Sandbox Edit

Screenshots
Selection of Sandbox snapshots:
(Click to enlarge)

Like behavior blockers, Sandboxes have recently come into vogue. Even Google purchased GreenBorder for their sandbox and virtualization technology. Though policy based sandboxes are not a new idea, recent new offering have focused on using virtualization of files to allow more flexibility. Such Sandboxes are particularly useful for sandboxing browsers.

Popular Edit

1. Blink Neighborhood Watch - http://www.eeye.com/html/products/blink/neighborhoodwatch/index.html align=center Replaced with Blink Personal -free for one year (after which antiVirus functions stop)
2. Bufferzone Single application - http://www.trustware.com/freeware.php
3. CORE FORCE (betaware)- http://force.coresecurity.com/index.php?module=base&page=download
4. DriveSentry - http://www.drivesentry.com/index.htm
5. GeSWall Freeware- http://www.gentlesecurity.com/getstarted.html
6. Haute Secure (betaware)- http://www.hautesecure.com/howitworks.aspx (Includes elements of HIPS with sandboxing and behavior analysis).
7. SafeSpace Personal Edition (betaware) - http://www.artificialdynamics.com/content/products/register-personal.aspx (.NET required)
8. Sandboxie (nagware) - http://www.sandboxie.com/
9. Surfingguard (outdated) - http://www.freedownloadscenter.com/Utilities/Anti-Virus_Utilities/SurfinGuard.html
10. Virtual Sandbox - http://www.fortresgrand.com/products/free/vsb_free.htm Only version 1.0 is free.
11. See also Lists of freeware behavior blockers
12. See also Lists of freeware virtualization

Sandboxie is perhaps most popular and well known , followed by GesWall and Bufferzone. DriveSentry is a fairly new entry (and it differs quite a bit from the other entries in this section as it covers *only* file/directory restrictions), Virtual Sandbox is the older version of the commercial one and development for it has stopped.

Coreforce provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall , granular file system and registry access control and programs' integrity validation.

Note that Coreforce, and GesWall provide only policy restrictions, while Sandboxie and most of the rest provide virtualization of file/folder systems by shunting file changes made by sandboxed application to a temp folder.

Restriction of privileges Edit

1. Amust 1 Defender - http://www.amustsoft.com/1-defender/
2. Dropmyrights - http://cybercoyote.org/security/drop.shtml
3. Runsafe (liteware) - http://www.getdata.com/
4. SuDown - http://sudown.sourceforge.net/
5. StripMyRights Enhanced - http://www.freeweb town.com/thierry_anciaux/StripMyRights%20Enhanced.zip . Note : The original StripMyRights can be found at here. This version adds a couple of tweaks including modifications to the context menu and toolbars to the browser. I was unable to find much about this "enhanced" version, so use with caution.

In theory everyone should be using accounts with administrative privileges only when necessary. But some users might find this overly restrictive working in none-administrative accounts on Windows XP. Tools in this category allow you to run only programs that are more likely to be compromised with lower user rights, which makes infection harder and/or will mitigate any damage occurs. Most commonly it is used to run internet facing applications like browsers.

This function is already built in for Windows Vista. So they should not need this.

Information Sources Edit

• Destroying_Sandboxes
• Application Sandboxes - GRC's Steve Gibson Security Now! episode on Application Sandboxes.
• Seven shortcomings of virtual security - Don't be fooled into thinking virtual security technologies are a panacea for your malware woes