TechWandering random header image
wandering the world of technology
wandering the world of technology


SandboxIE – a Little Write-of-Hand

October 4th, 2006 · No Comments

Trojans, spyware, viruses, keyloggers, rootkits — it’s pretty dangerous out there on the Wild Wild Web. There are countless sites out there that have the capability of installing software onto your PC without your knowledge and then stealing your data or using your PC to infect other PC’s (or both). In order to surf safely you have to make sure that you’ve taken precautions against becoming another zombie server for spyware, spam, and other unpleasantries. To combat these risks you should, at the very least, be running a firewall and a virus scanner. Even better would be to run a bowser other than Internet Explorer (I use Flock and Firefox). Want even more protection? Check out SandboxIE.

SandboxIE is a clever little program that acts as a kind of miniature virtual machine. You tell SandboxIE which programs you’d like to run from inside that little virtual machine (the “sandbox”) and it handles the rest. Although it was originally written to give protection to Internet Explorer (hence the “IE” part of “SandboxIE”), you can run just about any program out of the sandbox.

Programs running within the sandbox can read from your hard drive and registry just like they would if they were running without the sandbox. When those programs try to write to your file system or registry the magic happens. SandboxIE reads the files and/or other objects that are being written to from your hard drive, copies them into the sandbox, and writes the changes to the copies of those files. The next time one of the programs in the sandbox wants to read from a file that it’s written to SandboxIE reads from the copy of the file that’s in the sandbox. When you “empty” the sandbox all of those copies go away and your PC looks just like it did before you launched the program running in the sandbox.

As an example, let’s say that you launch Notepad.exe from within SandboxIE. You use Notepad to open a file named “abc.txt” that’s stored in the root of your “C:” drive, make a change, and click the save icon. SandboxIE saves the change, but it doesn’t really save the change back to the root of your C: drive — it saves the change to the sandbox. If you use another program that’s running in the sandbox to open file C:\abc.txt you’ll see the changes you’d made, but if you use a program that’s not running in the sandbox to open the file you won’t. When you empty the sandbox the modified version of C:\abc.txt just disappears.

So, how does that help you to surf the web more safely? Let’s take a look at what happens when you use SandboxIE for its original purpose: browsing the web with Internet Explorer.

As you bounce around the web many sites write little files, called “cookies”, to your hard drive. Some of these are actually useful and are written for practical reasons (like when you tell a site to remember your username) but most cookies are written for the purpose of tracking your movement through the web and reporting those movements back to the big ad companies. Because these cookies are written to your hard drive they “persist” and can be read again by those companies when you go to the web the next day. Or the day after that. Or next week. From the perspective of advertisers the cookies written to your hard drive are just like a trail of bread crumbs that they can use to track your movements through the internet and to target the advertising presented to you based on what kind of sites you’ve visited.

Using SandboxIE to run Internet Explorer wouldn’t protect your system from cookies (there are other programs out there to help with that). It could, however, get rid of the persistent aspect of cookies. When a sandboxed IE writes the cookies to your system it would be writing the cookies to a copy of your “cookie store” in the sandbox. When you shut down the sandbox those cookies simply go away with it. The next time you surf the web your trail of bread crumbs will be gone.

So what about those sites that need cookies to run correctly? No problem — remember, Internet Explorer doesn’t know that the cookies are being written to the sandbox. It only cares that it can write cookies and read cookies. It doesn’t know (or care) that SandboxIE is performing a bit of sleight-of-hand (or “write-of-hand”, in this case) behind the scenes.

How about visiting a malicious site which is trying to install software onto your PC? Just like with the cookies all of the “writes” which that site would be making to your PC’s file system or registry would be redirected to the sandbox. Shut down the sandbox and all of that nasty stuff that was written to your system just disappears. Again, SandboxIE doesn’t stop bad things from being written (hopefully your firewall and virus scanner take care of that) but acts as an additional line of defense just in case some of the bad stuff gets through. If that happens you’ll appreciate being able to click on a button to empty the sandbox rather than having to reinstall your operating system.

SandboxIE isn’t a replacement for your firewall, virus scanner, or any other security measures you may have in place, nor is it meant to be. It’s job is to make sure that nothing running within its sandbox can make changes to your system and it does that job very well.

The program is easy to install and easy to use. There’s a free version of SandboxIE and a not-so-free version. For most users the free version will do just fine, although power-users may be intrigued by some of the features you only get with the registered version (like multiple sandboxes).

Do yourself a favor and check out SandboxIE. You can never have too many obstacles between you and the bad guys out there on the Wild Wild Web.

Related Posts