The use of Sandboxie in a special case?

[Guest]

I just found this great software and I think it would fit my needs very well, but I would like to ask some questions before I start using it. I run customized setups of computers, because I test beta software and if I test specifically for compatibility between another software and the beta software, nothing else should interfere and as such I do not have anything else installed. Now I know there is no guarantee for that Sanboxie wont interfere with the testing of other software, but I am willing to deal with the issues arising from using Sandboxie in conjunction with beta testing
software if Sanboxie really does what I am wishing for. So here goes:

1. I want to use the computer normally without interfering with the installed Windows setup. Originally I thought of either having dualboot with another windows setup or install a virtual machine with Windows installed on it and use that. Although neither seem to be very good alternatives when it comes to productivity, thats why I was so happy to see this software when I came across it. What I hope I can do with Sandboxie is use the computer as I usually do, as in surfe the web, install programs, etc... and have everything saved in the sandbox. What I mean is that I want to have read and write access to the disk and be able to modify files and have everythiung safely saved in the Sandbox, so that the next time I start my software from the sandbox I can continue were I left off (bookmarks, text documents, etc...). Is this possible with Sanboxie?

2. I sometimes have to take snapshots of the system and compare it to a snapshot initially taken when the computer was newly setup. Since I would see any difference, no matter how small, insignificant or deeply hidden it is, between the initial snapshot and the one taken after testing, I would therefore like to uninstall Sandboxie and then take the snapshot, but for this to work no traces of Sandboxie has to be left on the computer, neither files, filesystem nor registry traces. If the uninstall of Sandboxie doesnt remove everything I would gladly remove the rest manually, but I would have to know what. Another thing I am wondering about is that I do not know if there is any difference between the registered version and the unregistered version, but in case it is I am planning on purchasing Sandboxie so if it leaves the serial key (or whatever system of licensing it uses) in a file somewhere or in the registry somewhere, I would like to remove it too. This is because the differences between the snapshots are examined by both me and other persons, so even if I know what comes from Sandboxie and what doesnt, the other people involved wouldnt know. Would it be possible to uninstall Sanboxie and not leave any traces, even if I have to do it manually? In case I have to do something special to remove all traces, how should I proceed?

3. I have another very important issue. I usually work with very sensitive files and programs (that leaves traces in the registry too). Usually I run it on another computer, but now it would be easier to run it in the sanbox on the same computer as the software, but because of my agreement I have to securely wipe the whole hard drive with a special software. Now I do not know if I can run it under sandbox and get it to do the job there, but it would be much easier if I only deleted the sandboxed environment without uninstalling Sandboxie. The question is, does Sandboxie only save the files (and registry changes) in one place or does it save it in different places? Where does it save these things? And now this is very important, if I want to securely wipe everything in the sandbox, what must I wipe out to do it? And now I mean everything, it shouldnt be possible for anyone to access what used to be in the sandbox, every last bit should be eradicated (much nicer words in the agreement I signed, but basicly this is what it says). Is this possible and how should I proceed to accomplis this?

4. How does Sandboxie handle rootkits? Does it allow them to be installed but only in the sandbox or does it block them completely?

5. How does Sandboxie handle ADS (Alternate Data Streams)? Does it read them or allow to write them, but still keep the changes contained in the sandbox?

Thanks for all the help. I know this became a very long post, but I became so exited when I found this great software that I just couldnt stop writing. I appologize for it and hope to get some answers to my questions. Thanks again everybody

[Unknown_User_414]

Uhm, most of your points are possible with sandboxIE thats why i like it so much.

Point 1: yes thats possible, because the application is sandboxed and split from not sandboxed applications every configuration or option will be the same as you left the application.
Point 2: You can just uninstall Sandboxie with the (built in startmenu) uninstaller and the sandbox(es) are deleted with every file in it, register contains only dummykeys(if im correct) which will be deleted also by the uninstaller.
Point 3: Uninstall SandboxIE and it will not left any traces of SandboxIE.
you can specify the place where your sandbox must appear on disk so every sandboxed application will write to its own subdirectory in that particulary directory.
Point 4: rootkits are only blocked if they are installed in the sandbox.
So if your browser or explorer are sandboxed, your pretty save.
Point 5: every object in the sandbox thats accessed by a user with admin rights and a sandboxed application will have all write and read options to that sandbox enironment, so i guess it will be compatible with ADS.

But you can test it yourself!, many things become clear if you see it your self, you can download SandboxIE for free from here http://www.sandboxie.com/download.php

Which features are not available in the free version of Sandboxie?

In the registered version, Sandboxie can be configured to issue a warning whenever a particular program is launched outside the sandbox. You can also configure Sandboxie to automatically sandbox particular programs, even when they are not launched through the Sandboxie front end tool.

Since version 2.47, registered users can run sandboxed programs in any number of sandboxes at the same time, while non-registered users can run sandboxed programs in only one sandbox at a time.

[Guest]

Thanks for your reply. I am still at lost on some of the points. Do any traces remain of Sandboxie itself (not the sandbox) when you unistall? Secondly all files are saved inside a folder of your choice right, nothing is saved outside it? But where are the registry keys saved? And is that the only places registry keys are saved or are there several places registry keys are saved? Thanks

[tzuk]

But you can test it yourself!

I second that. It would probably be best that you use your snapshot/diff tool. I wouldn't want to try to list any possible changes and then forget something important.

I think Nightanimal did a fine job answering most of your points, I only have a couple of points to add.

because of my agreement I have to securely wipe the whole hard drive with a special software

The sandbox is just a folder, you can delete it yourself. See also this post.

Some keys are created in the registry below HKCU\Sandbox. They are created empty and temporarily. This means they can't survive a system restart.

How does Sandboxie handle ADS (Alternate Data Streams)?

It handles it like any other change to a file. The file is first copied to the sandbox, then modified there. The original copy remains unchanged.

[Guest]

Ok I understand, its probably best to see the difference in snapshots myself, although it is going to make some problems since I am not in control of the initial snapshot, so I will have to guess what is the beta software's tracks, and what is the Sandboxie tracks. Does Sandboxie leave much behind when it gets uninstalled that, or just some few things (so that I know how deep I should be looking)?

One thing I thought of is how usefull this application could be for development. I work a lot with virtual computers to test software and although they are nice to work with, sometimes it is better to test them directly with real hardware instead of emulated hardware. Also testing software which uses Direct3D API is almost impossible on virtual computers and creates even more problems. This is without counting the performance hit I get in virtual computers. Sandboxie could end a lot of those problems, but it should include something more. Now this is just a suggestion on my part, I know how hard it is to develop quality software and that your priorities are different, but if you have tried a virtual computer such as VMWare you can see that they have an option called snapshots (not to be confused with the snapshots I was talking earlier about). Basicly what it does is that when a snapshot is taken you can return the system exactly to the point of time it was taken and not just the files on the system, but also the same operations that the system was performing (I know this last part might be hard to accomplish in a sandbox, but atleast the files part could be done). This combined with the sandbox would make a very good developer utility. Atleast consider it, but I have to say your software seems good as it is now too

Lastly I would like to say that I havent actually tried Sandboxie yet, that is because I am still waiting for my computer (I am just temporary borrowing this one), but I will as fast as I can.