Why should I empty my sandboxes?

If it's not about a problem in the program
Post Reply
CrusherW9
Posts: 18
Joined: Mon Oct 08, 2012 5:25 pm

Why should I empty my sandboxes?

Post by CrusherW9 » Mon Feb 04, 2013 12:38 pm

I have Sandboxie installed on my laptop as my core security feature and I have a handful of sandboxes, each devoted to it's own purpose. I was thinking about some stuff which led me to wonder why emptying sandboxes is so important? I understand that emptying the sandbox you use your browser in is critical. But I have a sandbox for Steam and it's games and I don't see why I should ever empty this. A virus in this sandbox poses no real threat other than crashing a game or stealing bandwidth in which case a sandbox empty would be the easy fix. I read through the "Detecting Key Loggers" page and according to this, if I "Terminate Programs" in my Steam sandbox after use, I'm good; no empty required. But I also have internet access and Start/Run restrictions for the sandbox. So technically, I shouldn't have to do this. Also, according to this link, I'm protected form rootkit key-loggers and windows hook key-loggers. Scripted key-loggers would only apply to the program that got infected and thus wouldn't transfer outside the sandbox. I'm not sure about windows message key-loggers though. From what I can tell, they "can only reliably record activity within one program" so this would mean only the program that launched it, right? If so, there is nothing to steal from Steam or Counter Strike for instance so I'm good here too. As of now, I have all of my sandboxes set to auto empty, and scanning my steam sandbox and then recovering everything every time I close steam is getting old. Am I missing something or should I simply not worry about emptying sandboxes like these?

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Mon Feb 04, 2013 4:35 pm

In many cases you don't need to worry about deleting contents.
I have at least 12 sandboxes with specific programs installed inside them, and never delete the contents (not the least of which, is because it would delete the program).

I think that a reasonable approach for sandboxes that you do not delete is to apply restrictions to what the main program can do;
apply a list of start/run restrictions to avoid surprises when unknown programs try to run (this one cannot be used when the program is installed inside of a sandbox);
perhaps specify the main program as a Leader Program, so that all other programs using that sandbox are ended when the main program ends;
and use Write-Only folder restrictions for folders that contain sensitive information, outside of the sandbox (like your documents folder, or possibly folders containing cookies, passwords, etc). That will keep sandboxed programs from being able to read the files in those folders.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

CrusherW9
Posts: 18
Joined: Mon Oct 08, 2012 5:25 pm

Post by CrusherW9 » Mon Feb 04, 2013 6:31 pm

perhaps specify the main program as a Leader Program, so that all other programs using that sandbox are ended when the main program ends
This is a great idea. I went to go apply this and then saw that I already had. As for folder/file restrictions, I keep all my stuff on a separate partition and have blocked all access to that. I guess I'm good to go then. Thanks for reminding me of this setting. I'm much more confident in my setup now.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest