Sandboxie is a sandbox-type isolation software for the Microsoft Windows operating system. It creates a "container" in which programs can be safely launched without modifying the host's OS. The software isolates navigation files and applications functions which it redirects into a sandbox. Downloaded files such as scripts and other programs are locked in replicas of the directories normally used. Sandboxie uses a copy of the Windows Registry in order to protect the original from malicious insertions. The modifications carried out under the protections of Sandboxie are not effective in authentic files. Parasites and bugs that are locked in it do not affect the operating system. Any new files or changes which are to be kept should be registered outside the sandbox after having checked their validity.
In the same way, any type of malware elements are confined
into the container. Furthermore, Sandboxie, from the zone that
it controls, does not allow any injection into the kernel of
Windows (software driver, DLL ...). Thus, it acts in a similar
way but at a different level to the Kernel Patch Protection
system on x64 editions of Windows and prevents the running
within it of any software in supervisor mode, be it malicious or
Certain programs are prohibited from being executed from within Sandboxie, due to their nature of moving in irreplaceable data that is trapped within Sandboxie. One such program is Outlook Express. Any MAILTO calls to this program from within the sandbox are blocked. Also, programs that generate automatic keyboard or mouse data, such as mouse movers and fake surfers, are blocked. These programs may inadvertently shut down a Sandboxie session or invoke an instance of a program that is not sandboxed.
Benefits of Using Sandboxie
- Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
- Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
- Windows Stays Lean: Prevent wear-and-tear in Windows by
installing software into an isolated sandbox.
What is Sandboxie and what makes it different from other applications?
Think of your PC as a piece of paper. Every program you run writes on the paper. When you run your browser, it writes on the paper about every site you visited. And any malware you come across will usually try to write itself into the paper.
Traditional privacy and anti-malware software try to locate and erase any writings they think you wouldn't want on the paper. Most of the times they get it right. But first the makers of these solutions must teach the solution what to look for on the paper, and also how to erase it safely.
On the other hand, the Sandboxie sandbox works like a transparency layer placed over the paper. Programs write on the transparency layer and to them it looks like the real paper. When you delete the sandbox, it's like removing the transparency layer, the unchanged, real paper is revealed.
How Sandboxie Works
Sandboxie extends the operating system (OS) with sandboxing
capabilities by blending into it. Applications can never access
hardware such as disk storage directly, they have to ask the OS
to do it for them. Since Sandboxie integrates into the OS, it
can do what it does without risk of being circumvented.
The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports. For some more information on this, see Sandbox Hierarchy.
Sandboxie also takes measures to prevent programs executing inside the sandbox from hijacking non-sandboxed programs and using them as a vehicle to operate outside the sandbox.
Sandboxie also prevents programs executing inside the sandbox from loading drivers directly. It also prevents programs from asking a central system component, known as the Service Control Manager, to load drivers on their behalf. In this way, drivers, and more importantly, rootkits, cannot be installed by a sandboxed program.
It should be noted, however, that Sandboxie does not typically stop sandboxed programs from reading your sensitive data. However, by careful configuration of the ClosedFilePath and ClosedKeyPath settings, you can achieve this goal as well.
Programs That Can Run Inside Sandboxie
You should be able to run most applications sandboxed.
- Web browsers
- mail and news readers
- instant messengers and chat clients
- peer-to-peer networking
- in particular, online games which download extension software code
In all cases on this list, your client-side program is
exposed to remote software code, which could use the program as
a channel to infiltrate your system. By running the program
sandboxed, you greatly increase the control you have over that
And in addition, you can even install most applications into the sandbox.