It has been over 2 years since I first wrote about sandboxing my browser and all Internet-facing programs but think it is high time to revisit it again because it is that important. Also because my friend Nicole Dean got duped into installing a bad program from deceptive advertising. Not cool.
Anyhow, the original post also focused on how sandboxing saves you from infected websites when there’s lots more sandboxing can do. Before moving on, let me attempt once again to explain what sandboxing does. This time, I am going to use a graphic. I’m not the best graphic artist so pardon my drawing
What Is A Sandbox Program?
Working in a sandbox program is a lot like putting down a mat before you let kids start making crafts or laying down sheets before you start to paint a room.
When you launch your browser, Skype, instant messenger, email client (Outlook, Thunderbird) or any program that connects to the Internet inside a sandbox, anything you download and install is contained inside the sandbox. So, if you run a program inside the sandbox and it contains a virus, your computer is not affected at all (pictured on right, top)
This way, when a downloaded program indeed contains something malicious, you don’t have to panic. Because it is in the sandbox, you simply close all programs running and empty the sandbox. When the sandbox is emptied, it deletes everything. No files on your computer is changed, all is good to go and you’re rid of the malware without having to do any cleaning or wasting hours of precious time.
If everything seems to run as expected, you can re-install it for real outside the sandbox.
If you do not run your browser through a sandbox program, well… see the bottom illustration on the right. Once you open the can of worms (or virus in this case), they are free to roam anywhere on your computer and attach itself to critical system files.
Uninstalling may do the trick but more often than not, you have to dig deep to clean it including messing with registry files (yuck).
Do I Really Need It?
If the explanation above didn’t already do the trick, my answer is – a definite yes. Here’s why.
- You want to be able to safely test run all apps, browser plugins, zip files, or really just about any file you download from the Internet before you let it loose on your computer. Even if you bought them, sometimes files are maliciously attacked and infected without the developers knowing about it. They find out eventually but you could be the unlucky few in the interim.
- You don’t want to accidentally click on an infected website and risk automatically downloading/installing nasty stuff.
- Same goes for emails. Personally, I never download attachments automatically but if you do and you run your email reader in a sandbox, you have a line of defense.
What About Performance?
As mentioned above, I’ve been using sandboxes for years and years. The moment I found out about them, I jumped on and never looked back. I can’t tell you just how often it has saved me. My computer system has been running healthily for years. Given the amount of time and work we do online, that’s pretty good.
In all this time, I’ve never really noticed any lag on my system. I must say though, we build our own systems so what I have is usually top of the line when it comes to power. However… even on slower computers, I’ve not seen a problem.
Finally… you must get serious. We are talking about protecting your systems, your hard work, your company materials, your one major tool to bringing in income and if the infection is bad enough, perhaps your personal data security too. Surely we can be a little patient in the day to day.
I’d so much rather endure a small performance drop and shut down other unnecessary software (like Skype for me or Instant messengers) than risk so much. Not only that, clean up is a pain, sucking up hours if not days of your time and very, very costly.
Where Do I Get A Sandbox Program?
There are many such programs. My personal preference is Sandboxie. You can use it free or you can upgrade to premium. The premium version lets you create multiple sandboxes and also automatically sandboxes programs you select like browsers and email clients. This is great when you have multiple user environments – like in an office, or a family computer – or you simply don’t want to remember to run your program in the sandbox. You also get rid of the startup nag screen.
I highly suggest you get it. Now.