I also started out with just the one sandbox, but I later discovered that it's more clean/efficient to do it separately. But for everything else, I use separate sandboxes. And no, you will not need to force winamp to run sandboxed - if firefox.exe (which is running sandboxed) initiates winamp.exe, everything will take place in the firefox sandbox.īy the way, I actually combine my chat messenger program and Firefox in just the one sandbox. You will simply need to allow winamp.exe etc to run and access the internet in that sandbox. With regards to your question about running each app in its own separate sandbox: Yes, Winamp/Foxit Reader etc will run in the same sandbox as firefox.exe if it is initiated by firefox.exe. The setup above provides me with excellent usability without sacrificing security.
DO I NEED FOXIT READER SERVICE RUNNING PDF
pdf with Foxit Reader or watch a video clip with WinAmp what will happen when I click on the link? Will it call up Foxit or WinAmp in it's own sandbox or will it fail? Do all apps have to be a Forced Program or does it not matter? If it fails then it's way to strict for my likings and daily usage.Ĭlick to expand.Whatever works for you mate. If I was using Firefox and I want to read a. Īlso, I'm curious about setting each app in it's own sandbox. If you share your machine with other people then Forced Programs is a must. I also think that Forced Programs and/or folders could be highly useful but I don't use those options at the moment. This setup provides good usability and security. I use Firefox and allow open file path to my bookmarks/history, phishing database and a custom path to my AdBlockPlus patterns. I use the Start/Run access settings and Internet access settings as well as Blocked access to my D: partition.
I've been using one sandbox for all my programs and I've been doing fine. The purpose of Sandboxie is to isolate and not to cripple the users experience. Guys, it doesn't have to be that complicated or strict. Thanks to Wilders user demoneye for suggesting step 5. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. The other browser will be used for online banking and other critical/sensitive activity.ġ0.ğor the browser in step 9, configure its sandbox to automatically delete whenever the browser closes.ġ1.ĝepending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.ġ2. One browser will be used for everyday browsing and other non-critical/sensitive activity.ĩ. In each sandbox, force the relevant application to always run in its sandboxħ.ĝo not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)Ĩ. In each sandbox, configure Read-Only access to C:\WINDOWSĦ. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. In each sandbox, enable Drop my rights.Ĥ. You may also need to allow other programs depending on whether the application interacts with other processes.ģ. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. Try to have one separate sandbox per internet facing application.Ģ. 1.Ĝreate as many separate sandboxes as is required for your internet facing applications.
0 kommentar(er)
