Does Sandboxie 4.01 need Drop Rights Enabled?

  • Total voters
    8

ad18

New Member
Hi guys. I am using Sandboxie 4.01 right now and am wondering if I need to enable the Drop Rights feature. Does this really make Sandboxie more secure? Tzuk has this feature enabled in V. 3.76 but not in 4.01. What do you guys think? Please vote in the poll Thank you for your opinions.
 

jamescv7

Level 61
Trusted
Verified
Well for better protection, Drop Rights are suppose to be enabled to limit the aplication to gain privileges.

If deactivated then UAC will pop up asking to allow or not.
 

ad18

New Member
jamescv7 said:
Well for better protection, Drop Rights are suppose to be enabled to limit the aplication to gain privileges.

If deactivated then UAC will pop up asking to allow or not.
Thanks for the reply. I guess I am asking if Drop Rights provides better malware protection than not enabling it. Do you think Drop Rights makes a big difference in security?
 

jamescv7

Level 61
Trusted
Verified
Let's say it adds additional security caused applications couldn't access easily the admin rights when the feature enabled thus a pop error showed.

Brief Explaination

Its either legitimate or malicious application could blocked due to that feature of Sandboxie
 

ad18

New Member
jamescv7 said:
Let's say it adds additional security caused applications couldn't access easily the admin rights when the feature enabled thus a pop error showed.

Brief Explaination

Its either legitimate or malicious application could blocked due to that feature of Sandboxie
That makes sense. Thanks for the reply.
 

Gnosis

New Member
I have selected "drop rights", but I am a power user anyway, so I am not sure if it matters, at least in my case.

Typically I instruct users to apply "drop rights".
I have always heard this from the foremost of PC experts that I trust.
 

Gnosis

New Member
The rights that are dropped when we tick Drop Rights can not be used by malware to escape the sandbox. So, using or not using the setting does not make a "big difference in security" since nothing gets out of the sandbox without our approval but the setting gives us the chance to "restrict" what can be done by programs running in the sandbox. For example, if you enable Drop Rights, programs are not allowed to install sandboxed. So, if you are browsing and all of the sudden malware starts getting downloaded, it wont run or installs because you have the setting in place.

Bo

I would like to add to that what I perceive to be the gist: dropping rights keeps your sandboxed environment from being corrupted to the point of not being user friendly due to the realities of malware symptoms within the sandbox, which might cause your 2 hour long Netflix movie, that you took almost an hour to download, to crash, for example.
 

ad18

New Member
bo.elam said:
ad18 said:
I guess I am asking if Drop Rights provides better malware protection than not enabling it. Do you think Drop Rights makes a big difference in security?
The rights that are dropped when we tick Drop Rights can not be used by malware to escape the sandbox. So, using or not using the setting does not make a "big difference in security" since nothing gets out of the sandbox without our approval but the setting gives us the chance to "restrict" what can be done by programs running in the sandbox. For example, if you enable Drop Rights, programs are not allowed to install sandboxed. So, if you are browsing and all of the sudden malware starts getting downloaded, it wont run or installs because you have the setting in place.

Bo



.
Thanks for the reply Bo. I thought this setting helped keep malware in the sandbox. Now I understand it helps prevent malware from carrying out its actions within the sandbox. I appreciate the clarification.
 

Spawn

Administrator
Staff member
Verified
You could say it's similar to a Standard UA where it's privileges are restricted.

What have you decided, to use DMR or keep unchecked?
 

ad18

New Member
I enabled Drop Rights in the DefaultBox which I use only for browsing. I created a separate sandbox called ApplicationSandbox without Drop Rights enabled. I will use this sandbox for trying new apps.
 

Similar Threads

Similar Threads