Sandboxie: Why everyone should be using it

Much has been written about PC security and how it can be enhanced per medium of adopting a layered approach, which generally means installing different types of products to help cover a wider scope of eventualities. I employ such a strategy myself, albeit in a fairly basic form; Avast Free, WinPatrol and Sandboxie. These three products have stood me in good stead for a number of years, I can’t even remember the last time one of my machines was infected. Both Avast and WinPatrol are very well known, WinPatrol in particular enjoys legendary status. Sandboxie is also quite well known yet, in my experience, substantially under-utilized. I don’t quite understand why that is the case; Sandboxie is simple, very easy to use, very effective and free. Perhaps it can be put down to a certain mystique surrounding sandboxing and virtual environment techniques in general. Whatever, I hope what follows will help clarify and maybe encourage more users to take advantage of this terrific software.

  • Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
  • Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
  • Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
  • Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Sandboxie is a mere 2.2MB download, installation is clean and straightforward. To complete the process Sandboxie will install its own service Sbie.Svc.exe. This is Sandboxie’s core component and, although it is not necessary to have Sandboxie itself auto-starting with Windows, it’s imperative to leave this service enabled and running at all times.

Sandboxie is operated primarily via the Sandboxie Control window which is accessible from the Start menu. The interface is entirely minimalistic, simply click on the Sandbox menu item, then on DefaultBox to reveal Sandboxie’s main options:

Default configuration will be fine for the vast majority. However, if you do not want Sandboxie auto-starting with Windows you should access Windows Shell Integration from the Configure drop-down menu and disable that option:

Sandboxie places a special folder in the root of ‘C’ drive and this is where all data created while running sandboxed applications resides. In other words, this folder represents your virtual environment – all data related to any actions performed inside Sandboxie will go into that folder:

When you have completed your task, whether it be a browsing session or testing software, simply initiate the ‘Delete Contents’ option and Sandboxie will empty that folder, all associated data will then be gone – including any nasties accumulated along the way.

This isolation technique is eminently suitable for many situations; it all but guarantees a perfectly safe browsing session and you can test install software with total immunity from malware or unwanted extras which install without permission.

Sandboxie’s options are also available via the program’s system tray icon which appears whenever Sandboxie Control is running; simply right click on that icon and then left click DefaultBox:

Selecting Run Web Browser for example will open a sandboxed instance of your default browser where you can surf around safely until your heart’s content. If, during a session, you happen to download anything you wish to keep, an image or file perhaps, Sandboxie provides options to ‘recover’ the file(s) via two methods; 1) an immediate prompt once the download has completed and 2) at the termination of the session when you initiate the Delete Contents option (use the Recover to Any Folder option first and then click on the Delete Contents button to get rid of the remainder):

Sandboxie also adds an entry to Explorer’s right click context menu, right click any file and it can be run sandboxed. This is useful for handling any suspect files and particularly so for testing software – simply right click on the setup (execute) file and select Run Sandboxed:

Now the program will be installed entirely inside the sandbox, you can run the software and work with it as usual. When finished simply delete the contents of the sandbox and everything is gone – your system remains unchanged and unaffected.

I recently tested a similar free program from Toolwiz called TimeFreeze, you can read through that review HERE. So which do I prefer? Sandboxie, hands down! I’ve since experienced some issues with TimeFreeze, specifically after the reboot process. The system has occasionally restarted with a service randomly disabled, it has been a fairly simple fix – just go into Services and restart/reset the appropriate service. Still, it shouldn’t be happening and I can’t help wondering what else might be adversely affected. I sent a ‘please explain’ type email to the Toolwiz support team but have not received a response to date. That was weeks ago so I doubt anything will be forthcoming now.

In a nutshell; Sandboxie is tried and true (reliable and safe) – TimeFeeze has yet to pass that test. Sandboxie does not require a reboot, simply delete the contents – TimeFreeze does require a reboot, and I believe this is the aspect which makes it susceptible to problems. Any hiccup during the reboot process and who knows what might happen.

I hope after reading this you will understand Sandboxie a little better and just how useful this small program can be, Sandboxie is a wonderful security tool which should be utilized by everyone.

NOTE: The free version involves a 5 second delay prior to initialization of the selected operation.

  • Sandboxie HOME PAGE
  • A comprehensive ‘Getting Started’ guide is available HERE
  • Download from FreewareBB HERE
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 18 comments

Comments are closed.