Sandboxing Cons

I am entertaining the thought of sandboxing to test programs that I am not certain on whether or not I want them on my Windows 10 Pro Fall Creator OS. It is a very clean, fast, nice running install. I don't want to jeopardize that (despite my having system images).

I need some insight on if there are any cons to running a sandbox. I understand that a sandbox still runs off the OS install. Can a sandbox in any way harm or jeopardize the nice clean install of my OS?

What sandbox does the forum feel is the best and for what reason?

I had thought about a virtual machine setup, but, that seems to be a load of work.

Thanks,
Dekade

 

Part of the answer to that depends on how powerful your computer is. A sandbox will slow things down on a slower computer. Since your testing programs if you have an older computer to use I'd use it. Sandboxes are suppose to keep viruses off your computer but I don't trust any program 100%. The only one I have any experience with is Sandboxxy.

 

Asus Z97A MB; i7 4970K 4.0 Ghz; 16GB Ram; AMD Radeon HD6670 2GB

 

There's a third option but, I'll briefly give my opinion on all of them.

Virtual Machine.
This would be my choice but only if I had a relatively powerful PC and I was testing/evaluating software for a living.
The downside is you're running an OS inside an OS, hence the need for a relatively powerful PC. And if you're running Windows inside the virtual machine, it has to be activated meaning you'll need a second license.

Sandbox.
Sandboxing software claims to prevent the program in the sandbox of making changes to your system, other programs and data. I don't know how the latter will effect a file that's being edited.
While Sandboxie is the best known of these programs, the free version allows only one sandbox. I just checked and Avast's sandbox (included in Avast Free Antivirus) allowed me to run three applications without a problem. And it uses minimal system resources.

Uninstaller.
I'm currently using Revo Uninstaller Pro (Win7) and Ashampoo Uninstaller (WinXP). You need to install and uninstall a program using the uninstaller. Because the program logs every folder, file and registry item created during installation, everything will be removed during uninstallation.

 

Yes, I do like the idea of an Uninstaller. Here is where I wonder about uninstallers - I do not have the two you suggested. I have been using IOBit Uninstaller. However, after running IOBitU (and its power scan feature) I then go to the registry and do a search. I often find 5 to 15 program specific leftover keys

Seems like, after a while, all of those leftovers from multiple program installs would have an impact on the OS. Maybe not; I don't know enough to argue that.

Is that a concern? Do you think your two uninstaller programs would return like results or do they really dig deeper?

 

Difficult question as I have only used the two mentioned.

The version of Ashampoo Uninstaller I'm using is free, and it includes a registry cleaner plus other tools.

 

You wouldn't have any problems with slowing your computer down.

 

That is interesting. I also run Avast Free. I might just have a look at sandboxing in Avast. In the meantime I'm wanting to see if any other information arises from the forum. I would really like to know if anyone is actually sand boxing and what they are experiencing. I will also do more research online at various sand boxing software to see if I can learn anything more.

I want to add something here as to why this has all come about. In the last four months my PC really slowed down. So I went back and did an AOMEI System Image Restore dated 09/3/2017. The OS can back from the restore in a lightning fast performance state on the SSD. WOW. Cool. Now I want to see if software like Audacity and AVS4You Audio Editor were causing the problem before I again reinstall them.

One thing is for certain - The power and convenience of System Images CANNOT BE ARGUED.

 

I doubt it.
You can try the portable version of Audacity.
https://portableapps.com/apps/music_video/audacity_portable

 

Out of curiosity, how old is the 'new' install? I don't run '10, but in 8.1 I needed to turn off a bunch of stuff that I never use. Does it have onedrive backing up your files? Are photos automatically synced to an account? Are you participating in any of the user experience or trouble feedback programs. Any of these type might start to consume resources over time. I might would wait a week or 2 with the new install as is, to see how things progress on their own.

But you have a good idea there, to find the one's you like that are also okay with the 'new' build. I would go a step further. Even though you have images, something could always go wrong. What I do is keep a folder, I call it "After Build". And I have backups of this folder. Inside I have the installers, or the portable downloaded zip, of things I already know I want on any pc I own. That way in case of a new or used pc, or any reason to go back to a fresh install of any of my pc's I have the group that I know I like and want and are okay for any pc.

 

I've used Audacity and never had any issues with it. It doesn't use hardly any resources.

 

This option is not as powerful as sandboxing, taking into consideration that an uninstaller won't record what happens after the installation. If an app causes problems after the installation, those won't be recorded. At least I am speculating that uninstallers don't record anthing after installation, although I confess I have wondered a few times. A good uninstaller is very valuable in any event in my personal experience.

I think I would definitely grab an image of the setup if it is running so well as you say. Then maybe you could add an uninstaller and a sandboxer and see how it goes. I use the Qihoo 360 sandbox for MS Office applications and I haven't noticed any slow down over time. My PC isn't as capable as yours, so I think Sandboxxie should do what you would like to do. The pay version even lets you set up separate profiles for individual programs (can be individually deleted rather than the entire sandbox emptied), unless I am mistaken. Seems I recall that the free allows for a limited number of them or doesn't allow for them .

Sandboxxie seems to be a thumbs up generally. Always wanted to try it, but I haven't found a reason to since I started using Comodo Firewall and Qihoo 360 together. I can test using the sandbox of either.

 

Thanks AtlBo. I appreciate your input. I'm going to check into Comodo Firewall and Qihoo 360. I'm not sure what either of those is all about. I don't want to bleed into another topic here, but - is a third party firewall an advantage over the Windows built in (Windows 10) firewall?

 

I think it's an advantage. This is primarily because you will see alerts for outgoing connections attempted by applications. A good bit of malware out there relies on an internet connection to complete its work, so CF is a good choice. Some settings to look at should you choose to try CF:

1. In General Settings->Configuration go with Proactive. It's the most manageable package.
2. In Containment->Auto-Containment make sure a check box is in "Enable Auto-Containment". This will block any unsigned or improperly signed software by placing it in a restrictive container. It will also create a containment rule for the application. In the area below the checkbox. You can edit these rules, although I haven't gotten past Ignore or Virtualize. I think you can run the application fully and then see what it does with all its changes recorded in the sandbox. If it's malware or something you don't like or some other a-v flags it, you can simply get rid of it and clean out the container ("sandbox").
3. I go with HIPS on Safe Mode. You will get alot of alerts for awhile, but choosing well on the alert will help you later not have to do much. An example is to make use of the "Run as Installer" dialog at the bottom of some application alerts. This you can do any time you know the executable is harmless and will only be running once. You can use this even with portable apps if you don't feel like keeping a rule around for the app.
4. In the first Firewall and HIPS settings areas, make sure that you get a good timer for the alert. I have it set to 120 seconds...that's two minutes. It defaults to block but "do not remember" btw.
5. Can't remember all of the defaults. I've been working with it for some time. Looking over the areas here are some others I use:

Firewall Settings
-Set alert frequency->High
-Create rules for safe applications->Unchecked (not necessary but maybe convenient for some). You should get a chance to create a rule with every app when it comes to the firewall.
-Filter IPv6->Checked (I have it checked to be thorough, and IPv6 is becoming a little bit more common...98% of it is local Windows stuff tho)
-Filter Loopback traffic->Checked (same as above)
HIPS Settings
-Set popup alerts to verbose mode->Checked (really helps but I don't take the advice seriously in many cases)
Containment Settings
-Detect programs which require elevated privileges e.g. installers or updaters->Checked (Gives a unique alert for this behavior which is associated with malicious software and good software in some cases too)
Advanced Settings
->Miscellaneous->"certain applications"->Checked. I make sure this is checked and then I have enabled all of the protections, including Embedded code detections, and actually added a bunch too to the list too. If you would like a list I'll post a pic of them.

I can provide pics of the settings if you would like to see them. Comodo Firewall is very solid protection, especially when combined with a good a-v.

Note of warning about Qihoo. It's bonkers with ads. You can block them easily if you have Comodo too or some other security app you can use for straight blocks. The .exes to block are in the Qihoo program folder called PromoUtil.exe and I believe the other one is called MedalWall.exe or 360MedalWall.exe. Be careful during installation too. Look for the "Custom" choices and make sure to avoid installing anything secondary. If you get past all of this (or care to), the application underneath is really great...best out there in a number of respects. It's extremely clever and incorporates excellent software engineering and design. The sandbox is excellent for MS Office.

With Qihoo 360, you must also know to enable the Bitdefender and Avira signatures in the program. The feature is free, but they are enabled in two places. Pics are below:


Been using 360 now for 5 years. It's really good software...different but as good or better than Avast, even though Avast has the better test scores. 360 has good scores and the sandbox and other extras ...

 

Wow. What a reply. Thanks for the information. I'm going to study and absorb it all. Thanks AltBo.

 

No problem LOL. I am like a robot with these security programs after so long. I don't even realize it's coming out that way...

 

There is yet another option that just never gets a mention here - Rollback RX Free. It's an enhanced system restore that will take up to seven snapshots, each capable of restoring your system exactly as an image does, only it does it in seconds. I keep it on all systems here. It's listed here at MG but I can't give you a link, too difficult when posting using just a phone.

 

I've used VM's and Sandboxie and Rollback Rx. VM's mainly to run different OS's. SandBoxie to check email links to things that I have no idea where they come from. And I tried rollback rx for a while (3 months) to see how it went. The VM's never crashed my main OS. SandBoxie worked sometimes but wouldn't always launch my browser in a sandbox without a lot of extra trails and errors. I used it (SandBoxie) mainly to see what all these spam emails were pointing to. I found in my case the emails were mostly trying to get people to join a site (porn0) or just fishing by trying to sell insurance, vinyl siding, or other such junk. Probably all going to steal you blind if you give actual info! The rollback rx let me down twice when I really needed to backup a few days, both times I had a AOMIE image to fall back on. If you are going to try things that make you need any of these recovery type actions, choose more than one backup or image or recovery solution so that you feel you can recover from any disaster. 2 different external disks gives me more options to store images from different timelines. Say every 3 months make a new image to the next external drive. Remember also, MajorGeeks has ran and tested each listing available in their home page on a full fledged VM and so acts as it is described on it's link's page. It's all trial and error, so best just be prepared for when there is an error!

 

One other way to do this is to use a RAID setup for two drives. I believe it's RAID 1 that does the clone job. I have this setup for backups using a Western Digital MyBook Mirror. It has two drives which clone from the first one or can clone in reverse if one is replaced.

Don't get as much disk space for backups this way I guess, but it is super easy to work with. MyBooks can have gigantic drives too, although the one here is only 2x500 GB...

 

I certainly go along with Imandy's advice to have more than one tried and tested recovery method. I use disk imaging in addition to Rollback RX but you do need know what you are doing as it's very easy to render the system unbootable if you get it wrong with these two. The safest method is disk imaging using two backup disks. I find a monthly image the best, keeping the latest three.

 

I too have been using Aomei; for about two years now. Love the image restore concept, period, for maintaining sanity. I also like the idea here in the forum of having another software program for images. I will have to shop again and see what would be my next choice down from AOMEI. AOMEI is sweet - at least it has been for me.

 

This is recommended quite a bit in the forums. Some members are real knowledgeable on using it's various options; incremental or differential backups, it's boot disk (or 'rescue') options, and other program options. Could be worth looking into it. Read the whole description and even the comments for a general understanding.

http://www.majorgeeks.com/files/details/macrium_reflect_free_edition.html

 

Thanks Imandy Mann. I have followed the link and it does appear pretty good. I recall it from a few years back before I chose Aomei. Still thinking about it.