Little-Known Sandboxie Snags Malware to Make Surfing Safer

Surfing in OahuIf you’re finding more virus activity than usual on your PC, even though you’ve kept the virus definitions up to date and your PC patched, you’re not alone. Attacks are more sophisticated and frequent. A tech from Webroot told me that the trend for hackers is to name their viruses 3.3, as in dfr.exe. It’s nearly impossible for AV software to find such short file names.

Many viruses on Windows take root in the user profile because people have more permissions to write there. If you know where to look, like in the registry and file structures, in many cases the viruses can manually be removed.

Trying to catch viruses is a game of cat and mouse that the cat can’t win. It’s really a game of cat and mice. While the cat has to win every time, the mouse only has to win once. So, what the cat needs to do is change the rules. To complete the metaphor, fool the mouse into a virtual house, to keep the real house safe.

Sandboxie has been around for years and I’m surprised it hasn’t received more attention. The software creates a sandbox-like, isolated operating environment that allows any application to run without modifying the files system.  What does that mean? Imagine you access a website that installs malware as soon as you open your profile (This is often referred to as a drive-by). With Sandboxie, the virus writes itself to a self-contained area, a virtual sandbox, that’s deleted when you close the browser.  In fact, you can view the written files by looking in its virtual desktop. You’ll also see where they were supposed to write.

The downside is that all the changes you wanted to make — like, say, adding an ActiveX control — will be lost when you close the browser, so you’ll have to add them again when you need them again.

Still, Sandboxie offers instant value because we really don’t know the amount of malware on our PCs. Just because the AV software says we’re clean doesn’t mean we are.  Running your browser through Sandboxie protects your profile from anything writing to it.