Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Sandboxie Software Review

sandboxie.comEvery user has experienced the negative outcome of opening a malicious or unwanted program on their computer – even power users. This is why a cool company, called Sandboxie Holdings has developed the Sandboxie app – because users need to be at the very least protected while doing so. Since we at Sensorstechforum like the idea, we have decided to try and test Sandboxie by opening some pretty dangerous executables.

App Profile

NameSandboxie
TypeSandbox software/Program security
Developer2004-2015 by Sandboxie Holdings, LLC.
Official Websitesandboxie.com
Operating SystemFrom Windows XP to Windows 10
License PriceFree and also a Licenced option. The Licensed version has more features and costs $47.95 for 1 year (2-49 computers).
User ExperienceDiscuss Sandboxie In Our Forum

Sandboxie – Main Features

After installing the 8.1 MB application, it was established that its total size in the %Program Files% folder was 5.48 MB in total. The program starts with tutorial on how the sandboxing technology for Windows works:

sandboxie-working-process

Furthermore, Sandboxie is compatible with all versions of 64 and 32 bit Windows from XP above. In addition to that, the application supports other programs such as the web browsers Google Chrome, Mozilla Firefox, Cyberfox, Opera Browser and Internet Explorer from version 6 to 11.

When the app is opened, the user is presented with a simple interface showing his sandboxed applications:

Sandboxie-interface-sensorstechforum

After a program, called Active Presenter which is relatively resource demanding was tested in and out of Sandbox, the results were satisfying:

sandboxie-vs-default-sensorstechforum

We have decided to test the sandbox app with live malware using an executable from a notorious malware, called Locky Ransomware, provided by theZoo – a project which is essentially an updated “repository of live malware”. Locky is malware which encrypts the files on the user’s PC asking ransom money to decrypt them. The result was that Locky started mimicking rundll32.exe process after it was executed, but nothing happened and the antivirus software did not react:

locky-run-as-administrator
sandboxie-locky

After this situation happened and Locky briefly ran and shut down, we decided to do a boot scan with Avast Free Antivirus twice to see whether or not the ransomware has created any files on the user PC. Avast currently detects Locky ransomware as “Win32:Locky-{variant name}”. During the boot scan Avast discovered a corrupt archive of a driver which was downloaded from a suspicious site, but nothing related to Locky and no new malicious files or registries and what so ever were discovered on the user PC:

IMG_20160225_141417

To additionally make sure that users are protected, we have tried to use an infected setup of a patch that contains a Trojan named MSIL: Tyupkin. Sandboxie immediately reacted that an app is requesting administrator privileges on the computer:

sandboxie-sensorstechforum-install-tyupkin

So as far as security is concerned this program is really good, especially if you set it to run everything while in its sandboxes. If you know what you are doing and installing on your computer, it will definitely keep you safe.

What We Like

There are many features of the program which we enjoyed while reviewing it:

  • Detailed options
  • Very light on the computer (takes up CPU power next to none and around 2.5 MB from the RAM).
  • Very secure – shuts down executables which are malicious and tries to force modify or create files.
  • Simple to use and very incognito – only a thin yellow line around the borders of the sandboxed app.
  • Shows the processes of the applications.
  • No difference in app performance – relatively the same as if the program does not exist.
  • Compatibility with older Windows versions.

What Is Missing

We would like to see several improvements to be made in Sandboxie:

  • User-friendly accessible settings – instead of modifying a setting with a click, you have to edit a document in Notepad. Not everyone is tech savvy.

Conclusion

This is a perfect example of using the sandboxing technology to browse on a daily basis while remaining secure. It is perfect for Windows users and we would definitely categorize it as one of the must-have programs while doing your daily PC activities. The application is amazing if you are a brave network warrior who tests suspicious files and also for inexperienced users, like children, for example.

Note: This test was performed on:

  • Lenovo B50-70 with 64-bit Windows 10
  • Dell Inspiron 3000 series with a 64-bit Windows 7.
  • Sandboxie logo image source: http://www.sandboxie.com

    Vencislav Krustev

    A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

    More Posts - Website

    Share on Facebook Share
    Loading...
    Share on Twitter Tweet
    Loading...
    Share on Google Plus Share
    Loading...
    Share on Linkedin Share
    Loading...
    Share on Digg Share
    Share on Reddit Share
    Loading...
    Share on Stumbleupon Share
    Loading...
    Please wait...

    Subscribe to our newsletter

    Want to be notified when our article is published? Enter your email address and name below to be the first to know.