Closed Paths - Approaches

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
martinr
Posts: 83
Joined: Sun Apr 15, 2007 8:41 am

Closed Paths - Approaches

Post by martinr » Sun May 27, 2007 3:53 pm

I'm interested to learn how Sandboxie users make use of the Closed File and Key Path commands in Sandboxie.ini to suit their own needs.

I appreciate it's a good idea to close read access to all personal files. But there must also be many files and registry contents that contain details of settings, passwords (encrypted or otherwise) and other data that a hacker could perhaps make use of. And as I rarely use Sandboxie to test programs but primarily to give browsing and e-mail protection, I wonder if it's practicable to deny read access to everything (other than the files Sandboxed I.E. and O.E. need) akin to a block-all firewall rule?

Is this feasible, and do the commands in Sandboxie.ini get treated like firewall rules i.e. so long as a line is above a "block all" type of command it will get executed?

I'd be grateful for guidance on the above and also to learn of closed path .ini lines that users have added.

Thanks

Martin
Top
Unknown_User_802
Posts: 0
Joined: Wed Dec 31, 1969 7:00 pm

Post by Unknown_User_802 » Sun May 27, 2007 5:46 pm

I think, a good way to start is organizing your harddisk:

seperate partitions/drives or folders

a) for the operating system
b) programms folders
c) stored data from I.E. and O.E.
d) your private/personal files

And use different sandboxes instead using always the "defaultbox":

- the sandbox1 for testing new programs is only allowed to read a) and b)
- the sandbox2 for I.E. and O.E. should use a) b) c)
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon May 28, 2007 10:22 am

martinr wrote:Is this feasible, and do the commands in Sandboxie.ini get treated like firewall rules i.e. so long as a line is above a "block all" type of command it will get executed?
I don't know about firewalls, but as for Sandboxie. You can't count on the order of the settings. For example,

OpenFilePath=c:\MyDocuments\My Program Data
ClosedFilePath=c:\MyDocuments

You may think this causes Sandboxie to close everything in MyDocuments except MyDocuments\My Program Data, but no. Closed paths are looked at first, and as soon as one matches, the match process is over.

In other words, MyDocuments and everything below it will be closed. The OpenFilePath setting will be meaningless in this case.

* * *

Anyway, if you care about protecting sensitive data, iceflower99's suggestion about separating sensitive data makes sense. I'd take it a bit further, and suggest the following.

Use TrueCrypt to create an encrypted logical drive. The data file for this drive can be in My Documents, but it would only be accessible in a meaningful way through the drive letter. Then, you can put the TrueCrypt drive letter in a ClosedFilePath.
tzuk
Top
Guest

Post by Guest » Wed May 30, 2007 9:54 am

Many thanks - these replies are a tremendous help.

Martin
Top
Post Reply

Return to “Problem Reports”

Who is online

Users browsing this forum: No registered users and 1 guest