Sandboxie Configuration Recommendations

Discussion in 'sandboxing & virtualization' started by TheKid7, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. ssj100

    ssj100 Guest

    Just allow utorrent.exe to have start/run and internet access.
     
  2. ssj100

    ssj100 Guest

    Some say there's no danger at all. I personally don't do it though, and simply don't empty my sandbox after each exit (for my default browser). All my add-ons, cookies, browser history etc. are thus preserved in the sandbox.

    If you're concerned about not emptying your sandbox after each browsing session, don't be. It's basically impossible for malware to attack you anyway, since only eg. firefox.exe is the only program that can start/run or access the internet. Even if malware was attacking you, it wouldn't be able to do anything, since it's in the sandbox. The only malware you might have to worry about is an anti-keylogger. However, any executable keylogger would fail in a sandbox with start/run/internet restrictions. And also, if you've read my configuration of Sandboxie, you'd see that I use a freshly installed IE 8 every time I go banking or do other sensitive browsing.

    Anyway, it will take you a while to understand how Sandboxie will protect you and how to set it up to suit your needs and achieve (close to) 100% protection. I find that a lot of people on Wilders seem to dismiss Sandboxie, and I think more than half the time, it's due to a lack of understanding of how it works, or how it can protect you.
     
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i understand the basics of sandboxie since ive been using it for a while just not often but now since im relieing on it full time im trying to get a complete understanding and i prefer to have it empty everytime personally

    but since ther seems to be no real threat by allowing direct access to Profile folder and cookies ill just keep those on unless someone with more insight (Franklin perhaps) comments about it actually being a risk.
     
  4. ssj100

    ssj100 Guest

    Sounds good mate, and whatever gives you the most peace of mind.

    For me, knowing that nothing is being written on to my real system is good peace of mind. I had a big debate about this issue with demoneye, and then posted the issue on the Sandboxie forums.

    Ultimately, no one really knows whether allowing direct access to Firefox's Profile folder and cookies will increase the risk of getting infected by malware, as I don't think there is any malware out there that has been shown to take advantage of this. Also, if you're "silly" or "naiive" enough to install a rogue firefox add-on etc, then that is user error, and nothing will save you from that.

    However, knowing that nothing is being saved on to my real system basically guarantees that malware will never infect me in during a browsing session.

    Note that this is only for my default browser. For internet banking and other sensitive browsing, I always use a "freshly installed" IE 8 each time (since IE 8's sandbox is set to automatically delete).
     
  5. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    SSJ100:
    please forgive off-topic

    When you say a freshly installed IE8,you use for online banking,do mean
    you reserve IE8 for this use only,or do you actually mean you uninstall IE8 and reinstall each time?
    I really don't use online banking,and the fact my bank site will only work with IE is one of the reasons.
    Are their security reasons for using IE other than the fact you have its sandbox set to delete on closing?
     
  6. ssj100

    ssj100 Guest

    Well, I can use IE 8 for whatever I like still.

    But if I wanted to do online banking etc, I'd make sure IE 8's sandbox is deleted to start with, and then only start IE 8. This would ensure that I effectively use a "freshly installed" IE 8 each time I use it (for banking). Having it set to automatically delete on closing just makes it more convenient for me to ensure I always start out with a clean IE 8.

    EDIT: see steps 9 and 10 here:
    https://www.wilderssecurity.com/showpost.php?p=1530202&postcount=88
    With this method, I'd always be effectively using a "freshly installed" IE 8.
     
  7. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    SSJ100:
    Understood.thanks.
     
  8. ssj100

    ssj100 Guest

    Here's an updated version of how I configure my Sandboxie. Basically the only change I've made is that I no longer use "Drop Rights", since I now use LUA.

    Here's how I configure my Sandboxie:
    1. Create as many separate sandboxes as is required for your internet facing applications. Try to have one separate sandbox per internet facing application.
    2. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. You may also need to allow other programs depending on whether the application interacts with other processes.
    3. In each sandbox, enable Drop my rights.
    4. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
    5. In each sandbox, configure Read-Only access to C:\WINDOWS
    6. In each sandbox, force the relevant application to always run in its sandbox
    7. Do not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)
    8. You will need at least 2 browsers. One browser will be used for everyday browsing and other non-critical/sensitive activity.
    9. The other browser will be used for online banking and other critical/sensitive activity.
    10. For the browser in step 9, configure its sandbox to automatically delete whenever the browser closes.
    11. Depending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.
    12. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
    13. Create separate sandboxes for each USB/external drive hardware you have connected (or would connect) to your computer. Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
    14. Create separate sandbox(es) for your CD/DVD drive(s). Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
    15. Create a separate sandbox for your Virutal Machine program, and force run it in this sandbox. Other configurations/restrictions may be applied here (see above).
     
  9. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    ssj100, do you know how to permanently remove those files that keep getting auto generated in the Sandboxie folders? The same with that hideous icon now on the Sandbox?

    I couldn't work out how to do it, so i've ditched Sandboxie for now. But apparently it's some new feature.
     
  10. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    Hi 1Boss!:

    I know I am not SJ,and cant really reply to your first queston.
    But,as a way not to see the "Swiss Cheese" or "Beach Bucket" or what ever the hell the Sandboxie icon is,may I recommend Sandboxie Shortcut maker?

    http://www.sandboxie.com/phpbb/viewtopic.php?t=1983

    It lets use you make sandboxed shortcuts to browser,or whatever internet facers you sand box,looks nice,and is almost as easy as forcing the programs to run sandboxed.
    It allows you to keep the program native icons,but set to run sandboxed.

    I thank it is neat.
    you can name the shortcut Firefox sandboxed etc,and keep the native icon look.
    The "cheese" will remain in your system tray however,as Tzuk has stated it is a "branding" issue with him..
     
  11. ssj100

    ssj100 Guest

    Why would you want to remove those files? They are required to be generated by Sandboxie to create the "virtual" environment.
     
  12. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Excellent thanks i'll take a look, i'm not entirely sure what it does from the description but if it can permanently change the new icon on the sandbox folder so it doesn't clash with my whole PC's theme.. It will be perfect. :)

    If the whole sandboxie principal hinged on them, wouldn't they of been there all along? I read they were simply some form of notification, but if i delete them they regenerate.

    Why do i want to remove them? They get in the road, i read a number of others complaining about them also but no solution how to remove them for good.
     
  13. ssj100

    ssj100 Guest

    I still don't understand why you want to remove them. And they've been there for as long as I've used Sandboxie, since version 3.34 or so. Anyway, post on the Sandboxie forums - you'll get better information there I think.

    EDIT: the only change is that Tzuk implemented the icon change - they used to be just simple folder icons. I think he made the change to let people know not to store important files there, as Sandboxie could delete them at any time (eg. if you've configured auto-delete).
     
    Last edited by a moderator: Sep 21, 2009
  14. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    If you had a folder where you have files, and i came along and threw random stuff in there all the time leaving you to sort out what's what you would tell me to stop wouldn't you?

    They are not needed, they get in the road and i want them to disappear so i can use those folders like i've always done.

    Yes it's only been introduced in this version. It's not just an icon it's a bunch of files also (names escape me right now). I did read the forum, there was no solution to removing them i though you may have known a way with your knowledge of Sandboxie.
     
  15. ssj100

    ssj100 Guest

    The only new files that I'm noticing are created are files called "DONT-USE.TXT". In it, Tzuk has written the message: "This folder is a work area created by the program Sandboxie. This folder might be deleted at any time. Use at your own risk."

    I still don't understand what other files you're talking about (unless you're talking about the files that have always been automatically created), and what random stuff you're talking about. As I already said, the other files and folders have always been automatically created since I've started using Sandboxie (since version 3.34 or so).

    Also, what do you mean by "leaving you to sort out what's what"? What's there to sort out?

    And I still don't understand why you don't want these files to be created - I find them very useful to explore and navigate through (you can also do it via the GUI, but sometimes I prefer doing it through windows explorer).

    I have reasonable knowledge of setting up Sandboxie (and a good understanding of how it protects me), but I don't know much about preventing how Sandboxie normally functions.
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    C:\WINDOWS already is Read Only access by default. no need to put this setting in.
     
  17. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Yes that's one of them there's a few more also, i believe another just renders the folder icon.

    Ok i'll try and explain without having to reinstall it and taking a screenshot.

    /DefaultBox/
    /SecureNox/
    /A-file.exe
    /DONT-USE.txt
    /Z-file.exe

    If i want to highlight the 2 exe's, and drag & drop them in say securebox the middle file is in the road. I have to do them one at a time, or all 3 and remember to remove the unrelated files from the boxes before doing a .txt log of the contents.

    Correct me if i'm wrong, but the files don't provide any functionality what so ever and they are not needed. I was hoping they could be stopped from appearing again every time i start the program. As you seem to be one of the more knowledgeable people with Sandboxie, i was hoping you may know how.
     
  18. ssj100

    ssj100 Guest

    No it's not. Try opening C:\Windows in a default sandbox and try deleting its contents - you'll be able to do so. If you configure Read-Only access to C:\Windows, then this will be denied. This is true even in LUA.
     
  19. ssj100

    ssj100 Guest

    Sorry, but I still don't quite understand fully. Is anyone else reading this understanding? If so, please help us out. I don't quite understand why A-file.exe and Z-file.exe would be there in the first place?

    By the way, try posting on the official Sandboxie support forums (if you haven't already). Tzuk is likely to reply to your questions.
     
  20. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Not sure what's so hard to understand, nowhere else on my system can i save 50 files and simply drag & drop them in to the required Sandbox. Sure, i could put them in My Documents or on the Desktop but why go through all the navigating backwards and forwards through directories BS?

    I'm reading the forum now, members such as Buster, soccerfan and a bunch of others didn't like it either so i'm not the only one.

    Anyhow doesn't matter.
     
  21. ssj100

    ssj100 Guest

    I think I don't quite fully understand because I don't see any reason to drag and drop files into the required sandbox. Are you using certain sandboxes as a type of "secure storage" device? If so, I don't think Sandboxie was made for that purpose.

    Hence the warnings by Tzuk:
    "This folder is a private work area created by the program Sandboxie. This folder can be deleted at any time. Do not use!"

    EDIT: Tzuk also writes:
    "There have been a few cases of people mistakenly assuming the sandbox folder is a safe place to put important files, and I want to discourage this behavior."
     
    Last edited by a moderator: Sep 22, 2009
  22. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    No. But as an aside, the files in the folder i mentioned don't get deleted when you delete a Sandbox or shutdown/restart Sandboxie.

    As i mentioned it doesn't matter i'm sure if you knew how to change this you would of said, so no amount of explaining why will change that.

    I'll check back on 3.4 or which ever the next version is.
     
  23. ssj100

    ssj100 Guest

    Sorry I was unable to help. I was just trying to understand what you were trying to do (I think a lot of people don't really understand what Sandboxie should be used for and also don't understand how exactly Sandboxie protects you etc). I was trying to figure out what exactly you were trying to achieve by moving files into the Sandboxie folders.

    Unfortunately, you've left me more confused than ever. I still don't understand why you are wanting to move files into the Sandboxie folders when Tzuk has recommended against doing that (and for good reason too). It doesn't sound like you're using Sandboxie correctly. But that may be due to my poor lack of understanding of what you're trying to achieve.

    Anyway, I hope you eventually find what you're looking for! For me, Sandboxie has been great from day 1.
     
  24. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    You do know each sandbox has to be individually configured ... to delete or not to delete at close. ?

    And if you find the default deletion method of Sandboxie isn't doing the job - which I have found happens quite a lot ... use one of the recommended secure deletion option's here

    In my experience ... Sandboxie doesn't always delete objects inside the sandbox, this might just be my computer, I guess. But using Heidi eraser is the solution - it works no matter what the deleting workload is queued up at the time.

    Other than that ... I am with SSJ ... I haven't got a clue what you're on about lol. I don't get why you drag and drop files into Sandboxie sandboxes. You can right click a folder and open with Sandboxie, and the particular configured sandbox you wish to use.
     
  25. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    No i understand exactly how to use it, however i do a little more than most people who really just use the interface, and launch Explorer to browse the web.

    Thanks for the delete options, yes i use a secure third party delete tool and yes i'm aware each box needs it's own config.

    Ok this can't be done obviously unless i fire up Olly and reverse the program, but since people want to know so badly and don't understand i dug out an old screenshot here.

    I work with a number of tools in Sandboxie this one BC, note the directory paths in the screenshot? Left side not sandboxed and right side is, see all those cool buttons and arrows for navigating?

    Answer me this, if you live in a 100 story building is it easier to go up 1 floor to get a bottle of milk than navigating up 50 to do the same thing? Of course it is that's why things are located where they are, because it makes navigating and switching different file versions in and out of the box incredibly simple (drag & drop).

    As for why i want to disable this, if your comparing 2 sets of files and Sandboxie throws a few files in to one set would it mess up the dataset? Yes it would. That's just one tool, one example without going in to all the others.

    They have absolutely nothing to do with the functioning of the program and they only just started appearing, so i wanted to switch them off permanently. I actually thought it was a pretty simple question, without the need for an extended dialogue about what i do, how i do it and the applications i use.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.