I came across this just recently.
I am sure readers will be interested

I should have headed it Sandbox not Firebox

I have changed it for you rambo.


I am much obliged

hi guys (:WAV)
i’ve seen the page,maybe someone in the forum have tried this sandboxie? can somebody simplify the explanation to me bout this product? not a techie person, got questions too :

  1. is it free ;D or just a free trial
  2. will it hogging our computer
  3. i’ve heard Norman Virus Control has sandbox too, is it the same?
  4. about question #3,has someone put this sandbox thing in CAVS wish list?


I’ve been using Sandboxie for 3 or 4 months. It’s free but the licence ($30) - valid for life - allows you to set the forced programs i.e. those that automatically open in the sandbox; you would, for example, want your browser certainly to open in the sandbox. I also have my e-mail client, Word, RealPlayer and many others set to run sandboxed. My understanding is that any programs that run in the sandbox cannot do any damage to data and files outside the sandbox. So say you open some dodgy web page containing something nasty, once you have emptied the sandbox (let’s say prior to doing some online banking), you will now be safe. Of sourse, if there is anything nasty (e.g keylogger etc) already on your computer i.e. outside the sandbox, this program won’t stop it doing its evil. I suppose the sandbox is a containment zone.

It uses very few resources. It’s one of the very few software programs I’ve been so impressed with that I’ve bought the licence, and at $30 it’s a gift and it covers all future issues. The support and forums are excellent.

Don’t know about Norman Anti-virus sandbox but I’m sure there is no connection.


thx for the explanation. now where can i get $30 :THNK ;D

I’ve used sandboxie for around 1y, a perfect line of defense and perfectly light.

watever u download from internet, its isolated inside sandbox.
wanna save it to ur computer? scan w ur bunch of scanners before saving.
If u dun like it, ‘delete content of sandbox’ will flush it 4ever.
However, sometimes u flush da sandbox and later realize dat u flushed something important dat u’ve just downloaded.

U definitely dun need a real-time antispyware along w sandboxie. In fact, I’ve used CPF+SSM+Sandbox w/o any real-time AV or AS for around 3 months, never got any probs.

u dun need a paid version. free one is good enuf.
the difference is dat for paid one:
-u can run as many sandboxes at same time as u wan, which is not neccessay unless u test lots of apps.
-u can set-forced programs which is pretty convenient.

However, there r stil places for improvement:
-easier in saving content from sandbox. opening sandbox folder–> copy-paste is lil time-consuming.
-for paid version only: non-limited set-forced programs (by specifying .exe need to force) coz now u r limited to few major apps like IE, FF,Opera, Outlook…

i don’t think that i really need it, i have CAV (& CBO) realtime shield and on access scan, and i have CFP,so if i accindentaly download something dangerous, CAV on access scan will do his job. BUT, since it’s FREE (WOHOOOOOOO), i’ll try it ;D
thx for the info.


Looks nice (had already heard about sandboxing and this free proggie), but it looks overkill and too much paranoid annoyance for me, since I even run as limited user… :stuck_out_tongue:

Its mor dan a defense app tho. After u online, ‘delete content’ → no cookie, no temporary files, nothing. the mor u run in sandbox, the less MRU u get.

I also run my chat client in sandbox. Note CAVS dun haf instant msg shield.

now Ram: no AV, AS can run w such a low footprint: ~1M!

about the temp files & cookies, i think we can remove them with a registry cleaning tool. am i right?

now we need a chat shield too? now that’s scary. how it’s possible that a malware entering our computer by instant messaging (i think it’s possible only IF we accept a file sent to us)? and i think (once again) CAV will do his on access scanning/realtime scanning job.

and about RAM, no AV and AS can run…etc
you mean, with sandboxie, we can disable our AV? and AS (antyspyware?) can uses less RAM, how? ??? (li’l explanation pls ;D )

i’ve heard this similar comment about sandboxie (it’s no use, paranoidware,etc). makes me confused.

so let’s make a closure (for me ;D ):

DO I (a stupid novice tried to act cool,not a techie, using computer for email & office job only) NEED this SANDBOXIE ??



Using a sandboxing program to run your internet-connecting applications basically means that those applications are running in a kind of virtual environment. Any changes they make (or are made through them) are not actually made, unless you allow the sandbox to make them permanent. These changes will disappear normally when you close the sandbox application; they never get to actually impact the operating system.

And yes, it is quite possible to get malware thru IM applications; they all seem to have some persistent vulnerabilities and there are lots of malware created just to exploit them. You do not, afaik, have to just be transferring files via IM.

Whether or not you “need” a sandbox is up to your personal determination. And probably level of paranoia as well. :wink: A sandbox is another aspect of a layered security setup. And yes, your AV’s on-access scanner should kick on something, as would a HIPS; your firewall should warn of an unauthorized Outbound attempt by an application, and so on.

I would tend to think that for the average user, a sandbox is probably overkill, and they would not use it the way it’s intended to be; thus they would defeat the purpose anyway. But that’s just my opinion.


ya tru,but do u kno everitime u perform a scan, it degrades ur hard disk? (actually very lil)

There r 2 ways for nasties to penetrate ur system,:
-online: thru web browser,downloads, IM, email client
-offline: thru portable hard disk, disc…

Now, w sandbox, watever u download, scan w BUNCH of scanners and copy to ur system. the possibility dat online threat can damage is reduced significantly.
If u dun use sandbox n rely on ur ONLY ONE real-time AV,AS; and if ur only 1 realtime av,as miss da nasty, u r misleaded dat u r safe! (u see da difference? BUNCH vs ONE)

and about RAM, no AV and AS can run........etc you mean, with sandboxie, we can disable our AV? and AS (antyspyware?) can uses less RAM, how? ??? (li'l explanation pls ;D )
dats exactly wat im doing w my computer. w sandbox, u ABSOLUTELY dun need realtime AS.

the only left risk is from offline threats which I use SSM to handle and I also disable autoplay function.

uhm, maybe its overkill wen u only browse safe sites. For me, i regularly visit torrent sites and sometimes (very few) porn sites (dun judge my morality, now I has to stay away fr smokin, alcohol, coffee, life is so tolerant)

dats exactly wat im doing w my computer. w sandbox, u ABSOLUTELY dun need realtime AS.
I wouldn't go so far as to say that definitively, simply because it is theoretically & practically possible to bypass any security, including a sandbox. Anything that has code can be exploited in some way (and is, or will be, as soon as someone can figure out how...).

I am not saying that this has a high degree of probability, but it is certainly possible. The only safe computer is the one not connected to the internet, not turned on, not even plugged in… just sitting in the box!


u r rite LM.

But since we cant calculate the possibility of infected by usin sandbox vs AS, I go for resource. I dun wori much as i stil got HIPS.

More dan dat, AS apps r more well-known dan sandbox apps (i feel so). Therefore, more xploitations aim at AS; sandbox is relativly safer dan AS.

You can of course delete cookies, history and cache from the browser (yes even IE). And I’d need proof that scans by registry cleaners or any other programs degrades the hard disk, otherwise than just like any normal disk usage remotely could. :slight_smile:

I don’t think sandboxing is necessary for me. An elementary security measure, advised even by Microsoft and in a sense default in Vista, is to run Windows as a limited user. If you do so and don’t behave suicidal, I’d say sandboxing is overkill. On the other hand using a sandbox while running as admin doesn’t make sense to me, it’s like relying on the airbag without the seatbelt on. Besides even though running without admin rights is a little annoying, I reckon that having to manage sandboxes and save them to the machine would be far more so.

But I guess sandboxing is very nice in case somebody who’s not trustworthy security-wise has to use your computer for a while, besides of course for testing malware intentionally.

Anyway I’d always keep that firewall and resident AV on unless you’re really strained for resources. If you have enough (and that’s not so much) there’s no reason to cut on security. My security takes tens of MB of RAM (I think future versions of Comodo products will save some of this), but since I never use even half of my RAM (got 1 GB) at least when browsing there’s no reason for me to uninstall anything, even though I perfectly could and stay almost as safe. I’d happily trade RAM for set-and-forget ease. Plus as LM said some malware could find its way out of the sandbox even on its own --also because of a user’s ovresight or a 0-day threat or whatever.

Aladinoni says go
Japo & LM vote for no go
that’s 2 vs 1.

for this kind of threat, i guess that’s firewall job,right? and AV’s job is to handle threats from downloading/transfering files. (hope so.) and HIPS is the last protection.

an opinion from someone with 5 blue stars ;D

so am i right to conclude :
I’ve got AV to protect my door (download/transfer files)
i’ve got Firewall to protect against unauthorized access from chat apps or unsafe site (porn ;D )
and IF for some reason, a malware managed to enter my computer, then realtime scanner,onaccess scanner, and HIPS are my bodyguard.

You’re bad ;D , so guess i don’t need this sandboxie, i do safe surf.

thx for the info guys.much appreciated.and beers for Japo


I like your analogy. :slight_smile:

I’d say so; firewall for proactive defense. With CPF 2.4, malware cannot hijack your programs without asking you, and with 3.0… you know! HIPS!

As for your conclusion, I believe you are right. Think of Melih’s three-step analogy - Prevention, Detection and Cure!


CONFIRMED!! i don’t need sandboxie! thx LA