes. In the image below we see that normally the red boxes/changes are scattered all over.

After an application makes changes

However, Sandboxie forces all changes made by a sandboxed program to live inside the sandbox. If any of the changes are not wanted, just empty the sandbox.

If this sounds like virtualizaiton, it is. But it's small, lightweight virtualization, whereas full blown virtualization products are large and cumbersome. Also, the changes Sandboxie makes to your computer are minimal compared to full-fledged desktop virtualization software like that offered by VMware.

Has a problem occurred to you? Most likely, there is a simple solution. Sanboxie is nothing if not a well thought out program.

If you don't want malware on your computer, even if it's sandboxed, you can configure a sandbox so that all changes made by any program are discarded as soon as the last program in the sandbox shuts down. You can see this below:

Internet explorer 8 fixes, IE8 fixes

There are two sandboxes on this computer, the default one and another called ThrowMeAway (I chose the name). As the name implies, all changes made in this sandbox are always discarded. If you really want a private browsing mode, this beats them all.

Next Page: Blocking email attachment malware

Page 1 of 2

1 2
Next Page

Tags: Windows, virtualization, Internet Explorer, malware, desktop virtualization

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.