14 DAY TRIAL // Sandboxie's main purpose is to create a virtual environment on your system and allow you to run various applications contained in that area, without running the risk of affecting the real system. Thus it can be used for testing programs or even executing files you are unsure if they’re safe or not. Although it can be used by novices with great ease, it is not a tool for beginners.
If you’re looking to invest in such a tool, the price for home usage is around $50 (VAT included). It may look like a bucket of money, but this is the fee for a lifetime license; and you can use Sandboxie on any number of computers that you own.
Installing the application is lightning fast and uneventful. You simply need to follow the on-screen instructions to carry out the procedure. When you launch it for the first time the program will run a swift compatibility check to verify if there are installations on your system it can improve compatibility with.
Looks are plain and simple to the extreme. The main application window shows an almost blank screen, where you can view all the sandboxes available as well as the programs that run in them. You will start with a single sandbox, but you can add as many as you want, depending on your needs.
What makes Sandboxie quite special among virtualization software is that it can run almost anything in its virtual space: from regular programs to even Windows Explorer. To make things more comfortable, it can automatically learn the default apps for web browsing and email reading and run them sandboxed.
Although it is designed to have no trouble executing all sorts of programs in a contained environment, isolated from the operating system, in some cases Sandboxie may fail to do so with the default configuration. We witnessed this with Outlook 2010, but quickly solved the issue thanks to the pop up directing us to a knowledge base article explaining the nature of the issue and how it can be overcome.
By default there is no limit to the software you can run sandboxed, but there are some applications that won’t function properly or at full capacity if launched in the virtual area. Fortunately, during our evaluation we encountered only legitimate apps that would do their job only on the host.
Sandboxie has been developed for security reasons and it fulfills its job exemplary, as we managed to explore the extent of damage a Trojan dropper can do to the system without affecting it. We simply ran it sandboxed and all the transfers and code execution occurred inside the isolated area.
Although it may look like the data is saved on the real system, you won’t encounter it in the real location, because it is preserved in the sandbox. The application is versatile enough to let you get items out of the sandbox and store them in a real location on your hard disk.
This can be done through the “Quick Recovery” option in the context menu of the selected sandbox. Every item saved in the sandbox is inventoried and available to recover, unless you decide to delete all the contents of the virtual space.
By default, the sandbox container is created on the system drive. However, you can choose a different location, with plenty of space on it, especially since it expands dynamically. Before changing the residence of the container folder it is advised to delete the content of all sandboxes.
As far as the monitoring is concerned, Sandboxie is perfectly capable to show all system resources accessed by the sandboxed programs. Resource Access Monitor is a tool designed to help more experienced users see inter-process communication.
Sandboxes can be handled individually, which means that they also benefit from a separate list of settings. The configuration panel is pretty rich in choices, but most of them address the more seasoned users.
Customization of the application includes defining the files and folders that can be directly accessible to programs running in the sandbox as well as setting up a list of processes that should be automatically terminated when all the programs in the virtual space ended. Moreover, you can set up limits for Internet or hardware access.
Among the configuration options made available by Sandboxie you will also find the possibility to force web browsers to run in a specific sandbox or allow direct access to browser data such as bookmarks, cookies or history.
One of the best features in Sandboxie is that it offers the possibility to run an application sandboxed regardless of the way you try to launch it. It can install shortcuts to help run any application or file on the computer in virtual area in a comfortable manner. Thus, it integrates in Windows Explorer quite efficiently, as it is available in the context menu of any item as well as in the “Send to” menu on the Desktop.
Once an item is locked in, Sandboxie does not allow it to communicate outside the isolation room. If it needs additional resources to function properly, these will also be launched sanboxed. Also, any download initiated by a virtualized web browser is also launched in the virtual environment.
Identifying the apps running isolated from the system is an easy thing. By default their name in the title bar is flanked by hashtags. In some cases this may not be visible (web browsers) so a more visible mark is necessary, like displaying a colored border around the window.
During our tests the application managed to keep all the programs contained in the isolated space and did not permit them to play havoc with our machine. On the downside, we did notice trouble virtualizing Windows Explorer as we experienced plenty of crashes when we attempted more complicated jobs.
Any item downloaded or transferred through a sandboxed program can be recovered on the real operating system. You can define the level of access a sandboxed item has to files folders or programs on the real system (full access, none at all, read-only); the same can be done for registry keys and IPC objects. It would be nice if Sandboxie automatically detected the programs installed on the system and adapted its list of settings instead of making the user wade through all the entries. It simply catches all the changes made by sandboxed processes and isolates them from the system, allowing you at the same time to send stored items to the real system.
The Good
The Bad
The Truth
