When testing a new, unknown program, there is one sure way to keep your computer from harm: use a sandbox environment.
If the program is unstable, malicious, part of an adware bundle, or even a virus, the sandbox environment is isolated from the rest of your system. That means no interference, no virus, no malware, and so on. And all you have to do is delete the offending article from your system.
Sounds great, right? Well, there are a few different sandbox programs available to Windows users. Here are seven of the best in no particular order.
Sandboxie remains one of the most popular sandbox programs for Windows. One of the best things about Sandboxie is the price point; it’s free! Furthermore, it is lightweight and comes with a host of advanced features.
The main Sandboxie feature is to run an existing program within the sandbox environment. For instance, you can add Google Chrome to Sandboxie, then select Sandbox > Default Box > Run Sandboxed > Run Google Chrome. Slightly slower than clicking the link on your Taskbar, but ultimately providing an ultra-secure environment on demand.
Another great feature is sandbox linking. For instance, if I open Google Chrome in Sandboxie, download and install Slack, the Slack iteration is also within the secure sandbox environment.
Like Sandboxie, SHADE is a great free sandbox program popular with a variety of user types. Compared to Sandboxie, SHADE has a very minimalistic user interface, making it much easier for new users to navigate. Furthermore, menu options are limited to what is necessary, and the entire sandbox is easy to control using few options on display.
SHADE uses a drop and drag system. Find the program icon you want to sandbox, then drag and drop it into the SHADE application box. The program will automatically start in the SHADE sandbox next time you open it (presuming SHADE is also active). In this, SHADE really is a great choice for sandbox novices, adding an extra layer of security without having to worry about turning things on and off.
Turbo.net packages applications into an individual virtual environment, known as a container, and runs on top of your operating system. In this, Turbo.net is akin to a lightweight virtual machine.
In fact, the application sandboxes are built on top of the Turbo Virtual Machine Engine, a custom virtual machine developed by Turbo. Turbo virtualizes and isolates the entire process so the sandboxed applications never directly interact with the host system.
However, unlike a “full” virtual machine running a whole operating system, Turbo uses only a fraction of the resources. Furthermore, Turbo offers some virtual networking functionality allowing you to link individual containers.
Toolwiz Time Freeze works differently to Sandboxie and SHADE. Instead of opening and individually sandboxing applications, Toolwiz Time Freeze takes a snapshot of your entire operating system, saving its current state.
After the snapshot, you’re free to install an application, make changes, or just play around with Windows. When you restart your system, “every change in the system partition” is discarded, returning your system to its original state.
Toolwiz, then, is great if you want to install something without the limitations of a virtual environment, or the precise sandboxing of some of the other options on the list.
As well as adults testing applications and different settings, Toolwiz is a great tool for letting your kids go wild on your PC. You can let them click and explore, delete, modify, and generally find their way around without consequence. Just make sure Toolwiz is turned on before letting them go!
BitBox, or Browser in the Box, is a great free tool that allows you to browse the web using a secure sandbox environment. BitBox is essentially a web browser installed on a copy of VirtualBox, running a reduced (Linux) operating system.
You have a choice of BitBox Firefox or BitBox Chrome, and the installer package takes care of anything technical. (What is the most secure browser, anyway?)
BitBox is great if you don’t want to mess around with installing an operating system in a virtual environment of your choice. As it is one package with a minimal interface, BitBox certainly increases overall security. But because it is running a virtual environment and a browser, BitBox can at times be a bit of a resource hog. The following video shows how to install BitBox and what to expect along the way (the video is a little quiet, however).
BufferZone is an advanced sandbox solution that allows the creation of virtual spaces. You can limit a BufferZone virtual space to certain activities and programs (e.g. a space that accesses emails, open attachments, and their corresponding web pages.)
But despite being one of the more advanced sandbox options on this list, BufferZone is still easy to set up and use (even if the UI is a little dated).
Shadow Defender works like Toolwiz. Once installed, you turn Shadow Defender on, and it takes a virtual snapshot of your entire system. When you’re done tinkering with the system, you simply reboot, and your system restores to its snapshot image.
Shadow Defender, however, has many more options than Toolwiz, such as full-disk virtualization and Master Boot Record protections. Want an example of just how good Shadow Defender is? The following video shows a system returning to normal after the notorious Petya ransomware forces a reboot.
8. Virtual Machines
The final option is the manual route: your own virtual machine, isolated from the rest of your machine. Installing a virtual machine application like Oracle’s VirtualBox or VMWare Workstation is an easy process.
Then you have almost free reign over what operating system to run; we’ve covered downloading and installing Windows XP, creating a macOS virtual machine, various Linux distributions, and even Raspberry Pi.
Of course, if you’re looking to test a specific program, you’ll need to install the correct host operating system. But if you want to play around and tinker with the inner workings of an operating system, a virtual machine is a great option. Also bear in mind that some malware variants can escape the confines of a virtual machine, so double check before unleashing something nasty onto your host device.
Start Using Sandboxes for Security
You now have eight awesome sandbox options to cover almost any eventuality. But did you know that you use sandboxes already?
The same sandbox technology in this list also protects your iPhone, your Android device, and your web browser. The long-rumored Windows 10 S Mode uses a sandbox of sorts to stop x86 and x64 apps running, limiting the operating system to Windows Store apps only.