Sandboxie provides the following security (and more) for any web browser:
a whitelist of allowed executables (launched by the browser)
a blacklist of folders/files not readable by malware
a whitelist of folders where changes are not deleted when the browser is closed
I have one sandbox for updating the browser (bookmarks, settings, installing add-ons) and another sandbox for normal surfing, which automatically deletes almost all changes to the browser’s profile folder. I also close the browser (delete the sandbox) before and after doing any financial-related web activity. After I spent a little time learning how to configure Sandboxie, I wouldn’t browse without it.
Assuming that the browser is sandboxed by Sandboxie, I am interested in how forum members compare the security and usability of Comodo Dragon and Firefox+NoScript. I use Firefox+NoScript today, and I am wondering why folks who have tried NoScript would choose Comodo Dragon instead.
You mention the usability of Firefox with NoScript, but I’ve always felt NoScript to be a hindrance. Not to mention I have trouble trusting it after the developer purposefully interfered with the operation of another extension. He effectively patched in a blind spot with a NoScript update. It was quickly discovered though, because it completely broke the other extension, instead of just the intended blind spot. NoScript is a self proclaimed security extension, whose author isn’t above malicious tampering of other peoples code… :-TD
I personally feel that using AdBlock Plus with a filter to block third party scripts is a much better option than NoScript. Locally hosted scripts really aren’t a problem unless you visit questionable sites. It’s the scripts that the site owner has no control over that are the real issue.
I think Dragon+Sandboxie is a fine replacement for Firefox+NoScript. It’s even a fine replacement for Firefox+AdBlock Plus. I’m completely comfortable with Dragon+Sandboxie, although AdBlock Plus for Chrome isn’t as functional yet as ABP for Firefox.
Sandboxie works by virtualzing files and processes. Any and all system changes are merely temporary and can be deleted from the sandbox at any time.
The Chrome sandbox works by restricting user access. In simple terms, it strips processes of all access privileges. (Although I’m sure the techniques are different, this is similar to what the automatic sandbox in CIS does)
Sandboxie on the other hand, doesn’t care about access privileges because anything changed is changed in the virtual system and can easily be undone. If a malicious process runs, simply delete the contents of the sandbox.
Since the Chrome sandbox is using standard Windows security features to limit what processes can and can not access on your system, any exploit that can bypass these OS access checks gets out of the Chrome sandbox.
It’s definitely not meaningless to run a Chromium based browser in Sandboxie…