Changes have been introduced, but only in select browsers at this point of time. Google Chrome for instance uses sandboxing technology and automatic updates to keep users secure. The global updater that other web browsers use on the other hand is not nearly as thorough when it comes to downloading and applying updates as soon as they get released.

Adobe today has released a new Flash preview version for the Windows operating system that contains a new feature for the Firefox web browser.

Flash Player Protected Mode aims to limit the impact of Flash based attacks in Firefox on Windows systems. The new Flash Player feature is compatible with Firefox 4.0+ on Windows Vista or higher. Only a 32-bit version of the Flash Player release is available for download.

The security mode is automatically enabled when users view Flash Player files in the Firefox web browser. Flash contents are executed in a restricted environment that prevents attacks from reaching the operating system or other applications. It is basically a sandbox comparable with Google Chrome’s sandboxing technology, Protected Mode in Adobe Reader, and Protected View in Office 2010.

Firefox users running the new version will notice that two processes are started whenever Flash contents are accessed in the web browser with Protected Mode enabled.

Adobe notes that these are the “broker and sandbox” processes which only run if Protected Mode is enabled. These are child processes of the plugin-container.exe process if enabled in the browser. Plugin-Container adds crash protection to the browser.

The Flash Player Protected Mode version for the Firefox browser has known issues. On 64-bit Windows systems for instance, a right-click on Flash contents causes Firefox to hang. Here is the list of known issues.

• Flash Access support is not enabled in this build.
• Secure Sockets are not working in this build. (3101130)
  Open and Save dialogs can hang in Windowless Mode (3096944)
• Camera streams fail to play back when encoded with the H.264/AVC codecs (3096918)
• On 64-bit Windows, Right-Clicking Flash Content cases Firefox to hang (3096953)
• Custom context menus and clipboard copy does not work (3096977)
• Local Security Dialogs are not displayed (3096714)
  When printing to “Microsoft XPS Document Writer”, the “Save File As” dialog is always minimized (3096958)
  Some Stage3D content may cause Adobe Flash Player to exit silently (#3049089)
• Closing a SecureSocket connection may block Adobe Flash Player execution and result in timeout (#3045631)
• Camera fails to play back when camera stream is being encoded with H264/AVC codec (#3049298)
• IME may not be active in Windows Vista at times between browser sessions (#3055127)
• In SandBox Stand-Alone Player, some menu items in the Microsoft IME language bar do not respond to mouse clicks (2947549)
• Some Windows function keys such as F5 may prevent the Japanese IME candidate box to pop up (#3055096

Adventurous Firefox users find the Flash Player Incubator preview release over at Adobe Labs.

A final release version of the new Flash plugin version moves the Firefox browser security wise closer to Google Chrome.

The installation of Sandboxie is fast and completes without the need to restart the system. The program runs a compatibility check at the end of installation and displays programs it can improve compatibility with in a list.

The main program interface has not changed since our first review of the program in 2008. But that’s not necessarily a bad thing, as it is highly functional. The program ships with a single sandbox but provides options to create new ones. It is not really necessary to configure multiple sandboxes as multiple programs can run in one. It does have benefits though. Each sandbox comes with its own set of rules to configure. Running programs in different sandboxes makes sure that they are isolated from each other as well as from the system.

Sandboxie can run virtually any program in its own virtual space: from web browsers and email clients to Microsoft Office applications and Windows Explorer.

Running applications in sandboxes has implications. Data saved by sandboxed programs for instance is only saved temporarily in the virtual space. Sandboxie does however offer comfortable options to deal with data that needs to be written to the local system (like program updates or downloads).

Lets take a web browser as an example. If you run Internet Explorer in a sandbox you cannot download files to your system. The download works as intended but when you close IE the files get closed as well. Sandboxie ships with a recovery feature that can move files out of the sandbox so that they are stored permanently on the system. This is an automatic process.

Another option to move files out of the sandbox is the quick recovery option which becomes available in the right-click context menu in the main application interface (not automatic).

Both programs scan folders like downloads, favorites or documents on the computer. Additional folders can be added to the configuration, for instance to include different download locations on the PC.

Sandboxie furthermore offers pre-set options for popular applications like email readers, web browsers or download managers. Here it is for instance possible to allow Firefox to save browsing sessions, enable Outlook to access the mailbox or to improve the use of dozens of additional applications.

The developer has added comfortable options to his application to make the program more convenient to use. Immediate recovery is one of those options but there are others, including options to force run applications in a sandboxed environment, and to configure files, Registry keys or hardware that is directly accessible by applications running in a particular sandbox.

It only takes a couple of clicks to run programs in the sandbox. Right-click a sandbox in the main program window and select run sandboxed. A selection menu is displayed with options to run the web browser, email client, any program, any program from the start menu or Windows Explorer in the selected sandbox. Programs can also be started directly from Windows Explorer. A right-click on the application offers to run it in a sandbox. That’s useful especially for downloaded files.

Applications running in the sandbox can be identified by the [#] in the application title, and by moving the mouse cursor over the title which displays a highlighted border around the application window.

Sandboxie Tips

New users who install Sandboxie for the first time need to think about the programs that they want to run in the virtual environment. Programs with Internet or network access, and downloaded programs are two core candidates.

You can test a program’s compatibility by running and testing it in the sandbox. If the program behaves like it should, you could add it to the list of applications that are forced to run in the sandbox whenever they are started on the system. This prevents that you have to remember to launch that software in the sandbox all the time.

Some programs, like email clients or web browsers, need special access to folders on the system for some of their functionality. This can be configured in the sandbox settings. Firefox for instance needs access to data stored in its profile folder, Outlook to the email program’s mailbox and uTorrent to the temporary and complete download directories.

Creating multiple sandboxes has several positive effects. First, it protects applications from each other. Second, it allows the user to run different configuration sets as each sandbox comes with its own set of preferences. This way you could run a program with a different set of rules than others.

You can not only force programs but also all files of a specific folder to run in a sandboxed environment. That’s useful for download folders, optical drives or removable hard drives and other folders where file names may change regularly.

You sometimes may need to run programs normally, for instance when a program update is available. The disable forced program toggle disables sandboxing for selected programs for a limited amount of time. Firefox users could use the toggle to apply updates to the browser or browser add-ons for instance.

Another interesting application is to run program installers in their own sandbox. You can install and use the program normally as long as the sandbox is up. Once you are done testing you can just shut down the sandbox and everything goes back to the way it was before the installation. That’s very handy if you are testing a lot of programs.

The Help Topics on the Sandboxie website offer a getting started tutorial, usage tips and advanced topics.

Sandboxie Video Review

Verdict

Sandboxie adds a whole new layer of protection to the system that runs nearly unnoticed in the background. While it is possible to run the program without configuration changes, it only plays out its real strength when those changes are made. Tech savvy users will love the sheer number of configuration options. Inexperienced users on the other hand may run into troubles during the configuration stage. It is nothing that they cannot overcome though, it just may take them a bit longer before they have configured their system the same way an experienced user would have.

Giveaway

We have ten Sandboxie licenses for this giveaway. You can win one by leaving a comment below. Let us know what you like most about the program. You can download the latest version of Sandboxie from the developer website. The program is compatible with all recent and not so recent versions of the Microsoft Windows operating system.

VUPEN Research yesterday announced that one of their security teams has been successful in exploiting the Google Chrome web browser. The team managed to escape the web browser’s sandbox.

A video was published that demonstrates the exploit under Chrome 11.0.695.65, the latest stable version of the Internet browser. The operating system in the video is the 64-bit edition of Windows 7.

The developers are opening a specifically prepared local website which, after a while, triggers the start of the Windows Calculator to demonstrate that the sandbox has been penetrated. The calculator ran with the same privileges as the web browser.

Malicious hackers would obviously use the exploit for a serious attack instead of launching the calculator.

How does it work?

The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.

The vulnerability has not been confirmed yet by Google and it is unclear if the two companies are in contact with each other. VUPEN have not posted the exploit code or a proof of concept demonstration on their website.

It is likely that we will see a quick patch to address the issue in Chrome. VUPEN are very vague on their website, and it is not clear if all Chrome versions are affected or only the stable version. It is however likely that the exploit works on all versions of Chrome.

The issue can only be utilized by attackers if a Chrome users visits a specifically prepared page on the Internet. While it is unlikely that a single page exploiting the issue is already online, it might be a good idea to stay away from questionable sites for a while.

Sandboxie is an excellent software for that purpose. It basically allows a Windows user to run any program in an isolated space (a sandbox) preventing it effectively from damaging or modifying other parts of the operating system outside that sandbox.

Some benefits of a sandbox

• Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
• Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
• Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
• Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Sandboxie Review

Sandboxie will automatically scan installed programs and offer to apply compatibility settings for them. The programs are displayed in an extra window and it is suggested to accept these suggestions.

Sandboxie is operated through Sandboxie Control. The program is automatically started after installation, but also accessible from the Windows start menu. There are two options (actually three when the desktop icon is included) to run programs in a sandbox. Users can right-click the system tray icon and select DefaultBox from the menu to run web browser, email programs, Windows Explorer or other programs in a sandbox, or use the Sandbox > DefaultBox menu at the top of the Sandboxie Control software to do that.

DefaultBox is the first sandbox that is automatically created by Sandboxie. Users can create additional sandboxies, but only registered users can run programs in multiple sandboxes at the same time.

Sandboxie aids the user when errors occur, for instance when the user tries to launch a program that requires additional configuration to run in a sandbox. The email client is a prime example. Why? Because the program will not be able to save data to the system when it runs in a sandbox which means that received mails will not be added to the system mailboxes.

Sandboxie does have a solution for that though as it can be configured to exclude files from the sandboxing. For an email client this could mean to exclude the mailbox data files and include the rest to work with it properly and save data in the mailboxes.

Programs that are configured correctly appear in the control window.

Sandboxie integrates with the Windows Explorer shell so that programs can be launched in a sandbox with a right-click. That’s handy for new program installations for instance to test an application on the system while preventing that it can make changes to the system.

It is possible to switch the program view to folder view, which shows all the folders and files that are currently stored in the sandbox.

Video Review

Users may sometimes want to save files even if a program is running in a sandbox. Say you run a sandboxed web browser and want to save an image to the computer that should be there once you close the sandbox.

Sandboxie can be configured to monitor selected folders for new files for an option to recover them. The program distinguishes between immediate and quick recovery. Immediate recovery pops up whenever a file is saved in one of those locations offering an option to save it to the same folder but outside the sandboxed environment or another folder.

Quick Recovery on the other hand is invoked by user request or before the sandbox is terminated on the system.

Users who run Sandboxie for the first time should take a look at the Usage Tips which offer introductions to concepts but also helpful tips including how to create sandboxed program shortcuts to launch programs directly in sandboxed mode.

Registered Sandboxie users get additional features including the ability to force programs to always run in the sandbox. This means that the program will be launched in sandboxed mode (if Sandboxie is running) whenever and from wherever it is launched. That’s better than having to select a program from the Sandbox menu, and still better than having to click on a shortcut to run it in sandboxed mode.

A similar option is available to force folders to always run in sandboxed mode. This can be download folders from the Internet, CDrom or DVD drives to sandbox autorun programs. Basically, all programs run from a forced folder location will be run in the sandbox.

Both options can be temporarily disabled by the user.

Sandboxie can be downloaded directly from the developer website. The program runs on 32-bit and 64-bit editions of Microsoft Windows and is available in many different languages.

Sandboxie Verdict

Sandboxie is an excellent program for Windows users who want to add that extra security to some programs that they run on their system. It is ideal for testing out new programs, browsing on the Internet without leaving traces on the computer and dozens of other applications to improve a system’s security.

The help popups when an error occurs detail what needs to be done to overcome the error. They do however lead to the Sandboxie website but that should not be a big issue.

Sandboxie Giveaway

We have ten Sandboxie licenses for you to win. Please let us know which program or programs you’d like to run in a Sandbox if you win a license.

Spoon needs to be installed first before it can be used. The Spoon plugin integrates into the Windows operating system. It is compatible with popular web browsers, including Firefox, Internet Explorer, Google Chrome, Opera and Safari.

The Spoon website lists applications and games in various categories. Here it is for instance possible to launch 7-Zip, VLC Media Player, Open Office, Google Talk, Paint.net, Picasa, uTorrent or Notepad++ directly from the web browser.

Buffering may take a while, depending on the speed of the Internet connection, the application’s size and the current load of the Spoon servers. The end result is an application window that looks exactly like the original.

spoon cloud app launcher

From there it can be used like a desktop app. It is for instance possible to load text documents into Notepad++, paste clipboard screenshots into Paint.net or download torrents with uTorrent.

The browser sandbox was a recent addition to Spoon. This sandbox can be used by web developers and interested users to work with web browsers without installation.

Spoon offers access to Internet Explorer 9 to Internet Explorer 6, Mozilla Firefox 4, Firefox 3.6, Firefox 3.5, Firefox 3 and Firefox 2, Google Chrome 6 Dev, Beta and Stable, Apple Safari 5, 4 and 3, and Opera 10 and 9 in the browser sandbox.

spoon

The web browsers can be launched from the Spoon website, and behave exactly like the “real deal” once they have been loaded fully. All operations are available that an installed or portable version of the web browser offers. Firefox users can for instance install plugins in the web browser.

spoon -browser sandbox

Even better is the fact that those customizations are saved, so that they are accessible on future runs of the application.

Spoon offers a flexible and safe way of running applications from a web browser. Users do not have to worry about program downloads or installations, everything is handled by Spoon after the initial installation of the plugin.

It is highly recommended for users who want to run or test applications without installing them first. Spoon is currently only compatible with 32-bit and 64-bit editions of the Microsoft Windows operating system.

How does it work? Without going into much detail a virtualization technique is used that emulates OS subsystems that allow virtualized applications to be run. These applications are run in sandboxes to avoid conflicts to the host system and other applications.

The virtualization technique is not limited to web browsers but can practically run any applications like video players, file sharing tools or Twitter clients. The available applications and web browsers can be started from virtually any modern web browser including Internet Explorer, Firefox or Opera. Firefox users will need to install a Firefox add-on that is provided on site before they can launch any applications.

A click on any web browser listed on the Xenocode website will launch the sandboxing process. This will start a Xenocode executable on the host system and the desired web browser. The core application uses about 25 Megabytes of computer memory and the applications launched in the sandbox use about 25-30 additional Megabytes.

It is a bit strange though that the core process will remain in memory even after closing down the sandboxed web browser. There is no obvious way to close the Xenocode application itself other than killing it in Windows Explorer. A fast computer system is definitely beneficial when running the sandboxed web browsers.

Xenocode provides an interesting way of test driving web browsers. The service could use some additional documentation and a close option for the core program though.

CW Sandbox is a web service with a similar looking frontend like all the other online virus scanners. What sets it apart is the remote secure environment that it uses to execute and analyze the files that get uploaded. It uses a sandbox to execute the file and will log all system activity that is connected to the file launch. The file analysis contains a summary but also detailed changes to the file system, the Windows Registry and network activity plus a technical summary with additional information.

Each report is divided into different categories. The File Changes for example contains categories that list newly created, opened and deleted files and a summary that lists all file operations in chronological order. The network activity analysis will detail connections that have been established including host names, IP addresses and if data has been posted to one of those addresses.

The submit form on the website of the project accepts files with a maximum size of 16 Megabytes. Zip files with up to 50 files can be uploaded to the service as well if the password is set to “infected”. A link to the file analysis will be send to the email address that the user enters when submitting the files.

CW Sandbox is an excellent online service that provides an in depth analysis of submitted files. The only drawbacks are the 16 Megabyte file size limit and that the reports are send to an email address with an undefined wait time. A ticket system on the website directly detailing the place in queue and the estimated wait time would be really helpful for users who are submitting files to the service.

Returnil Premium is a program that can emulate the operating system in a sandbox – a virtual environment – so that changes have no effect on the system itself but only to the sandboxed copy of it. It does not require lots of computer knowledge to run, the only thing that’s out of the ordinary is the (optional) creation of a virtual partition that will be used to store data when the sandbox is active. Here are the steps on how to use the security software:

• Installation: You get some options here most notable to run the system on the hard drive or computer memory. There is also the optional setting to create a virtual partition on the computer system to store data. An alternative would be to use online storage space.
• Running Returnil: You can start Returnil after a restart. Once Returnil is started it will redirected access to the virtual system so that the actual computer system will not be harmed. You can then use whatever application you like. Keep in mind that any changes that have been made to the computer system will be undone after a restart as they have only been made in the virtual system and not the actual one. Here is an example:

  If you bookmark a page while Returnil is running it will show up in the bookmark manager. It will however be gone after a restart of the system.

• Stopping Returnil: The only way to stop Returnil is to reboot the computer system.
• Saving Data: Two ways to save data. The first is to use the virtual partition to store the data on as it will not be erased after a reboot on that partition. The second is by utilizing online storage space. You can sync bookmarks online, save files there, edit Word documents and basically do most things online.

How does Returnil work?

It is obvious that Returnil cannot mirror dozens of Gigabytes of data in the sandboxed environment. There is actually no need to clone the whole system. All that needs to be done is to keep track of the changes to the system and act as a proxy between the computer system and the virtual system.

What are the differences between the free and the premium version of Returnil?

The premium version of Returnil adds quite a few features that make it interesting. The user can choose to cache data in the computer memory or on the hard drive, save sessions to continue working with them at a later point, relocate system folders, to browse and move files between the real hard drive and the virtual drive, shell integration and free customer support.

Returnil Premium adds much needed features to the virtualization software that are missing in the free version. The main benefit of both versions is the simplicity of usage. You only need to press one button to turn the protection on once it has been configured the way you want.

Remember, you can request your Returnil Premium key by following the link on top. Would be still nice to tell us what you think of it.

One small example. Downloading an infected file with your web browser or email client will have no negative impact on the core system. The virus will be executed in the virtual space and once that is purged, either manually or by logging off, it vanishes as if it never was executed in first place.

The software virtualization tool SafeSpace comes with a default set of applications that are always run in the sandbox and provides easy means to add additional applications. Besides that several directories, and their subdirectories, are automatically protected as well. This includes the Windows and Program Files directory among others.

SafeSpace protects the files and registry settings of the operating system by virtualizing any changes made by applications running inside SafeSpace. This means that applications can read the real data of Windows and any programs which are installed. But when applications attempt to make any changes to the real data, a virtual copy is created inside SafeSpace and the changes are made to the virtual data instead to prevent any changes from affecting the real data

SafeSpace provides a very clean and easy to use interface that is divided into a Privacy and Application tab basically. The application tab contains those applications that will run in the virtual environment while the Privacy tab contains folders and their status in the environment. Four statuses are available.

• Virtual: Files can be read normally but write processes are virtualized which ensures that the files remain unchanged
• Private: Applications running in the virtual environment can’t access those folders and files stored within.
• Read Only: Files can be read but no write process is allowed.
• Full Control: Gives virtual applications full control over the files in that folder.

When a software gets launched that is listed in the application list of SafeSpace it is specifically marked with a red border. This is a visual sign for the user that the application is running in a virtual environment.

Any file that gets downloaded from a virtual application will also be run in the virtual environment when it is executed even if it is saved in the “real” part of the hard drive.

The software virtualization application comes with another handy feature, a tool to prevent keyloggers for applications in the virtual environment.

Installation was not a problem at all. Just execute it like any other software and restart the computer at the end. Windows XP users need the Microsoft .net Framework 2.0 if they want to run the software virtualization application.

SafeSpace will have created the sandbox after the restart and applications like Firefox or Internet Explorer will automatically run in it.

All applications running on the system are divided into trusted and untrusted groups. Everything deemed untrustworthy is run in the virtual environment, this includes by default programs like Internet Explorer, Microsoft Outlook, Opera, Firefox, Safari and dozens more. The real beauty of the DefenseWall HIPS concept is that every process started by an untrusted application becomes untrusted as well.

This ensures a minimum amount of user interaction, i.e. popups that ask the user if he wants to trust the application or not. That’s one of the main reasons that those programs are highly unpopular because in their drive to protect the system they lay the burden of decision on the user, and the user, as we all know, is most of the time the biggest security threat of them all..

What is DefenseWall Hips protecting you against ? Basically against everything that is initiated by untrusted applications. It protects against Registry modifications, rootkits, keyloggers, trojans, worms and everything else that would be considered malware.

A new virus for instance downloaded by Internet Explorer can do no harm to the system because it is running in a sandbox. It can actually be terminated with one click of the mouse in the DefenseWall Hips interface. Protection itself is, mostly, policy-based. Thus, DW protects only the sensitive places of the registry as well as file system.

The only responsibility of the user is to add additional applications to the list of untrusted programs which is especially important for applications that have net access. Even if you are using a limited user account instead of an admin account on your computer you will increase the protection of your system because several attack vectors are known to work on this kind of accounts as well.

Folders can also be added to the untrusted group which can be helpful in certain situations. I’m thinking of ftp servers for instance or networks with shared directories.

DefenseWall HIPS runs on all Microsoft operating systems starting with Windows 2000 including Windows XP and Vista. The homepage links to several reviews and comparisons with other HIPS applications, good read if you want to find out more about it first.

As I said earlier ten readers will win a copy of DefenseWall HIPS with one year of free updates and priority support. All you need to do is comment on this article and let me know what you think of this product. Just post your opinion. I will draw the ten lucky ones in 48 hours. I do need to contact you on your email because I need your real name for program registration along with the email.

Sandboxie steps between the application and the system and allows only reads from the system itself but no writes. Writes are only allowed in the sandbox. This is great if you want to run applications without having to worry about system safety at all. It is still a good idea to be careful as usually when working with Sandboxie. If something bad slips through it is intercepted by Sandboxie.

It is a good idea to run applications that are used to attack computers with malware, spyware and viruses inside the sandbox to avoid that they reach your operating system. What can I say, it is a nice uncomplicated way to add an additional level of security to your system.