Pinterest Stumbleupon Whatsapp
Ads by Google

what is a sandboxTake a look at the applications you use most on your computer. More than likely, a good number of them offer highly-connective functionality, most notably your web browser. These highly-connective programs can do a lot, but they’re also an open invitation for bad hackers to strike.

To prevent strikes from becoming successful, a developer would have to spot and close every single hole in their code, which simply isn’t possible. Instead, developers have to take that fact and plan their code with that in mind. The most common and effective solution: a sandbox.

Sand In A Box?

what is a sandbox
No, it’s not the local park sandbox I’m preferring to, but software sandboxes. These sandboxes have one key purpose: to prevent the spread of an attack. As I mentioned above, smart developers know that code isn’t perfect, and that their product will eventually be hacked into or otherwise penetrated. In order to protect the user, they implement a sandbox which isolates parts of their program. In essence, everything that happens in a sandbox, stays in that sandbox.

Sandboxes In Action

what is a sandbox application
In order to explain sandboxes in action, I’ll use Google Chrome as the primary example. Chrome is one of the most prominently known products to implement sandboxing, which Google proudly touts as a unique security feature among browsers. Google took Chrome and essentially split it into three different categories: the main process which ties everything together, the tab process(es) which hold the pages and include the renderer, and the plugin process(es). All of these categories have different permission levels so that they’re able to run, but those permissions are the bare minimums so that all of them are pretty constricted. Additionally, the different processes can’t really talk to each other, but just co-exist. For example, although Flash content from the Flash plugin may be present on a page, the processes are still separate and don’t talk to each other. The renderer only leaves a space on the page for that process to be displayed. This inability to communicate is important because if a tab crashes or is hijacked, it can’t affect the other tabs nor the system itself.

Firefox Has It Too, Sort Of

what is a sandbox application
Firefox also has a sandboxing feature, although limited, separating it from third-party plugins like Flash. While the browser as well as all of its tabs are combined into a single process, there is a separate process for all plugins. In Firefox’s approach, it places more trust in its own code than Googles does with Chrome, and puts the blame for any browsing issues on plugins. Therefore, if the plugins crash in whatever way, the browser and the tabs aren’t affected.

Thinking Outside The Box

what is a sandbox
While it’s a good strategy to have sandboxing techniques implemented into a program’s code itself, there are plenty of other programs which don’t have any sandboxing whatsoever. Instead, you’ll want to run a virtual sandbox where you can run programs which can only wreak as much havoc as they can inside the sandbox, leaving your system in tact. While this is often meant for testing software, it’s also a good choice to run a web browser or really any other software in there if you’re rather paranoid (or insert your other favorite word here). A very popular choice for this is Sandboxie How To Isolate & Test Unsafe Applications On Your PC How To Isolate & Test Unsafe Applications On Your PC Read More , but there are other products, both free and paid, which can achieve the same.

Ads by Google

Conclusion

Sandboxing is currently one of the hottest topics when it comes to security, and it’s definitely doing the job pretty well. Of course, developers should always still concentrate on making their code as good as possible, but it definitely doesn’t help to have some plans of action for when a problem does occur. Be advised that sandboxes still aren’t perfect, as Chrome’s sandbox was defeated in Pwn2Own 2012 after some extremely difficult hacks, but they’re definitely a much better choice than none at all.

What’s your opinion of the sandboxing applications? What improvements would you like to see in sandboxing web browsers, or which applications do you think need sandboxing? Let us know in the comments!

Image Credits: Katie Gregory, Ernst Vikne

  1. Rich Mc.
    September 8, 2012 at 5:06 pm

    Great information I have been using this program for a while and love having it to test new programs..

  2. Wendy Smith
    September 7, 2012 at 2:52 am

    Thankyou for explaining this complex idea very simply.

  3. Naoman Saeed
    September 3, 2012 at 3:41 pm

    being a student of programming i should install sandboxie

  4. Rich Mc.
    August 30, 2012 at 6:39 pm

    I have always preffered sandboxie, it allows me to try out new programs and limits the chances of infecting my laptop...also it helps keep my wifes system cleaner because she will download anything if I am not around...

  5. Reý Aetar
    August 28, 2012 at 2:23 pm

    did not get that for linux where things easily gets screwed up..

  6. Mitesh Budhabhatti
    August 28, 2012 at 7:24 am

    Any Sandboxie alternative for linux??

    • Danny Stieben
      August 30, 2012 at 10:15 pm

      Apparently SELinux has a sandboxing feature as well. Worth checking out!

  7. Garry DeJou
    August 26, 2012 at 5:44 pm

    If you're NOT using Sandboxie you are missing the boat. NOTHING has ever gotten into my system that I didn't explictly allow to. Virus, bad program code, unintened software and tool bars. It isolates a program, driver installs, email attachments, evrything, and is the best defense against malicious software or poorly written programs bar none. I can open any email or visit any web-site without fear of anything making a change to the system, period. I've been "attacked" and have installed incompatible software that crashes everything, but Sandboxie simply deletes the code when you close it. Works great. Everyone needs to be using this software. You'll wonder why you even check your system with an anti-virus program after using this for a while. (although I still do as another precaution). You can eliminate real-time virus protection and speed up your system in my opinion too, This is THE # 1 program I WILL NOT RUN WITHOUT. Other than regualr back-ups, this is the most important thing you can do to keep you up and running, (but it's unlikely you'll ever do a restore because something "invaded" or otherwise corrupted things if you run programs Sandboxed. Lots of things can cause a crash, but NOT a program running inside Sandboxie. GET IT !

  8. Mike Dunn
    August 26, 2012 at 12:39 pm

    I've used Sandboxie for years,and always use it while surfing.Never had any malware issues.

  9. Mayank Agarwal
    August 26, 2012 at 6:31 am

    I have never heard of any other softwarefor sandboxing programs other than Sandboxie.

    If there are really other programs then plz name some below my comment... :D

    • Danny Stieben
      August 30, 2012 at 10:07 pm

      I don't really know either, but it seems to work well and it's free!

  10. Frederick Doe
    August 26, 2012 at 1:03 am

    Correct me if I'm wrong, but isn't Apple implementing built-in sandboxing in Mountain Lion?

  11. Tdrinker
    August 25, 2012 at 10:28 pm

    Danny, Nice article but......What are the other sandbox programs that do work? Why didn't you tell us? You know Beginning , middle and end? The pictures of the kids were larger than the amount of text in this article. I thought you got paid by the words?

    • Danny Stieben
      August 30, 2012 at 10:05 pm

      Hi Tdrinker,

      This article is more about why you should use them, and not which ones you should use. Researching is your best bet, because there aren't many free ones that are good!

  12. André Kamara
    August 25, 2012 at 8:37 pm

    Thanks for this great article!

    I have a question though: I remember when I started coding a few years ago, I made a program, but forgot to remove a fork() in a loop. So this program would create duplicate processes until the system crashes. What would hapen if I use such kind of program in a sandbox?

    • Danny Stieben
      August 30, 2012 at 10:03 pm

      If the sandbox can limit how much RAM a program can use, then it'll just reach that limit. Otherwise, I'm not sure!

  13. GrrGrrr
    August 25, 2012 at 8:20 pm

    get urself a better job first.lol

    @Mike- i agree, how it went past the spam blocker.

  14. Mike
    August 25, 2012 at 8:16 pm

    I run my obvious web apps - (Browser and eMail app) with reduced privileges using "DropMyRights.exe" ... Anyone know if that is as effective (as safe) as running in a Sandbox. With DropMyRights, the application thinks it's a "standard user" not an administrator - hence it can't do as much damage.

    • Danny Stieben
      August 30, 2012 at 10:02 pm

      I don't think I've heard of DropMyRights...interesting!

      • Mike
        August 31, 2012 at 6:53 pm

        You can Google search "dropmyrights" ... there's lots of information. Easy to set up. Trouble free. But, looks like it's really only applicable for Win XP ... as Vista and 7 have UAC (User Account Control) which identifies questionable software installs - but then, you get pretty used to clicking on thru - while DropMyRights is more positive - less hassle.

  15. Mike
    August 25, 2012 at 8:11 pm

    How does Steve get his trashy SPAM comments to appear and the last time I had an honest comment on a subject - it never appeared ... Go figure

    • Joel Lee
      August 25, 2012 at 9:31 pm

      Did your honest comment contain a link of some sort? As far as I know, our comment system auto-moderates comments that have hyperlinks in them. If not, the comment goes through and must be moderated after the fact. If you had an honest comment with a link, it probably showed up a few hours later when our moderators got to it for approval. Sorry about that Mike! (I have nothing to do with comment moderation, just thought you'd want to know.)

      • Mike
        August 27, 2012 at 6:55 pm

        Thanks for describing the procedure. If my comments aren't shown immediately in the future - I'll check back later.

  16. GrrGrrr
    August 25, 2012 at 8:09 pm

    Thanks Danny.
    I would like to mention that sandbox not only helps defend a loose source code, but also gives the users an opportunity to try/test new programs. All this without putting our system as risk.

    I have been using sandboxie free and it is MUST for me.

    Grr

    • Danny Stieben
      August 30, 2012 at 10:00 pm

      Good to hear! :)

  17. WIN_dicator
    August 25, 2012 at 7:20 pm

    Sandboxie is a great tool, but also some antiviruses do run suspicious processes in the sandbox first, avast for example almost always does this for exe files found on USB drives.

  18. April Eum
    August 25, 2012 at 7:00 pm

    is it much use to apple users? i mean their mac line is known for not even tolerating one single bit of virus and has great security built into it.

    • susendeep dutta
      August 26, 2012 at 4:37 am

      Even if a program doesn't have no viruses,if it's badly codes,it can create problems in your system.For testing some software without disturbing your system,sandboxing is good way to do so.

    • Frederick Doe
      August 26, 2012 at 7:55 pm

      Apple implemented sandboxing in OS X 10.7 Lion. If you want more security, run an app in an OS in VirtualBox (open source), but keep in mind that this will be slower than running the app natively.

    • Danny Stieben
      August 30, 2012 at 9:59 pm

      Like the other two responses said, it helps against possible bad code. Other than that, Macs can still get viruses, although far, far, far less likely than Windows.

Leave a Reply

Your email address will not be published. Required fields are marked *