Run potentially dangerous software safely
Have you ever obtained an executable (EXE) file and been unsure about its safety? Maybe it's a trojan in disguise that your anti-virus won't pick up, perhaps sent as an attachment in an e-mail or maybe you found it on a file-sharing site or network. This also applies to other types of files too that you might think are unsafe - or maybe you just like to be safe all the time. This guide will show you how to run potentially harmful software without getting a nasty malware infection or a similar bad outcome.
Follow the Guide Author on Twitter: jamesdela@twitter |
Introduction & Requirements
Software you must download and install | |
Sandboxie | |
Required: You must download and install Sandboxie from AfterDawn and install it on your computer. It is freeware. Download! |
You will need download the Sandboxie executable file from AfterDawn in order to install the program on your computer. The download is only about half a megabyte in size so it should be very quick.
Note that if you are running the Windows 2000 operating system, you might have to install GDIPLUS.DLL if you don't already have it. When you have downloaded the executable file, run it.
Sandboxie Installation
During the setup, you may need to disable any system protection software you have installed. The reason for this is Sandboxie requires a system-level driver to be installed so that it can do it's job. Security software on some systems will warn that this might be a malicious piece of software embedding itself into the operating system, but don't worry, Sandboxie is one of the good guys. Only disable your security software if you run into an error after clicking Next on the Driver Installation screen.
What does Sandboxie do?
In a nutshell, Sandboxie runs potentially dangerous software in a safe way. It does this by creating temporary storage in which the program can write. A program you run with Sandboxie can read data from the hard disk drive, but when it tries to write data back to your hard drive, this data is only written to the temporary storage - or captured by the "sandbox". When you are done with your sandbox, all the data the program attempted to write is erased.
So essentially, when using Sandboxie with a program, any files it tries to write to the hard drive won't be permanently written, and any registry entries it tries to create won't be saved to the registry. You can use Sandboxie for more than just checking potentially dangerous files too. For example, you can run a whole web browser Sandboxed, which means all of your private data used stored to the hard drive will be captured by the Sandbox and discarded when you throw it away.
This program is truly one of those tools that should be installed on every computer, it would save a lot of time and money if programs like this were encouraged, and if people were shown how easy it is to stay safe.
Sandboxie First Run
Run Sandboxie Control from its Start Menu folder (it may be running in the system tray too) and you will see a window like the one above. Inside the Window is "Sandbox.DefaultBox". That is the default Sandbox, as explained in the last paragraph, it has setup temporary storage for any program you run to write to it. As you will see later you can create multiple Sandboxes if you want to. For now, however, let's just run a program for fun, starting with a web browser.
Running a Web Browser Sandboxed
As an example of how to run a program Sandboxed easily, let's run your default web browser. Click Sandbox. A list of Sandboxes will now appear - but since this is our first time using it, and we haven't created a new Sandbox, the only Sandbox listed is "DefaultBox". Put the pointer over it to view the next menu. From that Menu, choose Run Sandboxed. From the resulting options, click Run Web Browser.
Your web browser will now appear looking exactly the same as usual, except the Title bar will have [#] at the start and end of the Title like this....
So now when I visit AfterDawn.com, it can read my cookie from the hard drive, so I am automatically logged in. However, any settings or information this Firefox session tries to save to the hard drive is caught in the Sandbox (DefaultBox ours is called), and so is not written to the hard drive. That includes Cookies, Downloads, History, Bookmarks, Add-ons etc. They are all caught in the Sandbox. Now let's take a look back at the Sandboxie Control window now.
Sandboxie Running Processes
Double-click on Sandbox.DefaultBox as shown above. This will collapse a list of programs running in the Sandbox. In the example above, you can see that firefox.exe is running in the Sandbox (which is called DefaultBox, you can name your Sandboxes anything you want). The other two processes, SanboxieRpcSs.exe and SandboxieDcomLaunch.exe are just two of Sandboxie's processes that are required to run this particular software properly.
I just want to emphasize here that Firefox is actually running normally. It is not running in a virtual environment, it is running at full speed and it can read data from the hard drive, access the Internet etc. The only difference is, anything firefox.exe tries to write to the hard drive is caught by the Sandbox - Basically it is stored in "DefaultBox". So if I visit websites, my cookies will be stored in DefaultBox. To emphasize how Sandbox intercepts these changes, we are now going to do a little bit of an experiment. We are going to setup a second Sandbox and run Notepad. In notepad we are going to write a line of text, and try to save it to the hard drive, and see then how we can find our text file.
Notepad Example Step 1 - Create New Sandbox
In Sandboxie Control, click the Sandbox menu and then click the "Create New Sandbox" option. The window you will see will be exactly like the one shown above. Give your Sandbox a name - no spaces or special characters - call it something like mine "NotepadSandbox". The click the OK button.
Notice now that there is a new Sandbox in the window. In my case it is called "Sandbox.NotepadSandbox". Now, we are currently using the freeware version of Sandboxie, which means we cannot have more than one active Sandbox at a time. Therefore, we need to stop the DefaultBox sandbox in order to continue. Look below.
Right click on the DefaultBox sandbox as shown above. Now from the list of options that come up, click Terminate Programs. The web browser you had Sandboxed will now close, and the status of DefaultBox will no longer be Active. This does not have to be done if you buy a Full license for Sandboxie.
Notepad Example Step 2 - Run Notepad
Click the Sandbox menu again. Notice this time that there are now two Sandboxes listed: DefaultBox is still there, and NotepadSandbox is now there too. From the NotepadSandbox menu, navigate to the Run Sandboxed menu as shown above. From the options, this time choose Run Any Program.
NOTE: The small box that will now load works exactly like the Windows "Run" function, therefore to run Notepad, all you actually have to do is type "notepad" and click OK. However, just so you get some use from the program, let's go the long way about opening it directly from the Notepad.exe file (unless for some reason you can't find it). Click Browse.
When a small window pops up looking for you to input what program you want to run, click the Browse button. A file browser will now appear. Navigate to the Windows folder on your hard drive and locate Notepad.exe. Select it, as shown above, and click Open. Notepad will now open, and it will appear as a running process under the appropriate sandbox in Sandboxie Control.
Notepad Example Step 3 - Write Note & Save
So, start by typing a note into the Notepad window - try to be more creative than I evidently am. When you have finished your note, click File --> Save. Now, choose a location to save the file.
So as you will notice pretty quickly, you can choose to save it anywhere on your hard drive. You can clearly see all the files. It looks in no way different to any other time you have used Notepad. However, even though you can see the files, it will not be physically saved in any directory that you choose. Let's try and save it anyway. I am trying to save it in the My Documents folder as "my_sandboxed_file.txt". I click Save and as far as Notepad is concerned, the file is saved.
Please note that you might now get an option to recover the saved text file, but do NOT recover it, there is a point to this example.
But is it saved? Check where you saved your file (My Documents is an easy place to check). It's not there? So is it lost? No, it has just been saved into the Sandbox, not onto the hard drive. So let's see if we can find the physical file. Go back to Sandboxie Control.
Notepad Example Step 4 - Find the Saved File
In Sandboxie Control, right click on the Active Sandbox that Notepad is running with. From the options, click Explore Contents. You will now get a warning about how you are going to be exploring the contents in a standard Windows folder view. Click OK. Now, try to find your text file..
So how did I find mine? Well when the Windows Explorer window pops up, you will be in a folder that has two sub-folders (at least); Drive and User. If you saved your text file to any of your User account folders (My Documents, My Videos, My Music etc.), then open the User folder, and you will find the appropriate folder is there. In the picture above, my "my_sandboxed_file.txt" is inside a folder called My Documents, because that's where I chose to save it on the hard drive.
If you saved the text file somewhere else on your hard drive, or on another system drive, then open the Drive folder. In there, choose the Drive you saved it to (C for C:\ etc.). You will notice that you can easily find the text file by following the path you would have saved it to on your hard drive. So you are now looking inside the Sandbox. Notepad.exe tried to write your text file to the hard drive and Sandboxie dumped it into temporary storage instead (look at the Address bar in the screenshot above to get a hint of where it might be on your machine).
IMPORTANT NOTE: When you are browsing the Sandbox, you are doing so with a normal Windows Explorer window. Therefore, anything you choose to run from it will run normally, and will be able to write to the hard drive. Keep this in mind when testing for dangerous software. You can also copy and paste files out of the Sandbox if you want using the normal copy and paste options.
Viewing Files and Folders from Sandbox Control
I just wanted to point out that in Sandboxie Control, you can click View --> File and Folders, and instead of showing you what programs are running Sandboxed, it will allow you to look at the files and folders that are within the Sandbox. You can switch it back by simply clicking View --> Programs.
Removing Sandboxes
When you are done with a Sandbox, you can choose to remove it altogether, or you can choose to leave it there but delete all contents (right-click on the Sandbox and click Delete Contents). In order to remove a Sandbox you will need to delete all of its contents first, then, right click on it, and click Remove Sandbox as shown.
If you cannot remove the Sandbox, or delete its contents, it is because something is using something in the Sandbox. For example, did you close the folder that was opened so that you could find the text document? If you close everything and still can't do it, you might want to try again later after a reboot, but these problems are generally rare.
Quick ways to launch Sandboxed programs
As you can see, from your Start Menu there are a bunch of options for Sandboxie to quickly perform tasks without having to open the Sandboxie Control fully to do it.
Sandboxie Start Menu
Something you might like to create a Shortcut of on your Desktop is the Sandboxie Start Menu (you can find it in your Start Menu folder, right-click to copy to desktop). This way you can choose from anything that resides in your Start Menu easily to run immediately Sandboxed.
Finally
Hopefully this guide will have shown you how to run programs in a Sandboxed environment well enough that you will remember it. This can save you from bad malware infections if you open unknown programs this way. If you have any questions or comments regarding Sandboxie, please visit our Discussion Forums and ask for help there.
Follow the Guide Author on Twitter: jamesdela@twitter |
Written by: James Delahunty