Sandboxie is a program for Windows that sandboxes applications on the operating system. A sandbox separates programs run in it from the underlying operating system, other software and data, effectively preventing those programs from making permanent changes to the system.
Even malicious software is restrained to the sandbox, which means that it cannot infect the operating system itself, and that all traces of it will be removed from the system once the sandbox is terminated.
Software that is run in the sandbox is isolated from the system, which makes it ideal for testing purposes, and to improve the overall security of the system by running applications that are often targeted by malware developers in the sandbox.
Sandboxie has been around for years, and its developer Ronen Tzur has added new features regularly to the program in that time. Today, it is one of the best -- many say the best -- sandboxing solution for Windows.
Sandboxie is a shareware program. A free version of the application is offered for download on the program's homepage that misses a couple of features and will display a reminder after 30 days of use that you should upgrade to the paid version of the software. It remains fully functional though, and the author notes that users are encouraged -- but not required -- to upgrade to the paid version.
The paid version offers two additional features that are not available in the free version of the software. You can force programs to run in the sandbox, which means that they will be launched in the sandbox environment regardless of how they are started.
The second feature lets you create and use multiple sandboxes on the system.
It is available for the reasonable price of €15.
Note: Sandboxie 4.06 was used in the review.
Installation of Sandboxie is straightforward. The program is compatible with 32-bit and 64-bit versions of Windows, and a short introduction is displayed to you on first run. It explains the core concepts of the program.
The program itself adds an icon to the System Tray that you can use to control it, and to open Sandboxie's main window.
A default sandbox is available right away. If you are using an unregistered version of Sandboxie, it is the only sandbox that you can make use of. If you are using the paid version, you can add other sandboxes to the application, for instance for different tasks like banking or Internet browsing.
Run programs in the sandbox
To run programs in a sandbox, select Sandbox > DefaultBox > Run Sandboxed > Run from the toolbar menu. Web browsers, Email clients and Windows Explorer are displayed here directly, but you can also use the menu to run a program from the start menu or any program in the sandbox.
It is alternatively possible to drag and drop applications -- or their shortcuts -- into the Sandboxie environment to run them sandboxed.
Sandboxie adds a context menu item to Windows Explorer which you can also use to run programs or files in the sandbox.
In addition to that, you can also create shortcuts for sandboxed programs. To do so, do the following:
You can run the shortcut whenever you want to load the software it links to in the selected sandbox.
Note: If you run a program in a sandbox, it means that it won't be able to interact with data on the system in a permanent fashion by default. This may be problematic in some cases. Say you run Firefox in the sandbox and the browser updates itself to a new version.
When you close Firefox or terminate the sandbox, the update is gone and you will be asked to update again next time you run the program.
In the case of updates, be it program updates or updates to add-ons, it is best to run the program outside of the sandbox during the update so that it can update just fine.
Registered users who force programs to run in the sandbox can disable forced programs for a short while using the tray icon menu.
The same is true for downloads that you make for example.
Sandboxie offers controls to bypass the sandbox in certain cases.
Sometimes, you may want to allow programs access to certain files on the underlying system. In the case of web browsers, you may for instance want to keep new bookmarks, passwords and session cookies.
Sandboxie offers default controls for popular programs such as the Firefox or Internet Explorer web browser, Thunderbird and Outlook email clients, and various other products such as security software, download managers or PDF readers.
Firefox users can for example enable direct access to passwords, bookmarks, cookies or sessions directly here.
While you could navigate to the sandboxed folders to move files out of it while the sandbox is up and running, it is often better to use Sandboxie's Quick Recovery or Immediate Recovery features instead.
Whenever you close a sandbox, or run Quick Recovery manually, contents of select folders will be scanned for files that you have saved to them while the sandbox was up and running. The default locations are the downloads folder, My Documents, Favorites and the Desktop.
The idea here is to provide you with the means to save files that would otherwise be lost when the sandbox is terminated.
Tip: You can add folders to Quick Recovery under Sandbox > [Name of Sandbox] > Sandbox Settings > Recovery > Quick Recovery.
Immediate Recovery automates the recovery process for you. It monitors select folders on the system and file extensions, and will suggest to move them out of the sandbox as soon as they get saved in a program that is running in the sandbox.
The benefit here is that you do not have to invoke the recovery manually.
Tip: You can disable the Immediate Recovery feature under Sandbox > [Name of Sandbox] > Sandbox Settings > Recovery > Immediate Recovery.
Identifying sandboxed programs
All programs that you run in a sandbox look on first glance just like any other program you run on your system. When you move the mouse cursor to the window border however, you will notice a colored border that is painted around it by Sandboxie. This indicates that the program is sandboxed.
You can naturally also see that in the main program window, as all sandboxes and programs running in them are displayed here at all times.
Another option that you have is to click on File > Is Window sandboxed to find out if a particular program window is running in the sandbox.
In addition to that, it is possible to add permanent indicators to windows. You find the options under Sandbox Settings > Appearance.
The first option that you have is to make the window border that Sandboxie adds permanently visible instead of just when you hover the mouse cursor over it.
The second option is to add an indicator to the window title (#) or to show the sandbox name in the title directly.
Terminating a sandbox
Once you are finished using a sandbox, or more precisely the programs within, you can terminate it. Simply select the delete contents option from the tray icon menu or from the main window's menu bar.
Sandboxie will display a Delete Sandbox window that displays any files that you may want to save before the sandbox is deleted.
By default, the sandbox is not deleted automatically when you close the last program that runs in it. You can change the behavior under Sandbox Settings > Delete > Invocation to automatically delete contents of sandbox.
When you close the last program after making the change, the sandbox itself will be deleted as well.
Which programs should you run in a sandbox?
While it is possible to run any third-party program in the sandbox, it is usually better to run only programs in it if system security benefits from it.
All programs with network or Internet connections like web browsers, email client, messengers or P2P software need to be mentioned in this regard among others.
The reason for this is that they are exposed to attacks from the web, be it through user action, e.g. the download of a new program or file, automatic attacks such as drive by downloads, or indirect attacks where files get downloaded automatically but need to be executed by the user.
Sandboxie is an excellent security software for the Windows operating system. It should be used in addition to traditional security programs such as antivirus software, and if configured and used correctly, will improve system security significantly.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.