THE SANDBOX

In a playground there is one spot that is considered a save haven for kids who get bullied. Where is this safe place? It’s the sandbox – which is in direct sight of the parents.

Ever notice that? Playground sandboxes are usually situated right in front of the benches where parents congregate. Park planners apparently believe that kids who play in sandboxes need to be watched.

Maybe that’s how the term ‘sandbox’ came to be applied to a safe haven in a computer – a place where programmers can experiment with techniques and applications without affecting the operating system.

In the sandbox, you can unleash any application – even viruses – to see what affect it has on a computing environment. Whatever happens in the sandbox stays in the sandbox, to paraphrase a popular ad.

The concept is not only valid for programmers and virus fighters. Ordinary computing folk can also use a safe place to ensure that no nasties infect their PCs. As we are all aware, the simple act of surfing can sometimes infect our machine.

It’s not like there aren’t solutions. I’ve discussed any number of techniques to avoid getting infected, such as limited Internet Explorer ActiveX or scripts, or increasing your web browser security level. Install the best spyware and virus programs, and other tools to root out disasters.

Avoid clicking on some links or images, and avoid some web sites altogether.

All these solutions have one common denominator; they force you to limit your computing experience by denying you the opportunity to use legitimate programs. Most of them are harmless – but how can you know which ones are harmful and which aren’t without running them?

You could whack out a script by manually turning scripting off, but that’s too much of a hassle for most people, so they end up just turning off the whole thing.

This is where the idea of a sandbox comes into its own. If you set up your system in such a way that you have a safe haven where you can run scripts without having to fear the consequences, you won’t have to miss out on the potentially helpful things you come across.

While building an isolated segment in an operating system sounds like a daunting task, there is a free program that can do all the hard work for you.

Sandboxie

If you read the page you’ll graphically understand how Sandboxie protects your computer. Once installed, it will take control of any application you assign it and write any changes to a special folder, preventing any system-level changes from taking place. At the same time, it lets you use the web services that are on the level.

You choose a program to sandbox by double clicking the icon in your taskbar, bringing up the sandboxie control..

From the file menu you select the program to sandbox. I selected internet explorer.

You’ll then get a list of processes that sandboxie is controlling:

And finally, you’ll know an application is sandboxed because it has a pound sign(#) in its title bar.

Thank of Sandboxie as an operating system proxy. You instruct it to open a program – like your web browser – and it will take custody of any communication between the application and your operating system. In the case of a rogue script, Sandboxie will take the information and write it to the ‘sandbox’ – a special cordoned off area that contains all new data that should have been written to the system, but isn’t.

Instead, Sandboxie’s sandbox contains a mirror version of whatever would have been written – like changes to preferences, configuration files, etc. – and stores it.

Sometimes you will want to run Sandboxie and sometimes you won’t, because the program is very thorough. Exploring the Internet calls for protection; you never know what you’ll get.

If you find a site you want to bookmark, you should run your browser without Sandboxie, because the bookmark will not be written to your Favorites folder otherwise.

For a suspicious email: if you see a suspicious message that you just have to read, quit your email client, reopen it under Sandboxie, and read the offending message.

On the other hand, if you want to write a message, make sure to turn Sandboxie off, or your message won’t get added to your ‘sent messages’ list.

You can run two instances of the same program, one under Sandboxie and one ‘regular’. You know a program is being controlled by Sandboxie when you see that little pound sign next to its name in the title bar.

Sandboxie is a combination of the word sandbox and IE (Internet Explorer), which it was originally designed to control. The next version will control Firefox and other browsers just as well.

Sandboxie is effective not only against rogue scripts and ActiveX controls. It’s also effective against ‘normal’ web operations like cookies, spyware, etc. – all the things we have come to take for granted.

If you want to see what programs are being sandboxed, open the Sandboxie control panel; it will in turn lead you to your sandbox – the folder to which all the changes are written. There you can really get a handle on who is trying to do what to you, and ensure that the system you try to keep as clean as possible is not sullied.

There are a couple drawbacks. You can’t download files, assign favorites, or write columns like these under Sandboxie.

Dennis Turner