kleptomaniak

Level 1
In Linux i've used a great program called firejail that restricts access to the browser and the running environment itself. I've used it for sometime. I am curious if there are good or better alternatives to Sandboxie. Hitman.Alert has some features that mitigate browser exploits. I'm looking for something that is effective and simple. I've used Sandboxie and had a lifetime license some time ago but Sandboxie seems overly complex and if you toy around with those settings I am sure will detrimental to your browser safety. Its been sometime since I've used Windows so I am not familiar with all the great software out there, the last time I used Windows I used Windows 7 and Windows server 2003 :p
 

shmu26

Level 76
Content Creator
Trusted
Verified
1 ReHIPS is an alternative to Sandboxie. But the free version (demo version) makes it hard to run Chrome in sandbox, if that's what you want to do.

2 Playing around with Sandboxie settings won't necessarily be detrimental to browser security. If you can handle Linux, you can handle SBIE settings, you will understand when you are hardening the sandbox or weakening it.

3 On Windows 10, Chrome runs in appcontainer, which is a kind of native Windows sandbox. If you add Sandboxie on top of it, you lose appcontainer, and gain SBIE. In some ways, this is weaker, and in other ways, it is stronger. If you use Firefox, this caveat does not apply, because it does not run in appcontainer AFAIK.
 

shmu26

Level 76
Content Creator
Trusted
Verified
ReHIPS seems very interesting, and it doesn't seem to annoy VoodooShield at all. The options in ReHIPS aren't difficult to understand and their forum has a ton of FAQs so I got up and running fairly quickly.
If you are running Voodooshield, then you can put ReHIPS in "Permissive" mode. That way, it won't bother you with prompts, it will just follow the existing rules, such as the ones telling it to run certain programs in sandbox.
 

notabot

Level 8
In Linux i've used a great program called firejail that restricts access to the browser and the running environment itself. I've used it for sometime. I am curious if there are good or better alternatives to Sandboxie. Hitman.Alert has some features that mitigate browser exploits. I'm looking for something that is effective and simple. I've used Sandboxie and had a lifetime license some time ago but Sandboxie seems overly complex and if you toy around with those settings I am sure will detrimental to your browser safety. Its been sometime since I've used Windows so I am not familiar with all the great software out there, the last time I used Windows I used Windows 7 and Windows server 2003 :p
It’s not as strong as firejail is for Linux but most apps in the Windows store use AppContainer which should be sufficient when combined with other native mechanisms. An exploited app that’s running in an AppContainer cannot inject to other apps and thus it leaves

I) either deleting stuff in user space or uploading to a c&c —> use CFA to protect sensitive docs

II) privilege escalation attempts -> quite hard without injections but in any case block what you can with your firewall , use SRP to block sponsors

Prefer apps from the windows store to native apps, use CFA and Windows Firewall the OS gives you anything you need

You don’t even need hitman, you can use Exploit Guard for browsers, pdf reader, Office apps
 

AtlBo

Level 26
Content Creator
Verified
Anyone know of a way to run an application in a sandbox in Sandboxie free at all times? Looks like a registration will be required as far as I can tell. Only launches in the sandbox when opened from the Sandboxie launcher icon.

Avast have sandbox
In the free version? Something to think about for me if any application can be set to run sandboxed from its icon. The option menu seems like it is only partial protection.
 
  • Like
Reactions: stefanos

stefanos

Level 19
Verified
Anyone know of a way to run an application in a sandbox in Sandboxie free at all times? Looks like a registration will be required as far as I can tell. Only launches in the sandbox when opened from the Sandboxie launcher icon.



In the free version? Something to think about for me if any application can be set to run sandboxed from its icon. The option menu seems like it is only partial protection.
Never i used Sandboxie. But Shade sandbox i know you can
 

stefanos

Level 19
Verified
Anyone know of a way to run an application in a sandbox in Sandboxie free at all times? Looks like a registration will be required as far as I can tell. Only launches in the sandbox when opened from the Sandboxie launcher icon.



In the free version? Something to think about for me if any application can be set to run sandboxed from its icon. The option menu seems like it is only partial protection.
Avast only the pro version
 

AtlBo

Level 26
Content Creator
Verified
Question about where the protection begins. With Shade will the browser open in the sandbox even if it is opened by a separate application? This was the issue for me with Sandboxie. Malware could launch the browser and there is no protection.