Not Found

The requested URL index.php was not found on this server.

Apache/2.2.22 (Linux) Server at Port 80
1 ToolKit Item: Sandboxie by Guest Author Bo Elam – Win10.Guru
Go to ...

RSS Feed

ToolKit Item: Sandboxie by Guest Author Bo Elam

[Note from Ed Tittel: This post about Sandboxie comes from guest author Bo Elam, whom Kari and I met on TenForums, where he is something of a regular visitor, and a passionate advocate for Sandboxie. Who better to write this Toolkit Item?]

I’ll start this article on Sandboxie with a few words on how I became a Sandboxie user. Before I started using Sandboxie, I used to get malware infections once or twice a year, and simply accepted those infections. I thought, “If I am going to use the internet, I am going to get infected and there’s nothing I can do about it.” The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.

So, how did I become a Sandboxie user? One day late in 2008 during a browsing session, I was hit by malware (a rootkit). Till that day, whenever I got infected, I always had somebody clean up the infection. But this time I decided to do it myself. That was a breaking point. I took the approach of cleaning the infection as a challenge, and had fun doing it. During cleanup, I learned a lot about security and came to realize that there were better technologies available to protect our computers than anti viruses/scanners. One of those technologies was sandboxing. Later, while searching for protection against rootkits, my travels led me directly to Sandboxie. I knew nothing about sandboxes. Sandboxie doesn’t allow drivers or services to be installed in the sandbox. That attracted me. So, I decided to try Sandboxie, and 10 years later, I am still using it.

What is Sandboxie?

Sandboxie is a sandbox program for Windows: an applications sandbox is a runtime environment wherein programs run in an isolated space. You can run all kind of programs under Sandboxie . You can run your browsers, email clients, PDF Readers, video players, etc. Personally, I run every program I run on a daily basis inside Sandboxie. Most files I download, they run sandboxed every time they run during their lifetime in my computer. When you run programs under Sandboxie’s supervision, the interaction between programs running in the sandbox (isolated space) and the system outside the sandbox is seamless. So, there is no reason not to do it. Below is a picture of Sandboxie control (The Sandboxie User interface). Each name depicted in Sandboxie control represents a separate sandbox with its own settings. By looking at the names, you can tell the programs I am currently running sandboxed on a regular basis, or the purpose for using a particular sandbox. For example, the one called USB, is where files that run out of USB drives run sandboxed whenever a flash drive is plugged in.

The interaction between programs running in the sandboxed environment with the system outside the sandbox works so well, it’s possible to use programs as you normally use them when not running under Sandboxie’s protection even though your computer is protected. So, in the end, users that run their programs and files in the sandbox, achieve a very high level of security for their computers without losing usability or convenience. I am a Sandboxie user to the max. In my case, basically, the only time I am not using Sandboxie is when the computer is idle or I am doing updates.

To be more specific, Sandboxie in a sandbox program designed for running most of the programs that you use regularly, or programs that connect to the internet. But there are other uses for Sandboxie. For example, we can use it for testing programs. If you would like to test a new browser or video player, you can run the installer in a sandbox, and test the program. In the picture below (left side), after right clicking the installer, I get the option to “Run sandboxed” the installer. Clicking that option, opens up the Sandboxie Menu (Right side), in that menu we have the option to choose the sandbox where we want the installer to run.

If you like, you can keep an installation around for a while, or you can delete the sandbox after testing a program. Right now, I have IrfanView installed in a sandbox. There are several ways that a program installed sandboxed can be run. You can even create a sandboxed shortcut to make things easier to run nstalled programs sandboxed but this is how I run them myself. Look at the 3 pictures below, in the first one, after right clicking the Sandboxie icon by the clock and hovering the browser over the name of the sandbox where I installed IrfanView, I get the menu to the left, and select “Run from Start menu”. That’s the sandboxed Start menu (picture 2). I look for IrfanView in the Menu and click it, after doing so, it opens in the sandbox I created and set up specifically as a dedicated sandbox for IrfanView (picture 3).

1 2


Probably, the most important function in Sandboxie is Delete contents of the sandbox. When you delete contents, everything you did in a session gets deleted, all changes that took place in the session get deleted, except what you choose to save outside the sandbox. You can set sandboxes to delete automatically when you close a sandboxed program (that’s what I do in my browser sandboxes) or you can save contents (a sandbox where you installed a program that you want to keep for a while is a good example) and delete later, when you decide to do so. Below, you can see the options in Sandbox settings for Delete contents.

I also use Sandboxie for testing changes in my system. After testing, if all looks good in the sandbox, I ll do the change on the real system. Everyone who uses Sandboxie sometimes innovates and comes up with new ideas on how to use the program.

How does it work?

Programs running in Sandboxie’s isolated space (the sandbox) are prevented from making permanent changes outside the sandbox, to the file system, the registry or other programs. When a program running in the sandbox wants to make a change (good or bad), Sandboxie captures that change and before it takes place, Sandboxie makes a copy of the file and redirects it to the sandbox folder. The sandboxed program thinks the change is done for real in the real system but it is not. It is done only to the copy. That’s how Sandboxie protects a computer from unwanted changes.

The Sandbox folder in C Drive.

The Sandbox at work. For example, when I download something, like an installer, the sandboxed program (Firefox in this case) thinks the download went to user\current\BoVideos\C1 but actually the download was redirected to C:\Sandbox\Bo\DefaultBox\user\current\BoVideos\C1. Look at the picture below. The same thing would happen if you get hit by malware. Then the infection, and any changes caused by the malware get redirected to the sandbox. The malware thinks it infected the system but it has not. The infection was captured by Sandboxie and will be gone when we delete the sandbox. Your files system and registry remain intact.

Via Sandboxie control you can track the changes sandboxed programs make. Some users like to use this option when they test installing a program in a sandbox, to see what files programs create or files they modify.

Sandboxie comes in both free and paid versions. Both versions have same degree of security. The difference in the two versions is that with the paid version, sandboxing files and programs becomes automatic. You don’t have to think about sandboxing a file, you just click it and it runs sandboxed automatically. When you buy a license and register your copy of Sandboxie, the Forced folders and Forced programs features are unlocked. The Forced programs feature allow the user to set programs to run automatic every time they run. Via Forced programs, you set your browsers, PDF readers, or any program to run sandboxed automatically. For example, if you set your PDF reader to run sandboxed, whenever you click on a PDF, it will run sandboxed. By using the Forced folder feature, you can set folders, such as, your Download folder or USB drives to be sandboxed. If you set your Download folder as a Forced folder, every file that runs out of that folder, will run sandboxed when executed. If you set your USB drives to run sandboxed, when a flash drive is plugged in, the USB folder opens up using a sandboxed version of File explorer. If anything runs, it will run sandboxed, under Sandboxie’s supervision.

Some sandbox programs sandbox files or program when it detects or flags a file or program as malicious or is unknown to the sandbox program. Sandboxie works differently. Sandboxie treats every file the same way, it doesn’t detect anything. We, the users, choose what to sandbox, not Sandboxie. My formula for success with Sandboxie is simple, I sandbox all files and programs that run in my computer every time they run. There are exceptions but they are rare and that’s basically how I use Sandboxie.

Another characteristic of Sandboxie that makes it a unique program is that you can use as many sandboxes as you need. Most sandboxing program have only one sandbox. Everything that runs, runs together. To maximize isolation, Sandboxie allows the user to create separate sandboxes for different programs. By running programs in their own sandbox, we isolate programs not only from the system but from other programs as well. Dedicating sandboxes for different programs allows the user to set each sandbox according to the dedicated/primary program. In the example pictured below, you can see Firefox running in one sandbox and Libre Office in another. Using separate sandboxes for those programs allows me to set each sandbox according to the dedicated program. For example, in my Libre office sandbox, no program is allowed access to the internet. That’s security. Whenever I run an office file, nothing in that file can connect to the internet. I achieve this high level of security because I am using a separate sandbox for Libre. If all programs ran together in one big sandbox, Libre would run sandboxed but it would have access to the internet.

There are many settings in Sandboxie, some are global but most can be applied to individual sandboxes. Some have to do with security, restrictions. While other settings have to do with usability and convenience. There are many, Sandbox settings help the user tailor each sandbox according to the program you are going to run in it. My goal every time I create a sandbox is to achieve a balance between usability and security. So, I tighten up security as much as possible without losing usability.

I am going to use Firefox to portray some of the settings. In Internet access restrictions, I only allow firefox.exe to connect to the internet. That means that no other program that runs in my Firefox sandbox will have access to the internet.

In Start/Run access restrictions, I only allow firefox.exe, and Foxit (my PDF Reader) exes to run. If anything other than these programs attempt to run in my Firefox sandbox, they will be blocked.

For better usability and convenience, in Sandbox settings for Firefox, I allow Firefox to have Direct access to bookmarks outside the sandbox. This makes it possible to recover/save bookmarks from the sandboxed environment. But, if you like, you can allow Firefox to have access to anything in the Firefox Profile folder, or even the entire Profile folder.

Sandbox settings are something that most sandbox programs lack. Sandboxie has quite a few, they allow users to lighten or tighten the sandbox as much as we want. You decide how loose you want the sandbox or how tight you want it. Personally, like I said earlier, I try to strike a balance between usability and security when I create sandboxes. That’s what you do with Sandbox settings.

By default, nothing gets out of the sandbox. Not even bookmarks or downloads. Most sandboxing programs don’t allow the user to save anything out of the sandbox. Hopefully, you guys and gals reading this article, realize that with Sandboxie we can leave things as they come by default (nothing gets out). But for convenience and usability, we can set things up to save bookmarks and downloads. If this was not possible, more than likely I would have never become a Sandboxie user. I want a high level of security but don’t want to give up usability. Thankfully, I can have both (usability and security) with Sandboxie.

How can Sandboxie help Windows users?

In one short paragraph, Sandboxie helps Windows users keep their systems intact. By using Sandboxie, Windows users prevent programs that run in the sandbox from causing unwanted permanent changes to their operating system, registry and other programs. Any changes, caused by good programs or malicious programs will be gone when we delete the contents of the sandbox. And nothing gets out of the sandbox unless we allow it. End of story.

Author: Bo Elam

10 Responses “ToolKit Item: Sandboxie by Guest Author Bo Elam”

  1. March 5, 2019 at 22:36

    Thank you, Bo. I learned much. ~ Alan

    • Bo Elam
      March 7, 2019 at 15:42

      You are welcome, Alan.


  2. TheLightofTruth
    March 6, 2019 at 12:18

    With every other Adobe, browser or Windows update, something in Sandboxie is broken and Invincea has to play the multi-month long catch-up fix game. This fact, along with Bo’s fanaticism over at Wilders and elsewhere, have done more to harm Sandboxie than anything else. The general perception is that Sandboxie is a high-hassle software. And no one – save a single person – is going to focus solely upon adapting their system so that Sandboxie will work reliably. A typical user is going to expect – and rightly so – that Sandboxie be compatible with their system and softs out of the box and on an ongoing basis. Any breakage because of any update is unacceptable.

    • Bo Elam
      March 7, 2019 at 15:41

      I know who you are, and you know I know who you are. Leave the hate for Sandboxie (and myself) at Wilders. Dont bring it here, please.

      Sandboxie is a restrictive software. I am sorry that some of the software that’s important to you is not compatible with Sandboxie, and there’s nothing that can be done about. Holes would have to be open in SBIE for your favorite software to work in the sandbox. Sandboxie wont do that. If Sandboxie was important to you, you would accommodate to SBIE, work with SBIE, but you feel, doing it is like giving up. Face it, Sandboxie is not for you. Quit the hate and move on.

      What can I say, I never have problems with SBIE. I never had any big issue in XP, W7 or now in W10. Am I lucky? No, its not luck, I don’t have issues because I understand SBIE, and try using software that’s compatible with SBIE.


  3. William Barrett
    March 7, 2019 at 17:21

    Sandboxie is my every day program, it works just fine for what I need and for my clients that use it.
    I have had not problem with getting help with Sandboxie and been able to determine the cause of a Sandboxie error and solve the problem myself.
    This program has save quite a few of my clients form malware and in one case Ransomware.

  4. TheLightofTruth
    March 8, 2019 at 05:17

    I don’t know who you think I am, but I’m not a member of Wilders. However, I do read posts on Wilders.

    There is no hate, just the truth. The facts are the facts. And the undeniable fact of the matter is that Sandboxie routinely breaks things after software or OS updates. It has an atrocious compatibility record.

    You’re right. I don’t want to accommodate Sandboxie. I use a default deny configuration that is far more restrictive than Sandboxie could ever be. Sandboxie requires exclusions and policy modifications that weaken system security.

    You have an absolute intolerance of any form of criticism of Sandboxie. You won’t even acknowledge the most moderate, entirely legitimate criticism. Furthermore, your constant need to always defend Sandboxie with your Bo Elam-centric view is obnoxious.

    • Bo Elam
      March 8, 2019 at 18:45

      By looking at your nick, I knew who you were. You always use names that have to do with light, illumination, illuminated, enlightened one, that’s you. The nick you took here, “TheLightofTruth”, fits you perfectly. You took it from the book In the light of truth, the author saw himself, as you think of yourself, as sort of a messiah whose role on earth is to shed light on the rest of us mortals.

      But anyway, you saying, “Any breakage because of any update is unacceptable.” shows how unreasonable you are regarding Sandboxie. The truth is that any update by any software could trigger a compatibility issue between the updated software and another software. A simple daily anti virus virus signatures update could produce a compatibility issue between the AV and a browser. But since your agenda is to attack SBIE, you really don’t care about how things really are and work.

      Regarding myself and Sandboxie, I am going to tell you something. And after I finish writing what I am writing now, I wont reply again to you. In the early years when I stated using Sandboxie, in private conversations with Tzuk (the original developer of SBIE), he told me over and over that he liked what I wrote about Sandboxie, and thanked me. He continuously did it, that gave me the confidence and encouraged me to keep writing about Sandboxie, and to continue doing t as I always had. His words assured me that what I was writing was beneficial for SBIE. What I write comes from my personal experience using Sandboxie.

      Later, after Tzuk left, the new developers, have also in our private conversations thanked me for my contribution to Sandboxie. So, you, telling me that I “done more to harm Sandboxie than anything else” don’t mean anything when the developers (new and old) tell its otherwise.

      Good bye


  5. Mac
    April 6, 2019 at 21:43

    Hey a month later but ….

    I’ve been using SB since around 2006 or 7 and haven’t had an infection or anything similar since. Now there have been some times when a new version of SB or FF have had some compatibility problems but they get resolved fairly quickly. No issues since the re-build of FF. Extensive posts on respective forums are your friend, in the rare case you have issues.

    Meanwhile, I’ve been trying to find what browsers are compatible w/SB and this intro article also does not spell that out. I believe FF and Opera are, but not Edge or Chrome. Love to find out so it’s back to surfing for me today.

    Well, my 2c. I won’t even consider surfing w/o SB.

    • Bo Elam
      April 12, 2019 at 00:49

      Hi Mac, of the browsers you mentioned, only Edge is not compatible with Sandboxie. Firefox. Opera, and Chrome work well with Sandboxie. Internet Explorer does as well.

      In some systems, for Chrome to work fluently in the sandbox, its better not to enable Drop rights in Sandbox settings. Because of the way Chrome works, using Drop rights sometimes generates too many Sandboxie messages, and that can be annoying. So, if you run Chrome sandboxed and you constantly get SandboxieBITS messages, disable Drop rights. Basically, the key for running Chrome successfully under Sandboxie is not to over restrict the sandbox.


  6. Alan Brandt
    June 6, 2019 at 17:55

    You are entitled to your opinion… however your broad generalization of Bo’s sharing of his technical expertise with SB has been X-tremely valuable to my business. I do not share your point of view at all. I am confident many other discretionary software users will find Bo’s share helpful as well.

Leave a Reply