Tools for running applications in a virtual environment.

If you are familiar with the functionality and features installed on your computer, then you probably know why you need such a wonderful tool as Sandbox. As a rule, this module is included in the most well-known antivirus programs, for example Avast. Sandbox, or as they also say sandbox, is a software module that allows you to run any application in a strictly isolated environment. The main task of Sandbox is to ensure maximum computer security when running potentially dangerous applications or visiting infected websites.

It must be said that this method is not without its drawbacks - for example, when the Avast sandbox module is running, some applications running in safe mode may not work correctly, and in some cases even cause the antivirus program to freeze.

In addition, this is not very convenient, especially when you need to quickly switch from one mode to another. For those who are not satisfied with this situation, we can recommend a simpler and faster solution - the utility Sandboxie- sandbox program.

This small, convenient program with a Russian-language interface allows you to create virtual areas in which you can run almost any application.

In this case, the results of all programs launched in Sandboxie will be saved in separate, specially designed folders, without affecting the operation of the operating system as a whole, thus protecting it from possible damage by viruses or configuration changes.

Sandboxie can also be used as a means of anonymously surfing the Internet in the sense that after closing the browser, there will be no traces of visiting sites left on the user’s computer.

Working in Sandboxie is quite simple. During installation, the utility may prompt you to configure compatibility with certain programs.

All other settings, except for the ability to integrate Sandboxie into the Explorer context menu, can be left unchanged.

By the way, in addition to global settings, it is also possible to change the parameters of the sandbox itself. Just like the general ones, it is recommended to leave these settings as default.

The sandbox program Sandboxie supports the creation of several separate sandboxes, and in each of them you can run several applications.

Programs running in the same sandbox can easily exchange data, but applications from different virtual areas will be isolated from each other, as well as from the operating system as a whole. By default, the utility uses one sandbox called " DefaultBox«.

For example, let's open some application in Sandboxie, let's say an ordinary Notepad. A text editor might not be the best example to demonstrate, but that doesn't really matter at this point.

Go to the menu " Sandbox» → « DefaultBox» → « Run in sandbox» → « ...any program" After this, a small rectangular window will open in which you can enter the name of the program, in our case it is notepad.exe, or browse by specifying the path to the application to open from the desktop. You can also launch it through the Start menu.

Interestingly, Sandboxie allows you to run even applications with different profiles that would normally not allow you to create copies in memory.

Please note that programs running in the sandbox have slightly modified working window headers, and when you hover your mouse over the top of the window, the entire border area will be highlighted in yellow. There is nothing scary about this, don’t be alarmed, this is how it should be.

So, let's copy and paste some piece of text into Notepad and try to save the file. Initially, Sandboxie will prompt you to save the document to the program's directory, but let's ignore this suggestion and save it to hard drive D.

However, if you then want to view this file and go to drive D, it will not be there. More precisely, it will be hidden, and to restore it you should open it in the menu “ View" chapter " Files and folders", find the required file in the drop-down list and select the required action in the context menu.

That's basically the whole job of this wonderful utility. Everything is very simple. A list of all applications running in Sandboxie can be viewed in the utility's working window.

Additional features of Sandboxie include setting up user accounts, automatically shutting down programs, determining the mode of any application running on Windows, as well as some other options.

The Sandboxie utility is lightweight, consumes a minimum of system resources and does not interfere with the operation of other applications at all, collapsing into the system tray if necessary.

It is best to launch Sandboxie through the Start menu, since the desktop icon created during installation will not open the program itself, but the Internet Explorer browser.
In addition, a short video on how to download and install sandboxie:

Sandboxie is a program that allows you to run applications in a protected virtual environment (sandbox) and exercise full control over their operation.

How does Sandboxie work?

The sandbox creates a special protected shell. Any program launched through Sandboxie will not have access to system files, the Windows registry, and will not be able to affect its performance in any way, because runs in an isolated environment.

Running applications in a sandbox allows you to protect the system from viruses and various malicious objects, completely isolating Windows from any unwanted influence.

In addition, Sandboxie makes web surfing safer. By running any browser (, etc.) in a sandbox, you don’t have to worry about viruses and other malware from the Internet entering your computer.

Sandboxie also protects against unwanted updates and can monitor email, identifying viruses, Trojans, spyware and other malicious objects.

Limitations of the free version

Please note: Sandboxie is a shareware program. You can work with it for free only under the condition of home, non-commercial use.

Only one sandbox can be running at a time;
After 30 days from the moment of installation, a proposal to upgrade to the paid version will be displayed (upgrading is not necessary, the program will remain fully functional at all times, with the exception of point 1.).

The paid version does not have the above restrictions.

Download Sandboxie

The latest version of the Sandboxie sandbox for Windows 32 and 64-bit in Russian is available for download on our website.

Download Sandboxie for free, without registration.

Sandboxie is a program that allows you to run applications in a protected virtual environment (sandbox).

Version: Sandboxie 5.28

Size: 5.93 MB

Operating system: Windows 10, 8.1, 8, 7, XP

Russian language

Program status: Shareware

Developer: Ronen Tzur

Official site:

What's new in version: List of changes

In the process of publishing the last part of the series of articles “Lies, Big Lies and Antiviruses,” it became clear that the Habra audience is catastrophically uneducated in the field of antivirus sandboxes, what they are and how they work. What’s funny about this situation is that there are almost no reliable sources of information on this issue on the Internet. Just a bunch of marketoid husk and texts from I don’t understand who in the style of “one grandma said, listen here.” I'll have to fill in the gaps.

Definitions.

So, sandbox. The term itself does not come from a children's sandbox, as some might think, but from the one used by firefighters. This is a sand tank where you can safely work with flammable objects or throw something already burning into it without fear of setting something else on fire. Reflecting the analogy of this technical structure to the software component, we can define a software sandbox as “an isolated execution environment with controlled rights.” This is exactly how, for example, the sandbox of a Java machine works. And any other sandbox too, regardless of its purpose.

Moving on to anti-virus sandboxes, the essence of which is to protect the main working system from potentially dangerous content, we can distinguish three basic models for isolating the sandbox space from the rest of the system.

1. Isolation based on full virtualization. Using any virtual machine as a protective layer over the guest operating system, where a browser and other potentially dangerous programs through which the user can become infected, is installed, provides a fairly high level of protection for the main working system.

The disadvantages of this approach, in addition to the monstrous size of the distribution and high resource consumption, lie in the inconvenience of exchanging data between the main system and the sandbox. Moreover, you need to constantly return the state of the file system and registry to their original state to remove the infection from the sandbox. If this is not done, then, for example, spambot agents will continue their work inside the sandbox as if nothing had happened. The sandbox has nothing to block them. In addition, it is not clear what to do with portable storage media (flash drives, for example) or games downloaded from the Internet, which may contain malicious bookmarks.

An example of the approach is Invincea.

2. Isolation based on partial virtualization of the file system and registry. It is not at all necessary to carry the virtual machine engine with you; you can push duplicate file system and registry objects to processes in the sandbox, placing applications on the user’s work machine in the sandbox. An attempt to modify these objects will only change their copies inside the sandbox; the real data will not be affected. Rights control does not make it possible to attack the main system from within the sandbox through the operating system interfaces.

The disadvantages of this approach are also obvious - data exchange between the virtual and real environment is difficult, constant cleaning of virtualization containers is necessary to return the sandbox to its original, uninfected state. Also, breakdowns or bypass of this type of sandboxes and the release of malicious program codes into the main, unprotected system are possible.

An example approach is SandboxIE, BufferZone, ZoneAlarm ForceField, Kaspersky Internet Security sandbox, Comodo Internet Security sandbox, Avast Internet Security sandbox.

3. Rule-based isolation. All attempts to modify file system and registry objects are not virtualized, but are considered from the point of view of a set of internal rules of the protection tool. The more complete and accurate such a set is, the more protection the program provides against infection of the main system. That is, this approach represents a compromise between the convenience of data exchange between processes inside the sandbox and the real system and the level of protection against malicious modifications. Rights control does not make it possible to attack the main system from within the sandbox through the operating system interfaces.

The advantages of this approach also include the absence of the need to constantly roll back the file system and registry to their original state.

The disadvantages of this approach are the software complexity of implementing the most accurate and complete set of rules, and the possibility of only partially rolling back changes within the sandbox. Just like any sandbox operating on the basis of a working system, a breakdown or bypass of the protected environment and the release of malicious code into the main, unprotected execution environment is possible.

An example of an approach is DefenseWall, Windows Software Restriction Policy, Limited User Account + ACL.

There are also mixed approaches to isolating sandbox processes from the rest of the system, based on both rules and virtualization. They inherit both the advantages and disadvantages of both methods. Moreover, the disadvantages prevail due to the peculiarities of the psychological perception of users.

Examples of the approach are GeSWall, Windows User Account Control (UAC).

Methods for making decisions about placement under protection.

Let's move on to methods for deciding whether to place processes under sandbox protection. There are three basic ones:

1. Based on rules. That is, the decision-making module looks at the internal base of rules for launching certain applications or potentially dangerous files and, depending on this, launches processes in the sandbox or outside it, on the main system.

The advantages of this approach are the highest level of protection. Both malicious program files that came from potentially dangerous places through the sandbox, and non-executable files containing malicious scripts are closed.

Disadvantages - there may be problems when installing programs that came through the sandbox (although whitelists greatly facilitate this task), the need to manually launch processes in the main, trusted zone to update programs that are updated only within themselves (for example, Mozilla FireFox, Utorrent or Opera ).

Examples of programs with this approach are DefenseWall, SandboxIE, BufferZone, GeSWall.

2. Based on user rights. This is how Windows Limited User Account and SRP and ACL based protection work. When a new user is created, he is granted access rights to certain resources, as well as restrictions on access to others. If you need a program to work with resources that are prohibited for a given user, you must either re-log in to the system under a user with a suitable set of rights and run the program, or run it alone under such a user, without re-logging in the main working user (Fast User Switch).

The advantages of this approach are a relatively good level of overall system security.

Disadvantages: non-trivial security management, the possibility of infection through resources allowed for modification, since the decision-making module does not track such changes.

3. Based on heuristic approaches. In this case, the decision module “looks” at the executable file and tries, based on indirect data, to guess whether to run it on the main system or in the sandbox. Examples – Kaspersky Internet Security HIPS, Comodo Internet Security sandbox.

The advantages of this approach are that it is more transparent to the user than a rules-based approach. Easier to maintain and implement for the manufacturing company.

Disadvantages: the inferiority of such protection. In addition to the fact that the heuristic of the decision-making module can “miss” on the executable module, such solutions demonstrate almost zero resistance to non-executable files containing malicious scripts. Well, plus a couple more problems (for example, with the installation of malicious extensions from inside the browser itself, from the body of the exploit).

Separately, I would like to draw attention to the method of using the sandbox as a means of heuristics, i.e. running a program in it for a certain period of time, followed by analysis of actions and making a general decision about the maliciousness - this approach cannot be called a full-fledged anti-virus sandbox. Well, what kind of anti-virus sandbox is this, which is installed only for a short period of time with the possibility of completely removing it?

Modes of using anti-virus sandboxes.

There are only two main ones.

1. Always-on protection mode. When a process starts that could be a threat to the main system, it is automatically placed in a sandbox.

2. Manual protection mode. The user independently decides to launch this or that application inside the sandbox.

Sandboxes that have the main operating mode as “always-on protection” can also have a manual launch mode. As well as vice versa.

Sandboxes with rule-based isolation typically use persistent protection mode because communication between the host system and processes within the sandbox is completely transparent.

Heuristic sandboxes are also characterized by the use of constant protection mode, since the exchange of data between the main system and processes inside the sandbox is absolutely insignificant or is reduced to it.

Non-heuristic sandboxes with isolation based on partial virtualization are characterized by a manual protection mode. This is due to difficult data exchange between processes inside the sandbox and the main working system.

Examples:

1. DefenseWall (a sandbox with rules-based isolation) has a “rules-based” main mode of operation. However, manually launching applications inside the sandbox, as well as outside it, is present.

2. SandboxIE (sandbox and isolation based on partial virtualization) has a “manual” main mode of operation. But when purchasing a license, you can activate the “constant on the rules” mode.

3. Comodo Internet Security sandbox (sandbox with isolation based on partial virtualization) has the main operating mode “constant heuristic”. However, launching applications manually inside the sandbox, as well as outside it, is present.

These are basically the basic things that any self-respecting professional should know about antivirus sandboxes. Each individual program has its own implementation features, which you yourself will have to find, understand and evaluate the pros and cons that it brings.

The Internet is simply teeming with viruses. They can be disguised as useful programs, or they can even be built into a working program. (Quite often found in hacked programs, so you should treat hacked programs with distrust, especially if you download from suspicious sites). So you installed the program and something else was installed on your computer as a bonus (at best, programs for hidden surfing or miners), and at worst, warriors, backdoors, stealers and other dirty tricks.

There are 2 options if you don't trust the file.
— Running a virus in the sandbox
— Using virtual machines

In this article we will look at the 1st option - sandbox for windows.

Sandbox for Windows is a great opportunity to work with suspicious files, we will look at how to start using the sandbox.
If you use antiviruses, sandboxes are often built into them. But I don’t like these things and I think it’s best to download the sandbox on the website www.sandboxie.com.

The program allows you to run a file in a specially designated area, beyond which viruses cannot escape and harm the computer.

You can download the program for free. But, after 2 weeks of use, a sign indicating an offer to buy a subscription will appear when turned on, and the program can be launched in a few seconds. But the program still remains fully functional. Installation will not be difficult. And the interface itself is quite simple.

By default, the program will start itself when you turn on the computer. If the program is running, a tray icon will appear. If not, go to Start-All Programs-Sandboxie-Manage sandboxie.
The easiest way to run a program in the sandbox is to right-click on the launch file or on the shortcut of the desired program, and in the menu you will see the words “Run in sandbox”, click and run. Select the desired profile in which to run and click OK. That's it, the required program runs in a safe environment and viruses will not escape the sandbox.

Attention: some infected programs do not allow launching in sandboxes and virtual machines, forcing you to launch them directly. If you encounter such a reaction, the best thing to do is delete the file, otherwise you run at your own peril and risk

If launch in the sandbox does not appear in the context menu (when you right-click), go to the program window, select Configure - Integration into Windows Explorer - and check the two boxes under the words "Actions - run in the sandbox."

You can create different sandboxes. To do this, click Sandbox - create a sandbox and write the name of the new one. You can also delete old ones in the sandbox section (recommended).

There is nothing more to consider in the program. Lastly, I want to say - Take care of your data and your computer! Until next time

Removing undeletable files on your computer Virtual machine for windows. Program overview and setup Windows 10 disable tracking