Wednesday, 22 March 2017

Keep your PC perfectly safe with sandboxing

Keep your PC perfectly safe with sandboxing

Wayne Williams explains how to use a sandbox to protect your PC from malicious programs, snoops and more

Sandboxing is a method used to prevent software from taking control of your operating system or making any changes to it. It works by containing the program in a secure and disposable section of your computer’s hard drive or memory. Software running in this ‘sandbox’ is allowed to read data from the hard drive as normal, but it can’t write data outside of the sandbox or make any changes to Windows.

There are several benefits to sandboxing software in this way, such as keeping your system safe from potential malware and letting you try as many programs as you like without worrying about cluttering up Windows or causing problems.

It’s also useful for privacy reasons: if you sandbox your web browser, nothing you do will be recorded on your computer, and bookmarks, cookies, cached pages and browsing history will vanish when you empty or exit the sandbox.


SANDBOXING SOFTWARE


Sandboxie

www.sandboxie.com

Sandboxie is the best-known sandboxing application. It was launched in 2004 and has been continually updated ever since.

Sophos announced the acquisition of Sandboxie’s parent company, Invincea, in February, and has said that it will continue to update the software – for the time being, at least.

Shade Sandbox

www.shadesandbox.com

Shade Sandbox is a simple sandboxing tool that’s very easy to use. It supports drag-and-drop, so you can just add and run applications inside it. It’s free to use but you need to register with your name and email address in order to get an activation code.

Time Freeze

bit.ly/tf419

Instead of cordoning off a separate area, Toolwiz Time Freeze turns your entire operating system into a sandbox. It works by creating a restore point of your system. You can then run any software and make whatever changes you want. When you’re finished, Time Freeze uses the restore point to revert your system to how it was before you started.

BitBox

bit.ly/bbox419

BitBox (Browser in the Box) is essentially a sandboxed web browser. You can choose from ‘Browser in the Box Firefox’ or ‘Browser in the Box Chrome’, which is then installed in a VirtualBox virtual machine (if you already have VirtualBox on your PC, you’ll need to uninstall it before you can use BitBox). You can browse anywhere you like without worry, because everything gets wiped when you close the browser.

WHY USE SANDBOXING?


No need to uninstall software


Not every program you download and install will be a keeper. Some you might try and hate, or have no long-term use for. Once you’re done with a program, you’ll need to uninstall it, and there’s no guarantee that all its files will be successfully removed.

Try this experiment: go to C:\Program Files to see all the files on your PC’s hard drive. If you’ve been using Windows for a while, you’ll likely see folders for software you uninstalled ages ago, many of which will be empty. This is why it’s a good idea to sandbox a new program and try it out before installing it ‘for real’
in Windows. When you’re done trying it, you can simply empty the sandbox and all trace of the program will be removed.

To install something inside a sandbox, first right-click the Sandbox name in Sandboxie, then select Run Sandboxed, Run Any Program and then browse for the installer. The entire installation process will run inside the sandbox, so no files will be written to your PC and no changes will be made to the Registry.

Avoid malware


If you download programs, games or archived files containing movies or music from dubious sites, you should always check them with antivirus software the moment the download completes. To be completely safe, you could download and run these files within a sandbox.

If you regularly download items using BitTorrent, you can launch your favourite client in the sandbox, then check that your downloads are safe before moving them to your hard drive. Should the file you download contain malware, it won’t matter because it can’t harm the rest of your computer in any way, and you can quickly dispose of it by emptying the sandbox.

Browse more securely


All modern browsers, including Chrome and Firefox, come with a private browsing mode that stops the browser recording your web history and saving cookies. It’s a great solution if you want to visit certain websites without leaving a trace on your computer.

Sandboxing your browser goes a step further because not only will your browsing history and anything else you do go unrecorded, any files you download and sites you bookmark will also leave no trace. When you close the browser and empty the sandbox, everything you did will be wiped out. You can, however, easily transfer downloads from inside the sandbox to your Desktop if you’re sure they’re safe, so they don’t disappear along with everything else.

A sandbox offers a further layer of protection in that it can also shield you from drive-by downloads initiated on malicious websites, and prevent sites from hacking into your webcam and gaining access to files stored on your computer.

Open any email attachment


Most of us are aware of the dangers of opening email attachments from people we don’t know, no matter how convincing the accompanying message is. However, if you sandbox your email client (or your browser, if you use webmail), you don’t need to worry about opening any attachment because a malicious program won’t be able to infect your system. This won’t protect you against phishing scams, though, so you’ll still need your wits about you.

What’s already sandboxed?


A lot of popular programs and devices already use sandboxing to keep you safe. Browsers, for example, often sandbox web pages you visit, preventing any malicious code from gaining access to your system files. Browser plugins such as Flash are similarly constrained.

PDF readers will open PDFs in a sandbox, and apps on iOS and Android are only granted limited permissions – if an app needs to do something like access your photos or use your camera, it has to ask for your permission first.

This automatic sandboxing also prevents one app from interfering with another.


Install and run Sandboxie


1 When you install Sandboxie, it will scan your PC and highlight any potentially incompatible software you have installed. Clicking OK will apply special configuration settings to them. You can add and remove programs from here. If you have conflicting software installed (such as an antivirus program), click Known Conflicts to view potential problems.

2 If the Sandboxie window isn’t visible, right-click the icon in the notification area and select Show Window. Rightclick Sandbox DefaultBox and open the Run Sandboxed menu. This gives you options to launch a sandboxed version of your default web browser, email reader, any program, any item from the Start menu or Windows Explorer.

3 You can tell if a program is sandboxed because the title bar shows a hash (#) sign. Also, if you move your mouse to the top of the program’s window, a yellow border appears. When you’ve finished running your program, right-click the sandbox and select Delete Contents to clear out everything in it, including any accrued junk.


Sandbox your web browser with Sandboxie


1 Sandboxing your browser means you can go anywhere and download anything on the web, without leaving a trace on your computer. Launch Sandboxie, then right-click the sandbox. Select Run Sandboxed and choose Run Web Browser. It will load your default browser in the sandbox.

2 You’ll see your browser listed in the Sandboxie Control window. To make sure you are using the sandboxed version of your browser, move your mouse to the edge of the browser window and check for the yellow border. You can now browse the internet as usual, and any files you download will also be sandboxed.

3 The sandboxed items you download will be deleted when you empty the sandbox. If you want to keep any, select the downloads you want to save, then select a destination folder and click Recover. You can tell Sandboxie to only offer the chance to recover items when you empty the sandbox.