There are many ways to keep your computer safe and one of the more effective methods is by running high risk applications such as web browsers, instant messengers, email and P2P clients in an isolated space so that it is able to automatically sandbox malware preventing permanent changes if the downloaded file is indeed malicious. Some antivirus software such as Kaspersky, avast! and COMODO come with a sandbox feature to automatically run programs that are found to be suspicious or their safety cannot be determined, but those sandboxes are quite basic and limited. Moreover it is possible for experienced malware programmers to find a loophole to bypass the sandbox in the antivirus or terminate itself when detected to run on a virtual container.
A better option is to use a dedicated sandbox software for more control. Let’s say you unknowingly downloaded a malware from a website using Firefox that is ran inside sandbox. When the file has finished downloading and is ran directly from the web browser either by clicking the Run button in Internet Explorer or open from the Download window, any changes made by the malware will not affect your computer because the damage is only done on the isolated space (sandbox). However, do take note that if you choose to recover/move the file out of sandbox and run it from Windows, then the changes will be applied to your operating system.
Here are 2 free tools to sandbox malware from source of infection to keep your computer safe. 1. Sandboxie
Any computer security minded user would have been using or at least heard of Sandboxie because it is effective, easy to use and free with some limitations. After installing Sandboxie, a “Sandboxed Web Browser” shortcut will be automatically created on the Desktop for you to run your default web browser in a sandboxed environment.
If you want to run other programs in Sandboxie, you can either right click on the shortcut or program and select “Run Sandboxed” or drag and drop onto the Sandboxie Control program window. You can easily recognize if a program is running in Sandboxie by identifying the yellow color border around the window.
If a previously downloaded file is confirmed to be safe using X-Ray, you can manually copy or move the file out of sandboxie by right clicking on the Sandbox DefaultBox, select Explore Contents which will open Windows Explorer, access the Drive folder and locate the file from there. Please be reminded that running any files directly from the sandbox contents without a sandboxed Windows Explorer is ran under Windows and not isolated.
Although Sandboxie is very effective in containing any malicious software in an isolated virtual space, it is also important to make sure that your operating system itself is free from any malware infection. Let’s say if a hidden keylogger is installed in Windows, it can still capture anything you type in sandboxed applications and send it to the host. Unfortunately this can also happen inside sandboxed programs unless you configure Sandboxie to specifically allow internet access only for trusted programs while all other programs are blocked.
Other than using Sandboxie to keep your computer safe, you can also install legitimate programs in a sandbox to keep your Windows operating system clean. However do take note that certain software such as antivirus and iTunes cannot be installed in an isolated space. Sandboxie works from Windows 2000 to the current Windows 8 in both 32-bit and 64-bit.
2. BufferZone Pro
BufferZone Pro is a free alternative to Sandboxie and it works in a very similar way. It has a default list of programs covering major web browsers, download managers, P2P applications, instant messengers and Windows Media Player that will automatically run inside BufferZone. A small BufferZone icon attached to the shortcut indicates the program on the BufferZone protected list. You can also make use of the right click context menu to manually run programs in BufferZone.
You can confirm if a program is running in BufferZone by checking for the red border around the window or from the Summary tab in the BufferZone program. BufferZone seems to focus more on protecting your applications by isolating them and not offering you the flexibility to recover the files downloaded from the sandboxed web browsers. You can easily terminate all processes, delete registry and files from BufferZone with one click but it offers no option to move the files out of the virtual container. You can however manually go to C:\Virtual\Untrusted to look for the files.
BufferZone Pro comes with a firewall that is turned off by default which is similar to the Sandboxie’s Internet Access Restrictions to allow or block network access for programs running inside BufferZone. You can set the allow or deny action based on program name, network address or port numbers.
Editor’s Note: Sometimes it is very frustrating to decide if you should run a program when most people claim that it is safe but your antivirus triggers an alert from the heuristic analysis just because the program has a behavior that the antivirus doesn’t like. Sandboxie or BufferZone solves this problem by allowing you sandbox malware or run any unknown files no matter if it is safe or dangerous while still keeping your Windows operating system safe and sound.