Originally Posted by jonathan123456789
thanks francis, that's what i was looking for, i'm a low risk user but it's more of a "just in case", you never know where a malware might be lurking and they seem to be evolving at an alarming pace. it was actually this article that prompted me to think maybe i should look into sandboxing:
i've downloaded it and am currently running it, i'm most concerned about web browsing so i'm using the "sandboxed web browser" do i need to do anything else (if i hover near the edges of the screen it's highlighted yellow so i assume that's showing me it's running in the sandbox)?
Glad to help!
Running it "out-of-the-box" is OK. But a few things to consider (right-click on the sandbox > Sandbox Settings):
- Recovery > Quick Recovery: Any file saved to the location(s) specified here will give you a prompt asking what you'd like to do with this file (recover it to the real system or just delete it). For example, since I usually save things to my desktop, I have that listed as a quick recovery location. So when a download to my desktop completes a dialogue pops up with the option to move the saved file to my real desktop from the sandboxed desktop. This is easier than browsing the contents of the sandbox to find the file.
- Delete > Delete Invocation: Check "Automatically Delete Contents of Sandbox" if you'd like to discard the contents of the sandbox when you close the sandboxed program.
- Restrictions > Internet Access: By default, all programs in the sandbox can access the internet. However, as a bit of extra security, you can specify which programs you'd like to give access to. Anything else is blocked automatically. It's really up to you how you want to do it...it does add alot of extra security but it can be a bit of a PITA to setup.
- Restrictions > Start/Run Access: Similar to Internet Access. Again by default, all programs contained in the sandbox are allowed to run. If you'd like to specify a select few programs you want to run you can specify them here. Otherwise, everything else will be blocked.
- Resource Access > File Access > Direct File Access: Think of this as punching a little hole in the sandbox for the sake of convenience. Anything written to these locations will be allowed to pass through the sandbox uninterrupted.
- Applications > Web Browser > **Your Browser**: There are some pre-configured settings for direct access and forced programs that are for convenience. Of course this is could make things a bit less secure but it helps make Sandboxie run a bit more seamlessly.
I hope this helps!