I'm looking for a software that can assure that media files(videos,music,pictures) or executable files inside specific folders I make can: 1.not interact with the rest of the system/OS. 2.can not access the internet or network. 3.can not execute themselves in the background without my knowledge. Please let me know what software choices exist that fulfill the above requirements. Thank you!
I'm not sure what you are trying to achieve? A tool like EXE Radar will only allow whitelisted software to run and a firewall like TinyWall will block network access, but I don't see what this has to do with sandboxing.
windows (not home) has the feature for whitelisted executables. anything else sounds like kiosk mode, restricted access to whatever.
what OS are you using? I'm also not entirely sure what you're trying to achieve, but if my hunch is correct, you don't need sandboxing for it. If you have Pro windows, you could create folders with tight restrictions for the user account they exist in. for example I created one in my user account called "Test" and applied only Read & Write permissions to it. Any file dropped into it will inherit these restrictions. This is just one way I can think of off the top of my head, though there are no doubt other ways too accomplish what you want.
And with Read & Write enabled is it truly enough for all folders in my PC to act like I outlined in my 3 requirements? Can those settings even protect against ransomware?
nothing like this can help you vs ransomware. if ransomware can access your system you already were lost long before. create a decent security layer instead, the web is full of examples.
If your data is important you should have atleast 2 offline backups (like on different external HDD). Every AV can fail that's what backups are for.
Okay so you are looking for protection against Ransomware. Then as others have mentioned, you need something else. There are anti-executable solutions and OS hardening measures available, and of course backups offline as mentioned above.
A backup/imaging software is recommended at anytime, independent of the rest. yes, see my answer here https://www.wilderssecurity.com/thr...ne-security-software-what-would-it-be.438801/ hardening windows is possible for the price of convenience
If what you want is top notch protection against ransomware, Sandboxie protects you. If you get hit by ransomware and you are using a sandboxed browser or if you open infected files under the supervision of Sandboxie, you files and registry, you system is protected. Ransomware can not touch your file system. Malware can read your system but can not touch it, it can not modify it. Something that was not mentioned in your other thread is that Sandboxie has settings that you can enable to protect your personal files from being read or accessed by sandboxed programs. This are good settings to protect your personal and sensitive files from being read or stolen by sandboxed programs. Bo
Ok so what are the concrete anti-executable solutions and OS hardening instructions? The web is filled with all kind of superficial guides. What are actually exhaustive step by step guides I can follow from people with both good enough qualifications and actual accomplishments in the field of security? Can you tell me please what I need to enable to achieve that?
See the picture below. You can use The Blocked, Read or Write access settings. This settings were designed to protect your personal and sensitive files from being read or stolen. Some people use them to hide or block the access to system files or files in AppData but in my opinion, that's the wrong way of using them. In the picture you can see that I am blocking access to only one text file and two folders. By doing that, I am protecting all my sensitive files. I am able to do this because I don't have sensitive files all over the place. So, it helps to keep files together. If I didn't do it this way, I would have to block a much larger number of files and folders. Keep in mind that if you block access to personal files, then if you try to upload them while sandboxed, you wont be able to. So, is good to do the protection in all of your sandboxes except one. And use this one when you need to upload files to a mail, etc. Or, you can also make copies of files you want to upload and place the copy in the desktop, and upload them from there. Bo
start here https://www.wilderssecurity.com/threads/syshardener-harden-windows-settings.401092/ https://www.wilderssecurity.com/threads/simple-windows-hardening-light-version-of-h_c.430422/
