Go to ...

RSS Feed

ToolKit Item: Sandboxie by Guest Author Bo Elam


[Note from Ed Tittel: This post about Sandboxie comes from guest author Bo Elam, whom Kari and I met on TenForums, where he is something of a regular visitor, and a passionate advocate for Sandboxie. Who better to write this Toolkit Item? Further note added October 1, 2019: In the wake of Sandboxie’s conversion to Freeware, we asked Bo to update his article. The text that follows has been updated pretty thoroughly.]

I’ll start this article on Sandboxie with a few words on how I became a Sandboxie user. Before I started using Sandboxie, I used to get malware infections once or twice a year, and simply accepted those infections. I thought, “If I am going to use the internet, I am going to get infected and there’s nothing I can do about it.” The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.

So, how did I become a Sandboxie user? One day late in 2008 during a browsing session, I was hit by malware (a rootkit). Until that day, whenever I got infected, I always had somebody clean up the infection. But this time I decided to do it myself. That was a breaking point. I took the approach of cleaning the infection as a challenge, and had fun doing it. During cleanup, I learned a lot about security and came to realize that there were better technologies available to protect our computers than anti viruses/scanners. One of those technologies was sandboxing. Later, while searching for protection against rootkits, my travels led me directly to Sandboxie. I knew nothing about sandboxes. Sandboxie doesn’t allow drivers or services to be installed in the sandbox. That attracted me. So, I decided to try Sandboxie, and nearly 11 years later, I am still using it.

What is Sandboxie?

Sandboxie is a sandbox program for Windows: an applications sandbox is a runtime environment wherein programs run in an isolated space. You can run all kind of programs under Sandboxie . You can run your browsers, email clients, PDF Readers, video players, etc. Personally, I run every program I run on a daily basis inside Sandboxie. Most files I download, they run sandboxed every time they run during their lifetime in my computer. When you run programs under Sandboxie’s supervision, the interaction between programs running in the sandbox (isolated space) and the system outside the sandbox is seamless. So, there is no reason not to do it. Below is a picture of Sandboxie control (The Sandboxie User interface). Each name depicted in Sandboxie control represents a separate sandbox with its own settings. By looking at the names, you can tell the programs I am currently running sandboxed on a regular basis, or the purpose for using a particular sandbox. For example, the one called USB, is where files that run out of USB drives run sandboxed whenever a flash drive is plugged in.

The interaction between programs running in the sandboxed environment with the system outside the sandbox works so well, it’s possible to use programs as you normally use them when not running under Sandboxie’s protection even though your computer is protected. So, in the end, users who run their programs and files in the sandbox achieve a very high level of security for their computers without losing usability or convenience. I am a Sandboxie user to the max. In my case, basically, the only time I am not using Sandboxie is when the computer is idle or I am doing updates.

To be more specific, Sandboxie in a sandbox program designed for running most of the programs that you use regularly, or programs that connect to the internet. But there are other uses for Sandboxie. For example, we can use it for testing programs. If you’d like to test a new browser or video player, you can run the installer in a sandbox, and test the program. In the pictures below, after right-clicking the installer, I get the option to “Run sandboxed” from the installer (top image following). Clicking that option opens up the Sandboxie Menu. In that menu we have the option to choose the sandbox in which we want the installer to run (bottom image following).


If you like, you can keep an installation around for a while, or you can delete the sandbox after testing a program. Right now, I have IrfanView installed in a sandbox. There are several ways that a program installed sandboxed can be run. You can even create a sandboxed shortcut to make things easier to run installed programs in a sandbox, but this is how I run them myself. Look at the 3 pictures below. In the first one, after right clicking the Sandboxie icon by the clock and hovering the browser over the name of the sandbox where I installed IrfanView, I get the menu to the left, and select “Run from Start menu”. That’s the sandboxed Start menu (picture 2 following). I look for IrfanView in that Menu and click it. After doing so, it opens in the sandbox I created and set up as a dedicated sandbox for IrfanView (picture 3 following).


Probably, the most important function in Sandboxie is Delete contents of the sandbox. When you delete those contents, everything you did in a session gets deleted. In fact, all changes that took place in the session get deleted, except what you choose to save outside the sandbox. You can set sandboxes to delete automatically when you close a sandboxed program (that’s what I do in my browser sandboxes) or you can save contents (a sandbox in which you installed a program that you want to keep for a while is a good example). Saved contents may then be deleted later, whenever you decide to do so. In the following picture, you can see the options in Sandbox settings for Delete contents.

I also use Sandboxie for testing changes to my system. After testing, if all looks good in the sandbox, I ll commit the change on the real system. Everyone who uses Sandboxie sometimes innovates and comes up with new ideas on how to use the program.

How does it work?

Programs running in Sandboxie’s isolated space (the sandbox) are prevented from making permanent changes outside the sandbox, to the file system, the registry or other programs. When a program running in the sandbox wants to make a change (good or bad), Sandboxie captures that change. Then, before it takes place, Sandboxie makes a copy of the file and redirects it to the sandbox folder. The sandboxed program thinks the change is applied to the real system but it is not. It applies only to the copy. That’s how Sandboxie protects a computer from unwanted changes.

The following image shows the Sandbox folder on the C: drive.

The Sandbox at work

For example, when I download something, like an installer, the sandboxed program (Firefox in this case) thinks the download goes to user\current\BoVideos\C1 but actually the download is redirected to C:\Sandbox\Bo\DefaultBox\user\current\BoVideos\C1. Look at the picture below. The same thing would happen if you got hit by malware. In that case the infection, and any changes caused by the malware, get redirected to the sandbox. The malware thinks it has infected the system but it has not. The infection is captured by Sandboxie and will be gone when we delete the sandbox. Your actual file system and registry remain intact.

Via Sandboxie control you can track the changes that sandboxed programs make. Some users like to use this option when they test installing a program in a sandbox, to see what files programs create or files they modify.

Some sandbox programs sandbox files or programs when they detect or flag a file or program as malicious. Ditto when a file or program is unknown to the sandbox program. Sandboxie works differently. Sandboxie treats every file the same way, it doesn’t detect anything. We, the users, choose what to sandbox, not Sandboxie. My formula for success with Sandboxie is simple, I sandbox all files and programs that run in my computer every time they run. There are exceptions but they are rare and that’s basically how I use Sandboxie.

Another characteristic of Sandboxie that makes it a unique program is that you can use as many sandboxes as you need. Most sandboxing program support only a single sandbox. Everything that runs, runs together in the same process space. To maximize isolation, Sandboxie allows the user to create separate sandboxes for different programs. By running programs in their own sandboxes, we isolate them not only from the system but from each other as well. Dedicating sandboxes for different programs allows the user to set each sandbox according to the dedicated/primary program. In the example pictured below, you can see Firefox running in one sandbox and Libre Office in another. Using separate sandboxes for those programs allows me to set each sandbox according to the dedicated program. For example, in my Libre office sandbox, no program is allowed access to the internet. That’s security. Whenever I run an Office file, nothing in that file can connect to the internet. I achieve this high level of security because I am using a separate sandbox for Libre. If all programs ran together in one big sandbox, Libre would run sandboxed but it would still have access to the internet.

There are many settings in Sandboxie, some are global but most can be applied to individual sandboxes. Some have to do with security restrictions.Other settings have to do with usability and convenience. There are many Sandbox settings to help the user tailor each sandbox according to the program they plan to run inside it. My goal every time I create a sandbox is to achieve a balance between usability and security. So, I tighten up security as much as possible without sacrificing usability.

I am going to use Firefox to portray some of the settings. In Internet access restrictions, I only allow firefox.exe to connect to the internet. That means that no other program that runs in my Firefox sandbox will have access to the internet.

In Start/Run access restrictions, I only allow firefox.exe, and Foxit (my PDF Reader) exe files to run. If anything other than these programs attempts to run in my Firefox sandbox, it will be blocked.

For better usability and convenience, in Sandbox settings for Firefox, I allow Firefox direct access to bookmarks outside the sandbox. This makes it possible to recover/save bookmarks from the sandboxed environment. But, if you like, you can allow Firefox to have access to anything in the Firefox Profile folder, or even the entire Profile folder.

Sandbox settings are something that most sandbox programs lack. Sandboxie has quite a few: they allow users to loosen or tighten the sandbox as much as they want. You decide how loose you want the sandbox or how tight you want it. Personally, as I said earlier, I try to strike a balance between usability and security when I create sandboxes. That’s what you Sandbox settings are for, and what they do best.

By default, nothing gets out of the sandbox. Not even bookmarks or downloads. Most sandboxing programs don’t allow the user to save anything out of the sandbox. Hopefully, you guys and gals reading this article, realize that with Sandboxie we can leave things as they come by default (nothing gets out). But for convenience and usability, we can also set things up to save bookmarks and/or downloads. If this was not possible, more than likely I would have never become a Sandboxie user. I want a high level of security but don’t want to give up usability. Thankfully, I can have both (usability and security) with this program.

How can Sandboxie help Windows users?

In one short paragraph, Sandboxie helps Windows users keep their systems intact. By using Sandboxie, Windows users prevent programs that run in the sandbox from causing unwanted permanent changes to their operating systems, registries and other programs. Any changes, whether caused by good programs or malicious programs, will be gone when we delete the contents of the sandbox. And nothing gets out of the sandbox unless we allow it explicitly. End of story.

The future of Sandboxie

In late 2013, Invincea acquired Sandboxie from Ronen Tzur, the program’s original developer and creator. This transition was smooth and things worked out pretty well for the software and users during this period. Invincea had a team of professional developers who continuously worked on the development of Sandboxie. Unfortunately, in 2017 Invncea was in turn acquired by Sophos. At first, Sophos said development of Sandboxie would continue. Then, on April 16th 2018, Sophos released an announcement announcing an immediate end to the sale of and support for Invincea products. They said support would end on December 31, 2019. After this announcement appeared, users at the Sandboxie forum continuously asked if that announcement included Sandboxie. The answer time and time again, was no. Instead, Sophos maintained that Sandboxie was not included and stated that development would continue. In my opinion, the truth is they never cared about Sandboxie and had no plans to continue developing the program. They just didn’t come right out and say so.

A few weeks ago (September 10, 2019), Sophos announced major changes to Sandboxie. The company said the software was now a free tool,  and discontinued selling licenses. It also announced plans to release Sandboxie software as open source sometime in the future. This is where things now stand.

I think it’s going to take several months before Sophos can get ready to release the Sandboxie code as open source. My guess is this release will occur sometime around the middle of next year (2020). Sophos has already cut off support in the Sandboxie forum. That said, I believe the company will continue to develop Sandboxie over the next few months and release updates until such time as they release an open source version, including source code. In the interim, I expect the company will work on problems related to W10 and major issues with Firefox, Chrome and IE, and nothing else. Thus, problems between Sandboxie and other software is unlikely to be fixed by Sophos. This means we are on our own now. Going forward, maintaining compatibility between Sandboxie and software other than the browsers I mentioned depends on luck — at least until the open source code is released and developers who have the time and enthusiasm for Sandboxie can take a look and fix issues.

Maintaining Sandboxie as an open source program is not going to be easy. Sandboxie is complex software that requires constant maintenance. Perhaps we might get lucky and see a group of experienced developers looking for a hobby prove willing to maintain Sandboxie for free. I personally know two people who have said they will take a look at the code when is released. Likewise, I am sure there are others, so this gives us hope that Sandboxie will keep going (and working). In my opinion, all we can do right now is wait and see what happens after the open source code is released. Keep your fingers crossed, and hope for the best!

Author: Bo Elam

14 Responses “ToolKit Item: Sandboxie by Guest Author Bo Elam”

  1. March 5, 2019 at 22:36

    Thank you, Bo. I learned much. ~ Alan

    • Bo Elam
      March 7, 2019 at 15:42

      You are welcome, Alan.

      Bo

  2. TheLightofTruth
    March 6, 2019 at 12:18

    With every other Adobe, browser or Windows update, something in Sandboxie is broken and Invincea has to play the multi-month long catch-up fix game. This fact, along with Bo’s fanaticism over at Wilders and elsewhere, have done more to harm Sandboxie than anything else. The general perception is that Sandboxie is a high-hassle software. And no one – save a single person – is going to focus solely upon adapting their system so that Sandboxie will work reliably. A typical user is going to expect – and rightly so – that Sandboxie be compatible with their system and softs out of the box and on an ongoing basis. Any breakage because of any update is unacceptable.

    • Bo Elam
      March 7, 2019 at 15:41

      I know who you are, and you know I know who you are. Leave the hate for Sandboxie (and myself) at Wilders. Dont bring it here, please.

      Sandboxie is a restrictive software. I am sorry that some of the software that’s important to you is not compatible with Sandboxie, and there’s nothing that can be done about. Holes would have to be open in SBIE for your favorite software to work in the sandbox. Sandboxie wont do that. If Sandboxie was important to you, you would accommodate to SBIE, work with SBIE, but you feel, doing it is like giving up. Face it, Sandboxie is not for you. Quit the hate and move on.

      What can I say, I never have problems with SBIE. I never had any big issue in XP, W7 or now in W10. Am I lucky? No, its not luck, I don’t have issues because I understand SBIE, and try using software that’s compatible with SBIE.

      Bo

  3. William Barrett
    March 7, 2019 at 17:21

    Sandboxie is my every day program, it works just fine for what I need and for my clients that use it.
    I have had not problem with getting help with Sandboxie and been able to determine the cause of a Sandboxie error and solve the problem myself.
    This program has save quite a few of my clients form malware and in one case Ransomware.

  4. TheLightofTruth
    March 8, 2019 at 05:17

    I don’t know who you think I am, but I’m not a member of Wilders. However, I do read posts on Wilders.

    There is no hate, just the truth. The facts are the facts. And the undeniable fact of the matter is that Sandboxie routinely breaks things after software or OS updates. It has an atrocious compatibility record.

    You’re right. I don’t want to accommodate Sandboxie. I use a default deny configuration that is far more restrictive than Sandboxie could ever be. Sandboxie requires exclusions and policy modifications that weaken system security.

    You have an absolute intolerance of any form of criticism of Sandboxie. You won’t even acknowledge the most moderate, entirely legitimate criticism. Furthermore, your constant need to always defend Sandboxie with your Bo Elam-centric view is obnoxious.

    • Bo Elam
      March 8, 2019 at 18:45

      By looking at your nick, I knew who you were. You always use names that have to do with light, illumination, illuminated, enlightened one, that’s you. The nick you took here, “TheLightofTruth”, fits you perfectly. You took it from the book In the light of truth, the author saw himself, as you think of yourself, as sort of a messiah whose role on earth is to shed light on the rest of us mortals.

      But anyway, you saying, “Any breakage because of any update is unacceptable.” shows how unreasonable you are regarding Sandboxie. The truth is that any update by any software could trigger a compatibility issue between the updated software and another software. A simple daily anti virus virus signatures update could produce a compatibility issue between the AV and a browser. But since your agenda is to attack SBIE, you really don’t care about how things really are and work.

      Regarding myself and Sandboxie, I am going to tell you something. And after I finish writing what I am writing now, I wont reply again to you. In the early years when I stated using Sandboxie, in private conversations with Tzuk (the original developer of SBIE), he told me over and over that he liked what I wrote about Sandboxie, and thanked me. He continuously did it, that gave me the confidence and encouraged me to keep writing about Sandboxie, and to continue doing t as I always had. His words assured me that what I was writing was beneficial for SBIE. What I write comes from my personal experience using Sandboxie.

      Later, after Tzuk left, the new developers, have also in our private conversations thanked me for my contribution to Sandboxie. So, you, telling me that I “done more to harm Sandboxie than anything else” don’t mean anything when the developers (new and old) tell its otherwise.

      Good bye

      Bo

  5. Mac
    April 6, 2019 at 21:43

    Hey a month later but ….

    I’ve been using SB since around 2006 or 7 and haven’t had an infection or anything similar since. Now there have been some times when a new version of SB or FF have had some compatibility problems but they get resolved fairly quickly. No issues since the re-build of FF. Extensive posts on respective forums are your friend, in the rare case you have issues.

    Meanwhile, I’ve been trying to find what browsers are compatible w/SB and this intro article also does not spell that out. I believe FF and Opera are, but not Edge or Chrome. Love to find out so it’s back to surfing for me today.

    Well, my 2c. I won’t even consider surfing w/o SB.

    • Bo Elam
      April 12, 2019 at 00:49

      Hi Mac, of the browsers you mentioned, only Edge is not compatible with Sandboxie. Firefox. Opera, and Chrome work well with Sandboxie. Internet Explorer does as well.

      In some systems, for Chrome to work fluently in the sandbox, its better not to enable Drop rights in Sandbox settings. Because of the way Chrome works, using Drop rights sometimes generates too many Sandboxie messages, and that can be annoying. So, if you run Chrome sandboxed and you constantly get SandboxieBITS messages, disable Drop rights. Basically, the key for running Chrome successfully under Sandboxie is not to over restrict the sandbox.

      Bo

  6. Alan Brandt
    June 6, 2019 at 17:55

    You are entitled to your opinion… however your broad generalization of Bo’s sharing of his technical expertise with SB has been X-tremely valuable to my business. I do not share your point of view at all. I am confident many other discretionary software users will find Bo’s share helpful as well.

  7. Len Fox
    October 2, 2019 at 11:04

    Normally a lurker, just reading forums, now felt I had to post. Bo helped many people getting a grip on Sandboxie.

    To be honest with many (felt like most) Windows 10 updates, Sandboxie had problems. Having used Sandboxie from the start (it started as an Internet Explorer application sandbox, written as SandboxIE in which IE stood for Internet Explorer), I have removed Sandboxie with the 1903 update. It just did not seem right to postpone (security) updates for the OS for a security application.

    Maybe a reduction in protection scope (only browsers) might be a way forward, sort of back to the future concept when Sandboxie becomes open source

    • Bo Elam
      October 3, 2019 at 04:14

      Hi Len, Sandboxie is working fine with 1903. Maybe I am lucky but I always being able to dodge major issues. After W10 was first released, I read reports from users that experienced problems between the new system and Sandboxie. So, after reading those reports, when I first got my W10 in July 2017. I expected to experience problems. But they never happened. My experience using Sandboxie in W10 has been very nice.

      Perhaps one reason why I avoid having issues with Sandboxie is that I try to work along Sandboxie. What I mean is, I use programs that traditionally have worked well with SBIE and stay away from using software that historically has not gotten along with SBIE. I know not everyone is willing to do that but I am and it helps.

      Anyway, SBIE is working nicely in 1903. Give it a go.

      Bo

  8. phrab
    October 26, 2019 at 22:52

    Bo. Great article. I started using Sandboxie in 2008 also, but have learned a lot of tips from this article! Thank you!! Perhaps Ronen can further develop Sandboxie after it’s open source. I donated when it was free & glad I upgraded to the paid version.

    Yes, Sophos hasn’t been the same, although Barb (who tirelessly answers support questions) is great!

    • Bo Elam
      October 29, 2019 at 04:19

      Thanks, phrab. I am glad you liked the article. I agree about Barb. She was the best.

      Bo

Leave a Reply