Sunday, December 30, 2007

SANDBOXIE FREQUENTLY ASKED QUESTIONS




Frequently Asked Questions

 

What is Sandboxie and howis it different than other solutions?

Thinkof your PC as a piece of paper. Every program you run writes on the paper. Whenyou run your browser, it writes on the paper about every site you visited. Andany malware you come across will usually try to write itself into the paper.

Traditionalprivacy and anti-malware software try to locate and erase any writings theythink you wouldn't want on the paper. Most of the times they get it right. Butfirst the makers of these solutions must teach the solution what to look for onthe paper, and also how to erase it safely.

Onthe other hand, the Sandboxie sandbox works like a transparency layer placedover the paper. Programs write on the transparency layer and to them it lookslike the real paper. When you delete the sandbox, it's like removing thetransparency layer, the unchanged, real paper is revealed.

___________________________________________________________________

 

Howsafe would I be, by using Sandboxie?

Youwould be quite safe using Sandboxie. It should be noted that, from time totime, people are able to find some vulnerability in Sandboxie, an open holethrough which malicious software can still infiltrate the system.

Thishappens once every few months, on average, and is quickly resolved by closingthe hole that is the attack vector.

Thusit's a good idea to have more traditional anti-malware software. This is is thesubject of the following question.

________________________________________________________________________

 

DoI need other solutions if I use Sandboxie?

Sandboxiemay be your first line of defense, but it should certainly be complemented bythe more traditional anti-virus and anti-malware solutions. These solutions canlet you know if your system does become infected in any way.

Typically,those other solutions employ various forms of pattern matching to discovermalicious software and other threats. Sandboxie, on the other hand, quitesimply does not trust any software code enough to let it out of the sandbox.

Thecombination of the two approaches should keep malicious software -- which isserving the interest of other unknown parties -- out of your computer.

 

What kinds of programs can Irun using Sandboxie?

You should beable to run most applications sandboxed.

In all caseson this list, your client-side program is exposed to remote software code,which could use the program as a channel to infiltrate your system. By runningthe program sandboxed, you greatly increase the control you have over thatchannel.

 

What are the requirements to runSandboxie?

Sandboxieworks on Windows 2000, Windows XP, Windows Vistaand Windows Server 2003. There is some support for 64-bit versions of Windows:see the downloadpage.

Sandboxiedoes not work on Windows 95, 98 or ME, or on Mac operating systems. There areno plans to support these environments.

There are noparticular hardware requirements. Sandboxie needs only a small amount of memoryand should have a very small impact on performance.

 

Which features are unlocked in theregistered version?

In theregistered version, Sandboxie can be configured to issue a warning SBOX1118 whenever aparticular program is launched outside the sandbox.

You can alsoconfigure Sandboxie to automatically sandbox particular programs, even whenthey are not launched explictly through Sandboxie.

Since version2.47, registered users can run sandboxed programs in any number of sandboxes atthe same time, while non-registered users can run sandboxed programs in onlyone sandbox at a time.

 

 

I own multiple computers, can Iregister just one copy?

Yes. You mayuse the Sandboxie software on any number of computers that you, as anindividual, own. This does not apply to commercial use. Please see the EndUserLicenseAgreementfor more information.

 

 

Can I use Sandboxie in a commercialenvironment?

You may notuse Sandboxie commercially as-is, but a commercial organization mayevaluate Sandboxie. Please contact the author to discuss specific licensingterms. The following terms are non-negotiable.

 

As a computer vendor, can Idistribute Sandboxie?

The EndUserLicenseAgreementstates:

 This Agreement specificallyFORBIDS You from making copies of the

 Software for purposes ofdistributing the Software into computers

 or  electronic media  that are not  owned by You.  A license for

 the Software may not beshared.

An exceptionto this is hereby made for owners of computer stores who sell computers, andwish to bundle Sandboxie in their new computer offering. This is permitted,provided that two conditions are met:

  • 1. The customer is made aware of, and accepts, the Sandboxie EndUserLicenseAgreement.
  • 2. One of the following is met:
    • 2.1. An un-registered copy of Sandboxie is installed on the new computer;
    • 2.2. The particular copy to be installed is registered for the sole use of the customer who is the recipient of the new computer.

 

 

I paid for Sandboxie, why haven't Ireceived my registration key yet?

Registrationkeys are not sent by email. Visit this pageto receive your registration key. Your key should be available for you one hourafter payment has been made.

If youbelieve your key should be available for you, and it is not, please contact meby email. See the Contact Author link at the very bottom of this page.

 

 

How does Sandboxie protect me, technically?

Sandboxieextends the operating system (OS) with sandboxing capabilities by blending intoit. Applications can never access hardware such as disk storage directly, theyhave to ask the OS to do it for them. Since Sandboxie integrates into the OS, itcan do what it does without risk of being circumvented.

The followingclasses of system objects are supervised by Sandboxie: Files, Disk Devices,Registry Keys, Process and Thread objects, Driver objects, and objects used forInter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs(Mutants in NT speak), Semaphores, Sections and LPC Ports. For some moreinformation on this, please see SandboxHierarchy.

Sandboxie alsotakes measures to prevent programs executing inside the sandbox from hijackingnon-sandboxed programs and using them as a vehicle to operate outside thesandbox.

Sandboxiealso prevents programs executing inside the sandbox from loading driversdirectly. It also prevents programs from asking a central system component,known as the Service Control Manager, to load drivers on their behalf. In thisway, drivers, and more importantly, rootkits, cannot be installed by asandboxed program.

It should benoted, however, that Sandboxie does not typically stop sandboxed programs fromreading your sensitive data. However, by careful configuration of the ClosedFilePathand ClosedKeyPathsettings, you can achieve this goal as well.

 

 

Will Sandboxie protect me frommalicious key-loggers?

Yes, to someextent. First of all, your system (outside the sandbox) must not have beenalready compromised by an installed key-logger. Sandboxie can not protectagainst key-loggers that are already running outside the sandbox.

You may wantto consider always browsing sandboxed, so you don't accidentally get anykey-loggers into your system.

It is very difficultto reliably detect a key-logger. For a lengthy explanation, please see DetectingKeyLoggers.So the most important tool Sandboxie offers you for protection againstkey-loggers, is to delete the sandbox.

When you stopall sandboxed activity (in all sandboxes), then proceed to delete the sandboxyou're about to use, you can be fairly certain that all key-loggers are dead.

 

Some competing products require areboot to initiate sandboxing, why?

Changes tothe computing environment must eventually make their way to disk storage, ifthey are to be permanent. This obviously applies to files. But it also appliesto things like settings and preferences saved in the system registry.

Somecompeting products require a reboot before each use, because they sandbox diskstorage as a whole. They provide the operating system and everything in it witha single virtual disk, which is used to trap those permanent changes.

The operatingsystem is not designed to use one disk for some tasks, and another disk forother tasks. Therefore a reboot is required to switch to and from the virtualdisk.

Sandboxiedoes not require a reboot because it sandboxes access to files, rather than tothe disk as a whole. It also sandboxes access to registry keys. It alsosandboxes access to many other classes of system components, in order to trickthe sandboxed program into believing that it isn't being tricked.

Thislow-level sandboxing in some competing products makes it possible to install awider range of applications and system tools -- including system drivers --into the sandbox. Sandboxie can install most applications into the sandbox, butnot system software.

It becomesapparent that, like most other things, each tool has its advantages anddisadvantages, and one must choose the best tool for the task at hand.

 

Why am I getting some Messages fromSandbox Driver?

Not allmessages are errors, some simply inform you of an event that has occurred. Formore information, please see CommonMessages

 

Why are so many files copied into thesandbox?

When aprogram accesses a file, it declares what operations it plans to do on thefile: if it plans to read from the file, to write the file, to change itsattributes, and so on. Whenever a program declares any kind of write access toa file, Sandboxie copies it into the sandbox. In some cases, programs declarethey intend to write to the file when in fact they do not, but neverthelessSandboxie must copy the file into the sandbox.

 

What are SandboxieRpcSsand SandboxieDcomLaunch?

Please see SandboxieRpcss

 

 

Why would I need to run WindowsInstaller Service sandboxed?

The WindowsInstaller service is a component of Microsoft Windows. Some software installation(or setup) packages require this service. The component copies files and makesregistry changes on behalf of the program being installed.

Sandboxiedoes not permit sandboxed programs to use the system Windows Installer. If thesandboxed program needs the service, it will fail and Sandboxie will tell youto start a sandboxed instance of the Windows Installer service.

In this case,use the SandboxieControl action Run Sandboxed -> Windows Installer Service, tostart the sandboxed instance. Then re-run the failed installation.

 

How can I use Sandboxie to protectmyself from viruses in email?

Please seefull article: EmailProtection.

 

How to configure Sandboxie for onlyan occasional use?

By defaultSandboxie is configured to load and start automatically. To have Sandboxie loadonly when you need it, make the following changes.

Note forversions prior to 2.80: If you set the Sandboxie Service to start manually, youwill also need to start it manually before using Sandboxie. You canstart the service using the Windows Services configuration window.

In version2.80 and later, starting Sandboxie Control will also start the service. (Butnote that Administrative rights are required to start a service.)

 

Why does Sandboxie fail theGreenBorder Test?

If you useSandboxie with the GreenBorderOnline Test, the test will probably report that Sandboxie hasfailed, because test was able to copy files from the My Documents folder to afolder on the desktop named Stolen Files.

But thiscan't really be considered a failure on the part of Sandboxie.

First, thedefault Sandboxie settings do not block any files from being read, andthis includes the files in My Documents. But see ClosedFilePathfor more information.

The secondreason why Sandboxie hasn't failed, is that the Stolen Files folder iscreated within the sandbox.

 

How do I make Quick Recovery show mysaved favorites and downloads?

You may notsee all your folders in Quick Recovery, as only a few are configured by defaultin the initial installation. See also QuickRecovery

 

I saved a downloaded file, a documentor an email inside the sandbox, how do I get it out?

If you read What isSandboxie then you know Sandboxie is like a transparency layerplaced over the paper. (The paper is your computer.) When you save files(downloads, documents, emails, or anything else) through a sandboxed program,these files go into the transparency layer that is the sandbox.

You can use QuickRecovery toget these files out. Unless configured otherwise, QuickRecoverylooks in your My Documents folder, and Desktop folder. If you save the files toeither of these folders, then you can use QuickRecovery toeasily get them out.

Anotherapproach is configuring one or more folders as an OpenFilePath. Saving filesinto such folders bypasses the sandbox mechanism, and goes directly to the realfolders. Setting this is more complicated, but may also prove useful, in somecases.

 

Why does the wrong program start whenI run my default Web brower sandboxed?

This happensfor some people. Try this program:

http://windowsxp.mvps.org/defaultbrowser.htm

For moreinformation, please see a forum discussion on this issue:

http://sandboxie.com/phpbb/viewtopic.php?t=267

 

 

SUNKUMARKOTHARI

EDITORFREEWARESPACE

 


Blogged with Flock