Updated (4-04-2018, 22:29): test stopped
The test has stopped.
Features of PUBG mode:
Now you can test it yourself! Download shortbread dough.
If you participated in the first iteration of the Sandbox, you do not need to create a new password. Simply download the Sandbox client and log in using your password for the first iteration of Sandbox.
Recently, cyber criminals have become so inventive that reports of virus epidemics are not surprising and have become, in general, commonplace. However, seeing news about the distribution of a new Trojan on 3DNews is one thing, but finding this very Trojan on your computer is quite another. On the Internet you can find a lot of advice on how to avoid becoming a victim of scammers: from using modern versions of software that have closed all known vulnerabilities, to having a reliable modern solution for security.
However, in some cases, even the most reliable firewall and the smartest antivirus cannot save the user from infection. This happens when the program protecting the computer is not sure of the malicious action of the application being launched or the script running on the web page, as a result of which it leaves the decision to allow the action to the user. You may well decide that the antivirus is overly suspicious or simply, after thinking, click on the “OK” button, thereby allowing the execution of malicious code.
What to do? Is it really because of the possibility of picking up a Trojan that it is better not to launch new applications, and to give up web surfing altogether? There is an excellent solution that for many can be an excellent addition to all the means to protect your computer from pests. It's about about working with applications in the sandbox.
A sandbox is an isolated environment that has a small amount of hard drive space and is independent of the actual operating system. When you run a program in a sandbox, it operates just like a regular application, but it cannot affect any system components that are outside the sandboxed environment. This means that it is not possible to make changes to the sandbox. system registry, replace system files or perform any other actions that may affect the stability of the system. Thanks to this, the sandbox can be used to surf the Internet safely and to run unknown applications. Such an isolated environment can also be used for other applications - for example, programmers and testers can run unstable versions of programs in it.
The fact that working with applications in the “sandbox” can be useful to a wide range of users is evidenced by the fact that the corresponding opportunity appeared in the program last year Kaspersky Internet Security. Users of this security suite can work with suspicious applications in an isolated environment if they open them through the context item Windows menu"Run in a safe environment." For clarity, the window of a program running in an isolated environment will be surrounded by a green frame.
Kaspersky Internet Security also allows you to create a list of programs that can be potentially dangerous to work with (you can include, for example, a browser). To do this, you need to open the “Application Control” section in the application settings and use the “Add” button to add the program to the list. If you then open the program from the Kaspersky Internet Security window, it will work in an isolated environment. This function is convenient to use, say, if during a browser session you plan to visit sites that may contain suspicious code. In addition, such a function can be a good replacement for the privacy mode that has appeared in the latest versions of popular browsers.
It is worth noting, however, that Kaspersky Internet Security provides only the most basic capabilities for running programs in the sandbox. Specialized applications have much more capabilities. Let's look at some popular programs designed to work in an isolated environment.
Sandboxie is, without a doubt, the most famous sandbox solution. The program uses the classic method of protection; the application specified by the user is placed in an isolated environment, as a result of which it cannot influence the operation of the system. Interestingly, Sandboxie was designed for use with the Internet Explorer browser, which is one of the most popular targets of cyber criminals. However, Sandboxie can now work with almost any Windows application.
One of the features of Sandboxie that distinguishes it from many other similar programs is the ability to create an unlimited number of sandboxes. In this case, the user can create a list of applications that will be launched in each of them. By default, the program itself creates a sandbox called DefaultBox, so you can start working with Sandboxie immediately after installation. To open a program or document in an isolated environment, you need to select the "Run in sandbox" command that appears in context menu Windows.
If you create additional sandboxes in the future, you can ask the program to open files and applications in a sandbox other than DefaultBox. To do this, select "Start" menu item " Start menu Sandboxie" and change the default sandbox.
You can run applications in an isolated environment not only from the context menu, but also directly from the Sandboxie window. To do this you need to click right click mouse over the name of the "sandbox" and select the appropriate command ( this menu also available by clicking the Sandboxie icon in the system tray).
By the way, to speed up the selection, you can use the “Launch Web browser” and “Launch email client” commands, which open applications installed on the system by default. Using the sandbox context menu, you can perform other commands, such as closing all sandboxed applications with a single click, viewing the contents of sandboxes, or deleting them completely.
In order to quickly identify a program that is running in an isolated environment, Sandboxie provides a special command “Window in a sandbox?”, when selected, a special crosshair appears on the screen, and by dragging it onto the desired window, you can obtain information about the status of the program.
However, if the sandbox works with default parameters, then this tool is not needed, since a [#] icon appears next to the application name in the header. If for some reason you need to disable the display of the icon in the header, this can be done in the sandbox settings. In addition, you can add the name of the “sandbox” to the window title, and also draw around the window thin frame any color, which will help to more clearly determine its affiliation.
By accessing other sandbox settings, you can flexibly configure access permissions to different resources. Thus, you can determine which files and folders access will be blocked, which programs will be able to access read-only, and also configure interaction with system registry keys.
If necessary, in the sandbox settings you can specify applications that will be forced to launch in it. In other words, when you run the specified file, Sandboxie will intercept the application and prevent it from running normally. The program allows you to specify not only individual executable files, but also folders, when you launch any applications from which they will open in a safe environment. The latter feature can, for example, be used to launch new programs that have been downloaded from the Internet to the Downloads folder.
BufferZone Pro is another one good decision for working with applications in an isolated environment. Despite the fact that using the program you can run the most different applications, it is designed primarily to work with browsers, IM clients, peer-to-peer file sharing programs, and other Internet software. This is evidenced by the fact that BufferZone initially has a fairly extensive list of applications that launch in default safe mode. Among them Mozilla Firefox, Google Chrome, ICQ, BitComet, Skype, GoogleTalk and others. The user can edit this list at his own discretion, adding additional programs to it and removing unnecessary ones.
Similar to the utility discussed above, BufferZone can monitor all applications that run on the computer and redirect them to the sandbox. BufferZone can also block the launch of any unknown programs.
Unlike Sandboxie, this program does not provide the ability to create multiple sandboxes. The windows of all programs running in the sandbox are surrounded by a red frame. See what programs are in this moment work in an isolated environment, or in the main BufferZone window. Brief statistics about the operation of programs in an isolated environment are also displayed. BufferZone not only counts how many actions were performed by such applications, but also keeps a record of potentially dangerous operations on the system, as well as security threats that were prevented.
In the event that a sandboxed program executes malicious code or other destructive actions, you can quickly delete all data associated with applications running in the sandboxed environment. In addition, it is possible to automatically clear such data according to a user-defined schedule.
BufferZone also has some additional features, which are not directly related to the sandbox organization, but help to increase the overall level of computer security. So, using the program you can prevent opening files from external hard drives, DVDs and USB drives, or allow such data to be handled only in an isolated environment.
In conclusion, we note that in addition to the paid version of BufferZone Pro, there is also a free edition of the program. It implements a number of limitations, for example, it is not possible to create a snapshot of the virtual environment and restore data stored in it. In addition, in free version Fewer applications have protection enabled by default.
When choosing a specialized program for running applications in a sandbox, you need to keep in mind that there are two main approaches to organizing an isolated environment. In the first case, a “sandbox” is created for applications specified by the user, and during one session of working at the computer, he uses both programs that run in an isolated environment and those that run in normal mode. Programs that use this approach to organizing system protection were discussed in this article.
However, such a solution is not always acceptable. There is a second approach to organizing software operation in an isolated environment, which involves creating a “sandbox” the size of the entire operating system. In this case, an image of a working system is created, after which the user begins to work with it, and not with the real environment. All actions performed by it are saved only until a reboot, and after it is completed, the system returns to its original state. This solution is convenient to use on public PCs, for example, in Internet cafes, computer classes, etc. We will talk about programs that can be used to organize such protection in the second part of the article.
If you are familiar with the functionality and features installed on your computer, then you probably know why you need such a wonderful tool as Sandbox. As a rule, this module is included in the most well-known antivirus programs, for example Avast.
Sandbox, or as they also say sandbox, is a software module that allows you to run any application in a strictly isolated environment.
The main task of Sandbox is to ensure maximum computer security when running potentially dangerous applications or visiting infected websites.
It must be said that this method is not without its drawbacks - for example, when the Avast sandbox module is running, some applications running in safe mode may not work correctly, and in some cases even cause the antivirus program to freeze.
In addition, this is not very convenient, especially when you need to quickly switch from one mode to another. For those who are not satisfied with this situation, we can recommend a simpler and fast decision– utility Sandboxie- sandbox program.
This small, convenient program with a Russian-language interface allows you to create virtual areas in which you can run almost any application.
In this case, the results of all programs launched in Sandboxie will be saved in separate, specially designed folders, without at all affecting the operation of the operating system as a whole, thus protecting it from possible damage viruses or configuration changes.
Sandboxie can also be used as a means anonymous surfing to the Internet in the sense that after closing the browser on the user’s computer there will be no traces of visiting sites. 
Working in Sandboxie is quite simple. During installation, the utility may prompt you to configure compatibility with certain programs.
All other settings, except for the ability to integrate Sandboxie into the Explorer context menu, can be left unchanged.
By the way, in addition to global settings, it is also possible to change the parameters of the sandbox itself. Just like the general ones, it is recommended to leave these settings as default.
The sandbox program Sandboxie supports the creation of several separate sandboxes, and in each of them you can run multiple applications.
Programs running in the same sandbox can easily exchange data, but applications from different virtual areas will be isolated from each other, as well as from the operating system as a whole. By default, the utility uses one sandbox called " DefaultBox".
For example, let's open some application in Sandboxie, let's say an ordinary Notepad. Maybe, text editor and not best example for demonstration purposes, but it doesn't really matter at the moment.
Go to the menu " Sandbox» → « DefaultBox» → « Run in sandbox» → « ...any program" After this, a small rectangular window will open in which you can enter the name of the program, in our case it is notepad.exe, or browse by specifying the path to the application to open from the desktop. You can also launch it through the Start menu.
Interestingly, Sandboxie allows you to run even applications with different profiles that would normally not allow you to create copies in memory.
Please note that programs running in the sandbox have slightly modified working window headers, and also when you hover the mouse pointer over top part window, the entire border area will be highlighted yellow. There is nothing scary about this, don’t be alarmed, this is how it should be.
So, let's copy and paste some piece of text into Notepad and try to save the file. Initially, Sandboxie will prompt you to save the document to the program's directory, but let's ignore this suggestion and save it to HDD D.
However, if you then want to view this file and go to drive D, it will not be there. More precisely, it will be hidden, and to restore it you should open it in the menu “ View" chapter " Files and folders", find the required file in the drop-down list and select the required action in the context menu.
That's basically the whole job of this wonderful utility. Everything is very simple. A list of all applications running in Sandboxie can be viewed in the utility's working window.
Additional features of Sandboxie include setting up user accounts, automatically shutting down programs, determining the mode of any application running on Windows, as well as some other options.
The Sandboxie utility is lightweight, consumes a minimum of system resources and does not interfere with the operation of other applications at all, collapsing into the system tray if necessary.
It is best to launch Sandboxie through the Start menu, since the desktop icon created during installation will not open the program itself, but Internet browser Explorer.
In addition, a short video on how to download and install sandboxie:
Sandboxie 5.33.3
Free program Sandboxie is designed to safely run applications in a sandbox, that is, a virtual protected environment. This makes it possible to control all running processes. A sandbox is necessary when you have to run unknown or obviously dangerous programs, eliminating the risk of infecting your PC and disrupting its performance. you can do it for free, there is a link at the bottom of the page where you can easily do this.
The sandbox increases the security of the Windows OS, provides protection against malware when surfing the web, and when installing unknown programs. Sandboxie has the ability to protect against unwanted updates, can monitor email, and uses its own trap for Trojans, viruses and spyware that may be hidden in incoming emails.
The advantages of the sandbox are:
The sandbox works very simply; any program running in it does not have access to system data, the registry, cannot make changes, indirectly or directly disrupt the operation of the OS. Running an unknown or potentially dangerous program in a sandbox helps keep your PC safe. just enough download sandbox Sandboxie, assign it to a whole group of programs, setting their access to different resources depending on the purpose.
Through Sandboxie, you can surf the web safely without the fear of viruses while visiting various pages. The advantage is that settings and changes should be made only once, using them further. This makes working with the utility more convenient and simpler.
Download Sandboxie sandbox in Russian for free for Windows 7, 8 and Windows 10. Our website monitors all software updates so that you have latest version Sandboxie.
Surely at least once in your life you have had to deal with untrustworthy applications and scripts that could harm the system. Or you wanted to run the browser in the most isolated environment possible, so that if it were hacked, your system would not be in danger. Today, such problems are usually solved using the ubiquitous Docker, but there are many much simpler and convenient tools For quick launch applications in sandboxes.
Long before the idea of Docker was born in the minds of its creators, the LXC (LinuX Containers) project appeared. It was based on the same technologies for separating namespaces (Linux Namespaces) and in the same way made it possible to create a minimalistic, self-contained execution environment (sandbox, container) for running services or unsafe applications. However, LXC was not so friendly to new users and did not have Docker features such as a layered file system, the ability to quickly download and run a ready-made application, and configs for automatically building environments.
Much earlier, FreeBSD introduced jail technology, which allows you to create sandboxes similar to chroot, but with an emphasis on a deeper level of isolation. For a long time jail was the pride of FreeBSD and even served as the prototype for the Solaris Zones technology. However, today it can no longer provide the level of flexibility and resource management that LXC and Docker offer, so in general, jail has found itself on the sidelines of history. Today, sandboxes in Linux can be created in many ways. different ways. These are the already mentioned LXC and Docker with their namespaces, this is the seccomp mechanism used by Chrome to isolate tabs and plugins, these are SELinux/AppArmor technologies that allow you to finely regulate an application’s access to anything. In this article, we will introduce the most user-friendly tools that are best suited for solving everyday problems, such as:
Let's start with one of the simplest sandboxes. Mbox is not exactly a standard isolation tool, it doesn't cut permissions running application, does not perform virtualization network stack and does not have any settings. Mbox's only job is to make sure that the application cannot write anything to the file system. To do this, it creates a special virtual file system to which it redirects all I/O requests. As a result, under the control of Mbox, the application works as if nothing had happened, but during its operation you get the opportunity to apply or reject certain changes to the virtual file system to the real file system.
This concept is best demonstrated by an example from the official Mbox page:
$ mbox -wget google.com ... Network Summary: > -> 173.194.43.51:80 > Create socket(PF_INET,...) > -> a00::2607:f8b0:4006:803:0 ... Sandbox Root: > /tmp/sandbox-11275 > N:/tmp/index.html [c]ommit, [i]gnore, [d]iff, [l]ist, [s]hell, [q]uit ?>
IN in this case Mbox runs Wget. Mbox carefully tells us that Wget accesses 173.194.43.51 and port 80, and writes an index.html file that we can apply to the main system (press "c" to do this), ignore (i), view diff, execute other operations or terminate the application altogether. You can check how it all works by simply installing a ready-made Mbox package. In Debian/Ubuntu this is done like this:
$ wget http://pdos.csail.mit.edu/mbox/mbox-latest-amd64.deb $ sudo dpkg -i mbox-latest-amd64.deb
IN Arch Linux Mbox is available in AUR, making it even easier to install:
$ yaourt -S mbox-git
This is all. Now you can run any binaries without worrying that they will leave a backdoor in the file system. If an application needs to restrict access to certain parts of the file system, profiles can be used. These are ordinary text files that list allowed and denied directories. For example, the following profile will deny the application access to your home directory (~), but will allow the ability to work with files in the current directory (.):
Allow: . hide: ~
To run an application with a specific profile, just specify it using the -p option:
$ mbox -p profile.prof -wget google.com
Another useful option is -n. It completely denies the application access to the Internet. 
It goes without saying that simply denying access to files is too little to create truly isolated sandboxes. A malicious code or hacker may not write anything into the system at all, but simply take away your Bitcoin wallet and KeePass password database, or use the application’s vulnerability to obtain root rights and leaving the sandbox. In addition, Mbox is not friendly with graphical software and, in general, is not suitable for running complex applications that can write many temporary files to disk and constantly update their databases.
If there are no applications you need among Firejail's 95 profiles, and the idea of writing profiles yourself doesn't excite you too much, then Sandbox is your choice. This type of sandbox is technically very different from the two tools already described (it uses SELinux rules instead of seccomp and Namespaces), but in terms of functionality it is something in between.
Like Mbox, Sandbox completely cuts off the application from the outside world, allowing you to read only stdin (that is, you can pass data from another application to the input of an application running in the sandbox), and write only to stdout (display data on the screen or redirect it to another application). Everything else, including access to the file system, signals, other processes, and the network, is denied. The simplest example of use:
$ cat /etc/passwd | sandbox cut -d: -f1 > /tmp/users
This command reads the /etc/passwd file, extracts usernames from it and writes them to the /tmp/users file. It is of no use, but it perfectly demonstrates the principles of Sandbox. In the sandbox, only the cut command is run, and the /etc/passwd file itself is passed to it using an external command. Output, on the other hand, is implemented using a normal stdout redirection.
The beauty of Sandbox is that it makes it quite easy to expand the capabilities available to the application. For example, you can create a temporary home directory and /tmp directory for it by passing just one flag to the command:
$ sandbox -M mc
After the program exits, these directories will be destroyed, which is very convenient when running untrustworthy software. But what if the home directory needs to be saved between launches (well, let's say, in order to test software that works with many files)? To do this, just create a directory that will become the home directory for the sandbox, and add one more option:
$ mkdir sandbox_home $ sandbox -M -H sandbox_home mc
Now mc has its own home directory where it can save configs and read files from. Sandbox also allows you to run graphical software (using virtual X server Xephyr). To do this, just pass one more flag:
$ sandbox -X -M -H sandbox_home gvim
But that's not all. Sandbox has built-in security policies for running browsers. All you need to do is run this command:
Application performance in Mbox is on average 12–13% slower than usual
Running Firefox in the sandbox
Part firefox profile
$ sandbox -X -H sandbox_home -t sandbox_web_t firefox
Moreover, as you should have already understood, you can use different home directories to launch different browser sessions or use a “one-time” home directory for going to hot spots. Another useful flag worth mentioning is -w, which can be used to specify the window size for graphical software. It will definitely be useful to you, since you cannot dynamically change the window size (this is a technical limitation of Xephyr).
Overall, Sandbox is a very convenient tool, the only problem with which is support in distributions. In fact, right out of the box, Sandbox only works on Fedora, RHEL/CentOS based on it, and possibly other distributions with SELinux enabled by default.
Running software in a sandbox is quite simple, and you can use many tools to do this. In this article we looked at three of them.
Which of these tools to choose is up to you to decide. And in the next article we will plunge into the intricacies of sandbox implementation and create it with our own hands.
