How well does the sandbox protect your system from damage? [v6]

Summary of this assessment of system damage protection here. More detailed analysis and method here.

Protection of main machine and shared space from sandboxed processes
This is important if you are using the Sandbox for risky purposes, for example surfing sites that could be infected, or as a place in which the activities of inexpert (eg child) or untrusted users can be segregated.

  • Malware will not usually be able to permanently damage your your real system as the virtualiser is a kernel hook so difficult for malware to disrupt and sandboxing seems fairly comprehensive in scope. Also direct disk writes and writes to your local network are prevented. But there are indications of a few leaks which could let something through. Also the fact that the Sandbox filestore and registry root key is accessible from the real environment (though the filestore is hidden) could lead to accidental leakage of malware through user error or the operation of system programs like backup and restore. And you will need to be careful of storing things of importance in shared space, to which sandboxed processes have unvirtualised access.
  • Malware will find it difficult but not impossible to temporarily disrupt your real system as the most obvious techniques are prevented. However communications are not deliberately controlled, and malware could potentially (though with some difficulty) exploit these to cause difficulties. This is relatively difficult to address, some tips here.
  • Hackers should not be able to hack into the Sandbox and take control of the computer as inbound CIS firewall connection controls, and OS access restrictions are in place by default
  • Untrusted Kiosk users will find it relatively easy to escape the Kiosk due to password implementation weaknesses

Protection of sandbox
This is of relevance if the sandbox is used to store important, say sensitive, information or important software installations.

  • Unknown malicious files running non-sandboxed will be controlled by the behavior-blocker, though a few exploits can escape this, so, give that the sandbox store is accessible from the real environment permanent damage (eg by ransomware) could be done.
  • Temporary disruption of sandboxed process by non-sandboxed process is not restricted in so far as I can determine
  • User of the real machine can be inhibited from entering the Kiosk and damaging files by a password, though this is easy to by-pass, and if they know where to find the sandbox (virtual store), they can access the information anyway.

Protection when changing purposes
This is important when you want use the sandbox for risky purposes which may result in malware installations and then want to use it to store things that need to be protected (or vice versa). There is no automatic protection against such risks, you need to remember to reset the sandbox between such uses or use the other approaches described here.