Like behavior blockers, Sandboxes have recently come into vogue. Even Google purchased GreenBorder for their sandbox and virtualization technology. Though policy based sandboxes are not a new idea, recent new offering have focused on using virtualization of files to allow more flexibility. Such Sandboxes are particularly useful for sandboxing browsers.
Blink Neighborhood Watch - http://www.eeye.com/html/products/blink/neighborhoodwatch/index.html align=centerReplaced with Blink Personal -free for one year (after which antiVirus functions stop)
- Bufferzone Single application - http://www.trustware.com/freeware.php
- CORE FORCE (betaware)- http://force.coresecurity.com/index.php?module=base&page=download
- DriveSentry - http://www.drivesentry.com/index.htm
- GeSWall Freeware- http://www.gentlesecurity.com/getstarted.html
- Haute Secure (betaware)- http://www.hautesecure.com/howitworks.aspx (Includes elements of HIPS with sandboxing and behavior analysis).
- SafeSpace Personal Edition (betaware) - http://www.artificialdynamics.com/content/products/register-personal.aspx (.NET required)
- Sandboxie (nagware) - http://www.sandboxie.com/
Surfingguard (outdated) - http://www.freedownloadscenter.com/Utilities/Anti-Virus_Utilities/SurfinGuard.html
- Virtual Sandbox - http://www.fortresgrand.com/products/free/vsb_free.htm Only version 1.0 is free.
- See also Lists of freeware behavior blockers
- See also Lists of freeware virtualization
Sandboxie is perhaps most popular and well known , followed by GesWall and Bufferzone. DriveSentry is a fairly new entry (and it differs quite a bit from the other entries in this section as it covers *only* file/directory restrictions), Virtual Sandbox is the older version of the commercial one and development for it has stopped.
Coreforce provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall , granular file system and registry access control and programs' integrity validation.
Note that Coreforce, and GesWall provide only policy restrictions, while Sandboxie and most of the rest provide virtualization of file/folder systems by shunting file changes made by sandboxed application to a temp folder.
Restriction of privileges Edit
- Amust 1 Defender - http://www.amustsoft.com/1-defender/
- Dropmyrights - http://cybercoyote.org/security/drop.shtml
Runsafe (liteware) - http://www.getdata.com/
- SuDown - http://sudown.sourceforge.net/
- StripMyRights Enhanced - http://www.freeweb town.com/thierry_anciaux/StripMyRights%20Enhanced.zip . Note : The original StripMyRights can be found at here. This version adds a couple of tweaks including modifications to the context menu and toolbars to the browser. I was unable to find much about this "enhanced" version, so use with caution.
In theory everyone should be using accounts with administrative privileges only when necessary. But some users might find this overly restrictive working in none-administrative accounts on Windows XP. Tools in this category allow you to run only programs that are more likely to be compromised with lower user rights, which makes infection harder and/or will mitigate any damage occurs. Most commonly it is used to run internet facing applications like browsers.
This function is already built in for Windows Vista. So they should not need this.
Information Sources Edit
- Application Sandboxes - GRC's Steve Gibson Security Now! episode on Application Sandboxes.
- Seven shortcomings of virtual security - Don't be fooled into thinking virtual security technologies are a panacea for your malware woes
Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools
Related : Lists of online scanners