How to run a sandbox on Windows 10. Computer sandbox Sandboxie - will protect your PC

Youtube

In the process of publishing the last part of the series of articles “Lies, Big Lies and Antiviruses,” it became clear that the Habra audience is catastrophically uneducated in the field of antivirus sandboxes, what they are and how they work. What’s funny about this situation is that there are almost no reliable sources of information on this issue on the Internet. Just a bunch of marketoid husk and texts from I don’t understand who in the style of “one grandma said, listen here.” I'll have to fill in the gaps.

Definitions.

So, sandbox. The term itself does not come from a children's sandbox, as some might think, but from the one used by firefighters. This is a sand tank where you can safely work with flammable objects or throw something already burning into it without fear of setting something else on fire. Reflecting the analogy of this technical structure to the software component, we can define a software sandbox as “an isolated execution environment with controlled rights.” This is exactly how, for example, the sandbox of a Java machine works. And any other sandbox too, regardless of its purpose.

Moving on to anti-virus sandboxes, the essence of which is to protect the main working system from potentially dangerous content, there are three basic models Isolating the sandbox space from the rest of the system.

1. Isolation based on full virtualization. Use any virtual machine as a protective layer over the guest operating system, where the browser and other potentially dangerous programs through which the user can become infected are installed, provides enough high level protection of the main working system.

The disadvantages of this approach, in addition to the monstrous size of the distribution and high resource consumption, lie in the inconvenience of exchanging data between the main system and the sandbox. Moreover, you need to constantly return the state file system and the registry to the original ones to remove the infection from the sandbox. If this is not done, then, for example, spambot agents will continue their work inside the sandbox as if nothing had happened. The sandbox has nothing to block them. In addition, it is not clear what to do with portable storage media (flash drives, for example) or games downloaded from the Internet, which may contain malicious bookmarks.

An example of an approach is Invincea.

2. Isolation based on partial virtualization of the file system and registry. It is not at all necessary to carry the virtual machine engine with you; you can push duplicate file system and registry objects to processes in the sandbox, placing applications on the user’s work machine in the sandbox. An attempt to modify these objects will only change their copies inside the sandbox; the real data will not be affected. Rights control does not make it possible to attack the main system from within the sandbox through interfaces operating system.

The disadvantages of this approach are also obvious - data exchange between the virtual and real environment is difficult, constant cleaning of virtualization containers is necessary to return the sandbox to its original, uninfected state. Also, breakdowns or bypass of this type of sandboxes and the release of malicious program codes into the main, unprotected system are possible.

Example approach - SandboxIE, BufferZone, ZoneAlarm ForceField, isolated Kaspersky environment Internet Security, Comodo Internet Security sandbox, Avast Internet Security sandbox.

3. Rule-based isolation. All attempts to modify file system and registry objects are not virtualized, but are considered from the point of view of a set of internal rules of the protection tool. The more complete and accurate such a set is, the more protection the program provides against infection of the main system. That is, this approach represents a compromise between the convenience of data exchange between processes inside the sandbox and real system and the level of protection against malicious modifications. Rights control does not make it possible to attack the main system from within the sandbox through the operating system interfaces.

The advantages of this approach also include the absence of the need to constantly roll back the file system and registry to their original state.

The disadvantages of this approach are the software complexity of implementing the most accurate and complete set of rules, and the possibility of only partially rolling back changes within the sandbox. Just like any sandbox operating on the basis of a working system, a breakdown or bypass of the protected environment and the release of malicious code into the main, unprotected execution environment is possible.

Example approach - DefenseWall, Windows Software Restriction Policy, Limited User Account+ ACL.

There are also mixed approaches to isolating sandbox processes from the rest of the system, based on both rules and virtualization. They inherit both the advantages and disadvantages of both methods. Moreover, the disadvantages prevail due to the peculiarities of the psychological perception of users.

Examples of approach - GeSWall, Windows User Account Control(UAC).

Methods for making decisions about placement under protection.

Let's move on to methods for deciding whether to place processes under sandbox protection. There are three basic ones:

1. Based on rules. That is, the decision-making module looks at the internal base of rules for launching certain applications or potentially dangerous files and, depending on this, launches processes in the sandbox or outside it, on the main system.

The advantages of this approach are the highest level of protection. Closed as malicious program files, coming from potentially dangerous places through the sandbox, and non-executable files containing malicious scripts.

Disadvantages - there may be problems when installing programs that came through the sandbox (although whitelists greatly facilitate this task), the need to manually launch processes in the main, trusted zone to update programs that are updated only within themselves (for example, Mozilla FireFox, Utorrent or Opera ).

Examples of programs with this approach are DefenseWall, SandboxIE, BufferZone, GeSWall.

2. Based on user rights. This is how Windows Limited User Account and SRP and ACL based protection work. When a new user is created, he is granted access rights to certain resources, as well as restrictions on access to others. If necessary, programs for working with prohibited substances given user resources, you must either re-login into the system under a user with a suitable set of rights and run the program, or run it alone under such a user, without re-logging in the main working user (Fast User Switch).

The advantages of this approach are a relatively good level of overall system security.

Disadvantages: non-trivial security management, the possibility of infection through resources allowed for modification, since the decision-making module does not track such changes.

3. Based on heuristic approaches. In this case, the decision-making module “looks” at executable file and tries to guess, based on indirect data, whether to run it on the main system or in the sandbox. Examples– Kaspersky Internet Security HIPS, Comodo Internet Security sandbox.

The advantages of this approach are that it is more transparent to the user than a rules-based approach. Easier to maintain and implement for the manufacturing company.

Disadvantages: the inferiority of such protection. In addition to the fact that the heuristic of the decision-making module can “miss” on the executable module, such solutions demonstrate almost zero resistance to non-executable files containing malicious scripts. Well, plus a couple more problems (for example, with the installation of malicious extensions from inside the browser itself, from the body of the exploit).

Separately, I would like to draw attention to the method of using the sandbox as a means of heuristics, i.e. launching a program in it for a certain period of time, followed by analysis of actions and adoption general solution about malware – a full-fledged anti-virus sandbox this approach not to name. Well, what kind of anti-virus sandbox is this, which is installed only for a short period of time with the possibility of completely removing it?

Modes of using anti-virus sandboxes.

There are only two main ones.

1. Mode permanent protection. When a process starts that could be a threat to the main system, it is automatically placed in a sandbox.

2. Manual protection mode. The user independently decides to launch this or that application inside the sandbox.

Sandboxes that have the main mode of operation as “always-on protection” can also have manual mode launch. As well as vice versa.

Sandboxes with rule-based isolation typically use persistent protection mode because communication between the host system and processes within the sandbox is completely transparent.

Heuristic sandboxes are also characterized by the use of constant protection mode, since the exchange of data between the main system and processes inside the sandbox is absolutely insignificant or is reduced to it.

Non-heuristic sandboxes with isolation based on partial virtualization are characterized by a manual protection mode. This is due to difficult data exchange between processes inside the sandbox and the main working system.

Examples:

1. DefenseWall (a sandbox with rules-based isolation) has a “rules-based” main mode of operation. However, manually launching applications inside the sandbox, as well as outside it, is present.

2. SandboxIE (sandbox and isolation based on partial virtualization) has a “manual” main mode of operation. But when purchasing a license, you can activate the “constant on the rules” mode.

3. Comodo Internet Security sandbox (sandbox with isolation based on partial virtualization) has a main operating mode of “constant heuristic”. However, launching applications manually inside the sandbox, as well as outside it, is present.

These are basically the basic things that any self-respecting professional should know about antivirus sandboxes. Each separate program your own implementation features, which you yourself will have to find, understand and evaluate the pros and cons that it brings.

Definitions.

Moving on to anti-virus sandboxes, the essence of which is to protect the main working system from potentially dangerous content, we can distinguish three basic models for isolating the sandbox space from the rest of the system.

1. Isolation based on full virtualization. Using any virtual machine as a protective layer over the guest operating system, where a browser and other potentially dangerous programs through which the user can become infected, is installed, provides a fairly high level of protection for the main working system.

The disadvantages of this approach, in addition to the monstrous size of the distribution and high resource consumption, lie in the inconvenience of exchanging data between the main system and the sandbox. Moreover, you need to constantly return the state of the file system and registry to their original state to remove the infection from the sandbox. If this is not done, then, for example, spambot agents will continue their work inside the sandbox as if nothing had happened. The sandbox has nothing to block them. In addition, it is not clear what to do with portable storage media (flash drives, for example) or games downloaded from the Internet, which may contain malicious bookmarks.

An example of an approach is Invincea.

An example approach is SandboxIE, BufferZone, ZoneAlarm ForceField, Kaspersky Internet Security sandbox, Comodo Internet Security sandbox, Avast Internet Security sandbox.

3. Rule-based isolation. All attempts to modify file system and registry objects are not virtualized, but are considered from the point of view of a set of internal rules of the protection tool. The more complete and accurate such a set is, the more protection the program provides against infection of the main system. That is, this approach represents a compromise between the convenience of data exchange between processes inside the sandbox and the real system and the level of protection against malicious modifications. Rights control does not make it possible to attack the main system from within the sandbox through the operating system interfaces.

The advantages of this approach also include the absence of the need to constantly roll back the file system and registry to their original state.

An example of an approach is DefenseWall, Windows Software Restriction Policy, Limited User Account + ACL.

Examples of the approach are GeSWall, Windows User Account Control (UAC).

Methods for making decisions about placement under protection.

Let's move on to methods for deciding whether to place processes under sandbox protection. There are three basic ones:

The advantages of this approach are the highest level of protection. Both malicious program files that came from potentially dangerous places through the sandbox, and non-executable files containing malicious scripts are closed.

Examples of programs with this approach are DefenseWall, SandboxIE, BufferZone, GeSWall.

2. Based on user rights. This is how Windows Limited User Account and SRP and ACL based protection work. When a new user is created, he is granted access rights to certain resources, as well as restrictions on access to others. If you need a program to work with resources that are prohibited for a given user, you must either re-log in to the system under a user with a suitable set of rights and run the program, or run it alone under such a user, without re-logging in the main working user (Fast User Switch).

The advantages of this approach are a relatively good level of overall system security.

Disadvantages: non-trivial security management, the possibility of infection through resources allowed for modification, since the decision-making module does not track such changes.

3. Based on heuristic approaches. In this case, the decision module “looks” at the executable file and tries, based on indirect data, to guess whether to run it on the main system or in the sandbox. Examples – Kaspersky Internet Security HIPS, Comodo Internet Security sandbox.

The advantages of this approach are that it is more transparent to the user than a rules-based approach. Easier to maintain and implement for the manufacturing company.

Separately, I would like to draw attention to the method of using the sandbox as a means of heuristics, i.e. running a program in it for a certain period of time, followed by analysis of actions and making a general decision about the maliciousness - this approach cannot be called a full-fledged anti-virus sandbox. Well, what kind of anti-virus sandbox is this, which is installed only for a short period of time with the possibility of completely removing it?

Modes of using anti-virus sandboxes.

There are only two main ones.

1. Always-on protection mode. When a process starts that could be a threat to the main system, it is automatically placed in a sandbox.

2. Manual protection mode. The user independently decides to launch this or that application inside the sandbox.

Sandboxes that have the main operating mode as “always-on protection” can also have a manual launch mode. As well as vice versa.

Sandboxes with rule-based isolation typically use persistent protection mode because communication between the host system and processes within the sandbox is completely transparent.

Examples:

1. DefenseWall (a sandbox with rules-based isolation) has a “rules-based” main mode of operation. However, manually launching applications inside the sandbox, as well as outside it, is present.

2. SandboxIE (sandbox and isolation based on partial virtualization) has a “manual” main mode of operation. But when purchasing a license, you can activate the “constant on the rules” mode.

These are basically the basic things that any self-respecting professional should know about antivirus sandboxes. Each individual program has its own implementation features, which you yourself will have to find, understand and evaluate the pros and cons that it brings.

Hello everyone, today I want to talk about a very useful program these days - Sandboxie. Sandboxie is a computer sandbox that allows you to protect your computer from virus infection and provide relaxing Internet surfing. The program has several more useful features which I will tell you about later.

How does Sandboxie work?

It's very simple, the program creates a dedicated environment inside Windows designed for safe start applications on the PC, and also block access to the system for malware. Some antiviruses have similar features, such as TS 360, Comodo Internet Security, and Avast! Pro. Sandbox on this moment is one of the most the best tools to fight viruses.

By running any program in sandbox mode, you localize all the capabilities of the program in the sandbox; the program or virus cannot have any impact on your OS. Thus, in the sandbox you can run and test anything without harming the OS. If you run your browser in a sandbox, you can surf the Internet without the risk of infecting your browser or computer.

The main areas of use of the Sandboxie sandbox are:

Scan for dangerous and unfamiliar programs
Tracking program actions
Safe surfing the Internet

For more information about the capabilities of the sandbox, see my video review:

What else can Sandboxie do?

The program can also launch several program windows, for example, you can launch 2 or more Skype windows, in normal mode You can only open one program window. Some launch several windows of online games through the sandbox).

The program also allows you to use trial programs forever. For example, you can use any program that has limited period on free use. Every time you run the program in the sandbox, you can reset the trial of the program).

If you know other methods of using the sandbox, write about it in the comments and I will add this information to the main article.

If you are familiar with the functionality and features installed on your computer, then you probably know why you need such a wonderful tool as Sandbox. As a rule, this module is included in the most well-known antivirus programs, for example Avast. Sandbox or as they also say sandbox is software module allowing you to run any application in a strictly isolated environment. the main task Sandbox is to provide maximum security computer when running potentially dangerous applications or visiting infected websites.

It must be said that this method is not without its drawbacks - for example, when running the sandbox module of the same Avast, some applications running in safe mode may not work correctly, and in some cases even cause the antivirus program to freeze.

In addition, this is not very convenient, especially when you need to quickly switch from one mode to another. For those who are not satisfied with this situation, we can recommend a simpler and fast decision– utility Sandboxie- sandbox program.

This small, convenient program with a Russian-language interface allows you to create virtual areas in which you can run almost any application.

In this case, the results of all programs launched in Sandboxie will be saved in separate, specially designed folders, without affecting the operation of the operating system as a whole, thus protecting it from possible damage by viruses or configuration changes.

Sandboxie can also be used as a means anonymous surfing to the Internet in the sense that after closing the browser on the user’s computer there will be no traces of visiting sites.

Working in Sandboxie is quite simple. During installation, the utility may prompt you to configure compatibility with certain programs.

All other settings, except for the ability to integrate Sandboxie into the Explorer context menu, can be left unchanged.

By the way, in addition to global settings, it is also possible to change the parameters of the sandbox itself. Just like the general ones, it is recommended to leave these settings as default.

Program sandbox Sandboxie, supports the creation of several separate sandboxes, and in each of them you can run multiple applications.

Programs running in the same sandbox can easily exchange data, but applications from different virtual areas will be isolated from each other, as well as from the operating system as a whole. By default, the utility uses one sandbox called " DefaultBox«.

For example, let's open some application in Sandboxie, let's say an ordinary Notepad. Maybe, text editor and not best example for demonstration purposes, but it doesn't really matter at the moment.

Go to the menu " Sandbox» → « DefaultBox» → « Run in sandbox» → « ...any program" After this, a small rectangular window will open in which you can enter the name of the program, in our case it is notepad.exe, or browse by specifying the path to the application to open from the desktop. You can also launch it through the Start menu.

Interestingly, Sandboxie allows you to run even applications with different profiles that would normally not allow you to create copies in memory.

Please note that programs running in the sandbox have slightly modified working window headers, and also when you hover the mouse pointer over top part window, the entire border area will be highlighted yellow. There is nothing scary about this, don’t be alarmed, this is how it should be.

So, let's copy and paste some piece of text into Notepad and try to save the file. Initially, Sandboxie will prompt you to save the document to the program's directory, but let's ignore this suggestion and save it to HDD D.

However, if you then want to view this file and go to drive D, it will not be there. More precisely, it will be hidden, and to restore it you should open it in the menu “ View" chapter " Files and folders", find in the drop-down list required file and in context menu select the required action.

That's basically the whole job of this wonderful utility. Everything is very simple. A list of all applications running in Sandboxie can be viewed in the utility's working window.

IN additional features Sandboxie includes settings for user accounts, automatic shutdown of programs, detection of the mode of anyone running in Windows applications, as well as some other options.

The Sandboxie utility is lightweight and consumes minimal system resources and does not interfere with the work of other applications at all, minimizing into the system tray if necessary.

It is best to launch Sandboxie through the Start menu, since the desktop icon created during installation will not open the program itself, but Internet browser Explorer.
In addition, a short video on how to download and install sandboxie:

The so-called sandbox is a relatively new feature in shareware packages Avast antivirus! Pro and Avast! Internet Security. This is a special security model, thanks to which the user can visit websites and run various applications while being in safe environment. This function helps to avoid viruses if you accidentally switch to potentially . If it hits a malicious resource, the browser will be automatically placed in a sandbox, and therefore infection of the computer will be prevented.

IN free versions Avast antivirus! There is no sandbox.

New feature You can also start it yourself when you turn it on third party programs that seem suspicious or unreliable to you. Just run the program in the sandbox and you will find out whether it really poses a threat or whether your fears are unfounded. When checking the program, your system will be protected by Avast. The sandbox is often used when checking software downloaded from the Internet.

How to use the sandbox

In order to launch a dubious application or access the Internet through a sandbox, click on the request “run a virtualized process.” After that, go to the program you need on your computer. The browser or application will launch in a new special window, framed by a red frame, indicating that the program was successfully launched from the sandbox.

In the “advanced settings” tab, you can assign applications that do not need to be virtualized, as well as those that should always be launched from the sandbox.

Feature“sandboxes” – the ability to be embedded in the context menu. To enable this option, in the “Options” window, check the box next to “embed in right-click context menu.” The option can be made available both to all users and to users with administrator rights. With its help, you can run any application in the sandbox by just clicking on the shortcut right click mouse and selecting the “run from” command.

Please note that if you right-click on a sandboxed application, the context menu that opens will give you the option to run it once outside the sandbox or to remove the application from the sandbox.

Internet and Computer techologies completely captured modern world. Now almost every person has an electronic device with which he can find information at any time and in any place. necessary information on the Internet or chat with friends. But we should not forget that sometimes behind this lies hidden threat– viruses and malicious files created and launched in global network to infect user data. In addition to standard antiviruses, sandbox programs have been created to help prevent their access to the computer.

Purpose and principle of the program

Sandbox programs are designed to keep your computer safe while surfing the Internet or performing various programs. Speaking more in simple language, we can say that this program is a kind of limited virtual space, in which all user actions are carried out. A program that is launched while the sandbox is running only runs in that environment and, if malicious virus, then its access to system files blocked.

Advantages of the sandbox

Perhaps the first advantage of this application can be taken from the paragraph above - it limits access malicious files into the system. Even if viruses, for example, Trojans or worms, were picked up while surfing the Internet, but at that time the user was working with the sandbox turned on, the viruses will not penetrate anywhere else, and when the sandbox is cleaned, they will be completely removed from the computer without a trace . In addition, such programs help speed up your computer. Since most sandbox activities involve working in browsers, launching it each time ( Google Chrome,Opera, Mozilla Firefox), the user will see an absolutely clean and seemingly new installed browser, which does not usually have slowing garbage - “cache”.

Disadvantages of the sandbox

There are those too, and the most important thing is deleting personal data, be it bookmarks, pages saved while browsing the Internet, or even history. The program is not configured to recognize what exactly is harmful to the device, so when cleaned, absolutely all data is permanently deleted from it. The user needs to take this into account and, if necessary, synchronize the necessary bookmarks or use special applications, designed to save such data.

On currently there are many names similar programs, among the well-known ones we can highlight such as Sandboxie, Comodo Internet Security, etc. Everyone chooses the one that is more convenient and understandable for him. In any case, you should not forget about the disadvantages of these programs and use them carefully.

Avast is one of the antivirus programs. Installation and registration are as simple as possible. There are versions for PC and mobile devices. In this case, a license for the first year of use can be obtained absolutely free. Avast offers different additional options protection. The ability to add exceptions is also implemented here.

You will need

Computer, mobile device, Internet.

Instructions

Inside the file system screen, click the “Settings” button, then select the “Exceptions” tab. By clicking on "Browse" you will see the contents hard drive. Select exceptions by checking required folders or files double click and clicking on OK. Confirm your choice in the next window by clicking OK again.

How to run a sandbox on Windows 10. Computer sandbox Sandboxie - will protect your PC

How does Sandboxie work?

What else can Sandboxie do?

How to use the sandbox

Purpose and principle of the program

Advantages of the sandbox

Disadvantages of the sandbox

Popular articles

Latest articles

Sections

Pages

Special projects

Contacts