AfterDawn: Tech news

Protect against malware by running suspicious software safely

Written by James Delahunty (Google+) @ 04 Sep 2009 0:18 User comments (20)

Protect against malware by running suspicious software safely We added a couple of new entries to our Guide section lately. One of these new guides is a relatively simple guide on running potentially harmful executable files safely in Windows. It could be useful for running .EXE files found on file sharing sites or networks, or any program you are otherwise suspicious about.
It utilizes freeware software that some of you more safe users will already be using; Sandboxie. In a nutshell, Sandboxie allows you to run a program (like a potential virus), which "can" read data from the hard drive, but when it tries to write data back (new files, editing files, registry entries etc.) they are caught in the "Sandbox", so to speak.

Sandboxie sets up temporary storage on your hard drive, and will capture data that a program running will try to write to your hard drive. Moreover, you can view the contents of the Sandbox easily to see exactly what changes a program tried to make to your files.

Read: Run potentially dangerous software safely

It has other uses too, such as running a Web browser Sandboxed. In this example, running Firefox.exe sandboxed will allow Firefox to read all of your data; your Cookies, Recent Activity, Add-ons, Saved Passwords & Form information etc. but anything Firefox tries to save is caught in the Sandbox, so any new data Firefox tries to write to the hard drive is caught. You can then simply discard the contents all at once, and it will be like you never even used the browser the next time you run it normally.



It is a highly recommended program if you are not already familiar with it. Hopefully it helps.

Read: Run potentially dangerous software safely


Some Related Guides:
Read: How to Securely Delete Files
Read: How to Recover Deleted Files
Read: Clear Private and Temp Data Quickly and Safely
Read: Use Smart Defrag to improve HDD performance
Read: Create DVD with all Windows & Office Updates

Previous Next  

20 user comments

14.9.2009 3:01

Interesting. I suspect this wouldn't protect you from a piece of malware that dug up sensitive information from the user's hard drive and sent it back to its master though?

24.9.2009 6:10

Originally posted by nonoitall:
Interesting. I suspect this wouldn't protect you from a piece of malware that dug up sensitive information from the user's hard drive and sent it back to its master though?
Well a program can access the Internet and can read from the hard drive so it is a possibility but that's generally where a firewall, or at least something with Program Control to manage what programs are allowed Internet access comes into play. Also, it's very easy to just terminate the program with Sandboxie, as you would probably be suspicious if you run it and you don't see anything happening. The point here about running possible harmful files with this software is you prevent an infection weeding into the system.

34.9.2009 7:14

Yeah, I know. This does appear to be an effective means of protecting the system itself from harm. I think I'll stick with virtual machines for shady program usage though. :-P

44.9.2009 7:54

Originally posted by nonoitall:
Yeah, I know. This does appear to be an effective means of protecting the system itself from harm. I think I'll stick with virtual machines for shady program usage though. :-P
Ye that would be the safest way for sure but there are just two disadvantages, firstly its not as easy, and secondly, depending on the system, if you try to run certain software in a virtual environment you might get a performance hit, whereas with Sandboxie, the program runs normally, Sandbox just controls what where it writes to the HDD. I think a setup of Sandboxie + Firewall with program control and you have a very good system there to keep safe :-) I've been meaning to put up a program control guide for a while, I just can't settle on the right software to go with, it has to be free, and it has to not be annoying ;-)

54.9.2009 8:40

I have been using this program forever. If you don't care to have virtual machines etc you cannot beat this program. It does not bog down your system at all. You will not really notice any change as far as functionality and you can run anything in the sandbox. I know I like to try out different programs and such that I have hard of. It can be a hassle if you hate it and uninstall and crap is still left in your registry. Everything you run in the sandbox will not have an effect on your registry settings. You don't like what you've installed? Just delete the sandbox and everything is gone. I run my browser in the sandbox. I don't even bother with having antivirus software anymore because I do everything in the sandbox and there is virtually no chance of me getting a virus.

This message has been edited since its posting. Latest edit was made on 04 Sep 2009 @ 8:41

64.9.2009 9:15


I don't even bother with having antivirus software anymore because I do everything in the sandbox and there is virtually no chance of me getting a virus.

Wow... I've been using Sandboxie for about 3 years, but still have the AV. PC use without that just seems a little to... Mac? :p

74.9.2009 9:27

Originally posted by ahiah9:

Wow... I've been using Sandboxie for about 3 years, but still have the AV. PC use without that just seems a little to... Mac? :p
I don't have a mac. The only reason I have had antivirus software was because sometimes other people (family) use my machines and they don't have good sense. Antivirus software is not the necessity people think it is. Most of the time people get infected because of their own ignorance. People opening up attatchments sent from people they don't know or messaging programs etc. Also they seem to like IE which is a virus waiting to happen. I have set up the more commonly used programs to execute in the sandbox to stop something like that from happening. My brother can't seem to stay away from those damn porno sites, using IE no less lol.

84.9.2009 12:01

Looks great! I will need to down load this puppy before I forget.
I ALWAYS disable the network before I do anything that try to use the internet. In fact I only enable when I need it. I have gotten a warning once after installing some software. It complained that the internet was down when nothing should have been doing that. I couldn’t find the Trojan for a good long time. Finally I made a very nasty call to the software company. I assumed it had a virus. They confided that it was only trying to register the software. I uninstalled the software and I never saw the message again.

By not starting up with the network off, you insure your firewall ect is fully up and running before you get internet access. I do not wish to get auto updates for anything. They cause much more troble than the solve. If I have a problem then I update otherwise I do not. I have had far less if any incompatibility problems since I wised up.

I do not trust firewalls much. I keep an IP blocker as well. I gives me the creeps how much info gets blocked I assume because the firewall let it in. There is all sorts of add ware trying to spy on you to say the least.

This message has been edited since its posting. Latest edit was made on 04 Sep 2009 @ 12:06

94.9.2009 12:34

cool. i've never heard of this before. i'll give it a try. thanks for the review/guide dela.

104.9.2009 14:13

Quote:
as you would probably be suspicious if you run it and you don't see anything happening.
He he he he he he How many time have folks read comments on sites saying "I ran the keygen and nothing happened, this keygen doesn't work"
And then you see a comment saying "oh yes it works, but not in the way you imagined it to" ET PHONE HOME.

Anyway if your a gamer then run a dual-boot with windows for your games and *nix for virus free computing, well almost virus free but you get the picture eh. However sandboxie has been around for some time and is a hell-of-a good idea for folks that want to be safe and not sorry. Well done, for informing the community of this great little app.
This message has been edited since its posting. Latest edit was made on 04 Sep 2009 @ 14:14

114.9.2009 15:48

As others have said, Sandboxie is a great tool for keeping a malware-free system. I usually run all of my browers in a sandbox for this purpose.

124.9.2009 22:18

Originally posted by SoCalSRH:
cool. i've never heard of this before. i'll give it a try. thanks for the review/guide dela.

Originally posted by joe777:
Well done, for informing the community of this great little app.
Cheers guys! :-) I actually have been using it myself for quite some time now and I think I added it to my list of stuff to do when I saw that it had less than 2,000 downloads on AfterDawn - people just aren't really aware of it, which is a shame.

134.9.2009 22:52

I'm surprised I just found out about this. I always had to run malicious software through qemu or VMWare but this is far easier and much more practical.

Thanks very much for this!

144.9.2009 23:15

Originally posted by rvinkebob:
I'm surprised I just found out about this. I always had to run malicious software through qemu or VMWare but this is far easier and much more practical.

Thanks very much for this!
You're welcome. It really does help, especially if run in conjunction with a program control-enabled firewall.

Any of you guys have any suggestions for related items I can put up. Have been thinking of some virtualization stuff, some encryption stuff etc.

155.9.2009 3:38
jony218
Inactive

I've used sandboxie before but was unsure of it's effectiveness and the setup can be a little complicated. Right now I just use "returnil" virtual system(freeware), for me it's much simpler, when enabled it places the entire c: drive into virtual mode(this process is immediate). Any virus/malware encountered will only live in the virtual world. The only drawback is you need to reboot to come out of virtual mode.
Sandboxie is more of a software for people who have a good understanding of security threats and will setup sandboxie accordingly.
Sandboxes and virtual systems are the only security software that can defeat (or at least make non-permanent) virus/malware. Anything that bypasses your firewall/antivirus probably won't make it through a virtual system.

165.9.2009 6:38

A word of note - Sandboxie will not run on 64 bit Windows unfortunately.

175.9.2009 15:28

Originally posted by FreqNasty:
A word of note - Sandboxie will not run on 64 bit Windows unfortunately.
I never mentioned that in the guide, I'll add that in now.

1811.9.2009 11:19
dorkydork
Inactive

This only solves half the problem. If it can still connect to the internet and send data back home how is that safe from stealing your passwords or reporting key presses?

If this program added in a network monitor that tells you when it's making a network call and inspects the data for you AND let's you inspect it and stop the call then you've got a great program.

The whole Windows environment needs all it's software to run like this all the time. Let the user see exactly what everything is doing in his or her system.

1911.9.2009 15:03

That's what the firewall is for and does. We sure don't need any more of that AUC crap and most people aren't going to understand what they are even looking at if we did lets say a packet inspection.

I ran Sandiebox for a long time but finally gave up on it as it's too much bother for the minimal protection you may get from it. Most malware/trojans lay dormant for some time so you won't catch them in the sandbox any how. You can run antivirus on them while in the sandbox but even AV packages won't protect you fully and these days all of the false positives makes it hard to even trust your AV protection.

I'm testing a new AV Suite Avast!Professional Family Pack - antivirus for home networks and it has a sandbox in it that you can add whatever browser you want to it. It looks intersting, it is cheap, it will push updates as you get 1 server & 10 workstation licenses with it. So that is the direction I will go in, once again I wasn't impressed by Sandboxie.

2011.9.2009 16:01

for those concerned with the transmission of personal information from malware within sandboxie, yes a firewall either hardware or software that monitors for personal data is best bet.

but i have had a few programs that sandboxie alerted me of suspicious file access and internet communication and blocked it. you can even set it so a sandbox has certain resources before executing the program

Comments have been disabled for this article.

News archive