Filed under: Security, Utilities, Windows, Commercial, Freeware, Lists, Windows x64
Five sandboxing apps to protect your Windows computer
by Lee Mathews Mar 11th 2009 at 8:00AM
System admins and technicians deal with a number of frustrations in our daily work. One of the biggest: desktops that keep getting misused, abused, and trashed as a result of carelessness, malice, or a lack of common sense.Sandboxing programs are a great way to prevent these kinds of headaches. What do they do? In simple terms, they prevent applications from making changes to your system. It's kind of like having an imaginary hard drive where programs think they're operating like normal, but their actions never make an impact on your real filesystem.
Here are five options available for Windows systems to get the job done. These apps are great not only for the workplace or situations where you're looking after public or shared computers, they're also a fantastic way to protect your home computer from unwanted changes due to accidental misuse and malware.
Faronics' flagship product has long been the nemesis of would-be high school hooligans for years, and with good reason. Once a system has been frozen, it's just about impossible for it to be monkeyed with (unless you know the admin password). User profiles can be left in a "thawed" area so as to allow changes to persist. Attempted changes is a frozen area? They're gone as soon as the system reboots.
There's no detectable performance hit with DeepFreeze, and it's also available for Mac and Linux systems. A 30-day trial is free and $45 for a license with 1-year maintenance.
In addition to providing full system protection, Returnil offers a wide array of useful features. It integrates tightly with the real operating system and provides a good set of tools for working in both the real and virtual filesystem. Users can whitelist or blacklist individual files and all virtualized changes can be completely undone with a reboot.
The current version is free for personal use, and the Premium Edition goes for 20 Euros. There's a feature comparison on the Returnil site if you'd like to see how they stack up. They're also seeking beta testers for version 3.0. If you're interested, apply here.
Sandboxie is one of the most talked about and widely used free applications in this group. It's not so much designed as a "total desktop" solution, but as a way to isolate certain programs that pose a risk - like web browsers.
The paid version allows simultaneous use of multiple sandboxes, enables forcing programs and folders into sandboxes, and removes the post-30-day nag screen. For personal use, a lifetime license will set you back a paltry $22 Euros and it can be installed on every computer you own.
Similar to Sandboxie, Bufferzone is more about isolating threats from the internet than completely locking down your system. It's designed to isolate apps like your web browser, email, and peer-to-peer programs. Downloaded files inherit Bufferzone's protection, so if you install something that was downloaded from a protected app, it becomes protected as well.
BufferZone is free to try for 30 days. After that, it's $39.95 to register for home use. Trustware also offers various enterprise-grade solutions. Vista users can sign up for a beta version tryout.
Microsoft's offering was one of the first apps I wrote about after joining DS, and it's seen some nice improvements since then. SteadyState offers some additional functions, like locking down access to Windows functions like control panel and the command prompt, limiting access to specific websites, and maintaining Windows and antivirus program updates.
It's worth noting that this functionality is baked in to the Windows 7 pie as PC Safeguard.
With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet.
They key to getting good at Graveyard Shift is learning to use ...
Reader Comments (Page 1 of 1)
Anthony Frazier said 9:02AM on 3-11-2009
What, no love for Altris SVS (http://www.svsdownloads.com/)?
It's also worth noting that right now, none of these support 64-bit XP or Vista. Except maybe DeepFreeze, but I couldn't immediately find anything on the website about that.
Reply
James said 11:23AM on 3-11-2009
From what I understand, no current sandbox apps may work on Vista because of the way Vista controls access to the kernel. Apparently it does much more than any past Windows version to deny access to anything trying to control the kernel — which is where sandbox programs (as well as malware) like to operate.
BTW though I haven't used any sandboxing program yet, I did listen to a good interview with the creator Sandboxie in Steve Gibson's Security Now podcast: http://www.grc.com/securitynow.htm, episode #172. Explains quite a bit about how sandboxing works.
Lee Mathews said 11:26AM on 3-11-2009
Can you expand on how they don't work in Vista? I know for sure that SteadyState does, and would imagine DeepFreeze does as well.
Returnil also says their beta will.
Thanks!
Anthony said 2:26PM on 3-11-2009
That was supposed to be parsed as 64-bit (XP or Vista), not (64-bit XP) or (Vista). Sorry for any confusion.
I've heard that PatchGuard is what prevents these sandboxes from working. I wonder how Microsoft is dealing with it in Windows 7, or if they are.
216 said 12:32PM on 6-02-2009
Sandboxie works fine with Vista....I hate when people talk about what does/doesn't work with Vista and they have no idea what they're talking about
Amr said 12:37PM on 3-11-2009
of course deep freeze work with vista i use it
Reply
Bryce said 12:47PM on 3-11-2009
My kids like to play on my computer (even after I bought them their own so they don't stick their sticky fingers on my box).
So, I was thinking of creating their own account that would automatically start up a VMWare image of XP or some Linux flavor, and full-screen it. Haven't worked the details out yet though..
Reply
Bolivar Baez said 1:30AM on 3-12-2009
I think SteadyState can help you, look into it.
Terry Ritter said 1:00PM on 3-11-2009
As a long-time Windows guy, I have recently started running Puppy Linux specifically as an on-line security sandbox. Puppy supports Firefox for a browsing experience similar to Windows. Firefox is also a program platform for a wide range of useful add-ons. The Windows things I need on-line (e.g., Password Safe) run under Wine, which Puppy also supports.
The sandbox advantage occurs when Puppy loads from DVD-R and runs completely in RAM (the DVD can be removed). A hard drive need not even be present. Existing Windows drives are not touched unless manually mounted, but then can be used for downloads or uploads. Program updates and configurations can be burnt to DVD as extra sessions which then load with the system. Rebooting on each session means even successful malware attacks end when the session ends.
While nothing is perfectly secure, I expect this approach to be generally stronger against on-line malware than a software solution running under Windows.
Reply
LanceWebb said 5:13PM on 3-11-2009
Noticed that "PC Safeguard", a lite version of Steady State included in Windows 7 has been changed in build 7048 to "Guest Mode". With Guest Mode turned on, all change will removed when that user logs off. Guest Mode is an option in setting up a standard user.
Reply
Scopique said 8:23AM on 3-12-2009
I second Altris SVS (now Symantec...unfortunately).
Not only does SVS allow you to contain entire installs, but you can use the sandbox file to back up the contents. If you need to do a system restore, you can just restore the backups.
Reply
relaxbyfishing said 12:06PM on 3-16-2009
I was trying out Returnil and decided that I didn't like it all that much over just using VMware. So uninstalled it and rebooted. After booting back up my machine would display the desktop and that was it. I couldn't click Ctrl Alt Del or anything. So I tried SafeMode and I had a little more function, but not much. I was just going to use the roll back feature in XP to back to the day before install and I could select the day and that was it. So I decided to reimage my system drive. Image done, started up and my system was fine until I clicked on my storage drive. Then my system was messed up again. So I booted to my Ubuntu Live CD and mounted all my drives. Come to find out Returnil had put Autorun.ini files on all my drives. So that when I clicked them it altered my system. So I cleaned out the Autorun.ini files and some other little files noted in the autoruns. Reimaged the system drive again and everything was fine.
I don't suggest using Returnil.
Reply
raver said 8:09AM on 4-08-2009
I've found a nice article - http://wiwapia.com/en/Sandboxie - with complete explanation on all these computer security apps. Judging from the description, Deep Freeze is the best variant, thought I wouldn't say for sure
Reply