How to test Windows software in a secure environment
As a Windows user, it is always good to be extra cautious when it comes to running programs on Windows PCs as a single-click may cause all kinds of troubles.
While malware may be the most common attack form, there are numerous other types of attacks that may be executed during program execution. For instance, ransomware may encrypt important documents on the system, or a program may collect and transfer important files and information about the system to a server on the Internet.
Security software helps protect the system against these threats but there is always the chance that something could slip by.
That's where secure environments come into play that you execute Windows software in. They separate the program execution from the underlying system restricting the program execution effectively so that it cannot harm the underlying operating system, files, programs or preferences.
The following guide walks you through the steps of installing and running your own test environment. While it may not be as efficient for monitoring purposes as a virtual machine, it is convenient to use, requires little memory and almost zero configuration.
Setting it up
First thing you need is Sandboxie, a program that is offered as a free and paid version. The paid version offers additional features but the free version is sufficient when it comes to running programs in a secure environment. Probably the most interesting feature that only the paid version of Sandboxie supports is the forcing of programs so that they run always in a sandboxed environment.
Download the program from the official website and run the installer afterwards. It contains no surprises and ends with the installation of a driver that is required for the program's functionality.
Sandboxie should start up automatically afterwards with a prompt highlighting running programs on the system and giving you options to improve compatibility with those programs. You may skip the step and check the "don't check software compatibility" box to prevent these checks from being run on start.
A getting start guide is loaded afterwards that explains the basic functionality of the sandboxing program.
Configuring Sandboxie
The free version is limited to a single sandbox that you can run programs in. The program is set up for that already and you don't really need to change anything to get started.
One of the easier options to run a program in the sandboxed environment is to right-click on it in Windows Explorer and select the "run sandboxed" context menu entry.
This opens a dialog in which you are asked to pick the sandbox that you want to run the program in. Select DefaultBox and click on ok. If the program requires elevated rights, check the "run as UAC administrator" box first before you do so.
The program is then executed as if it would be run on the underlying system without sandbox. The fact that a program is run in a sandbox is highlighted in the program's title.
Sandboxie supports several other indicators. The borders of sandboxed program windows are highlighted, the program is listed in the main Sandboxie interface, and you may use File > Is Window Sandboxed to check specific windows as well.
You can use the program from that moment on, for instance to test its functionality or monitor how it behaves on the system.
Since it is run in a sandbox, it is only accessible on the system for as long as the sandbox is up and running. It is possible to terminate any program running in the sandbox at any time. If you do so, all traces of the program are removed from the system as if the program was never run on it.
Sandboxie is an excellent program for software testing. If a program seems suspicious, you may simply run it in the sandboxed environment to do so without exposing the underlying Windows system to potential harm.
Now you: Are you using Sandboxie or another solution to run programs in?
Now Read: How to reduce the risk of downloading Windows malware from the Internet
Sandboxing is an important security technique that isolates programs, preventing malicious or malfunctioning programs from damaging or snooping on the rest of your computer.
I prefer using Toolwiz Time Freeze 2016 3.2.0.2000, it’s a freeware.
Homepage: http://www.toolwiz.com/products/toolwiz-time-freeze/
You might also want to write an article about “Buster Sandbox Analyzer” for Sandboxie.
But since you mentioned Virtual Machines – you have to be aware, that well designed malware can detect if it is in a VM and thus will not run malicious code! You have to take certain measures for example in VMWare to change the default engine settings to disable all that stuff that could identify the VM.
Manual testing is the recommended option.
As mentioned in other comments, because it utilizes an isolation method, Sandboxie does not work with programs which require access to system files – shared dlls, etc. When this happens I use Toolwiz Time Freeze (old engine) which utilizes a snapshot method allowing access to system files. When finished; select ‘drop changes’, a quick reboot, and all gone.
+1 what Rick said ~~ for some programs, you’ll need to revise the default set of policies (settings) for the sandbox.
Across hundreds of various programs (quessing 400+) I’ve run sandboxed through the years, only about 5 have ever flat-out refused to run within sandbox container… and I gladly avoided/abandoned using those.
You don’t have Sandboxie configured correctly for these apps then. They will indeed run; but not using the default sandboxie config.
in a word –timefreeze
. ”’You are posting comments too quickly. Slow down.”’ —-1 comment Martin ???
I see that too, occasionally. Can happen if javascript is disabled? or if the page didn’t load properly? I’m not sure what causes that hiccup.
The article contains inaccuracies:
“Since it is run in a sandbox, it is only accessible on the system for as long as the sandbox is up and running. It is possible to terminate any program running in the sandbox at any time. If you do so, all traces of the program are removed from the system as if the program was never run on it.”
For any program installed to sandboxed path, if you create a destop (or StartMenu) shortcut to it… its sandbox will be automatically launched and the program will run sandboxed. Wording in the article suggests that a sandbox-installed program can only be used “for as long as sandbox is up and running”. The point is this: launching a sandboxed app via its shortcut doesn’t involve a separate, manual step (“get the sandbox up and running”), that step happens transparently.
Unless you specifically (optionally) configure the sandbox to “delete sandbox contents when the last process terminates”, hell no, “all traces…as if the program never ran on it” (implying that you would need subsequently re-install the sandboxed program in order to use it again) doesn’t automatically happen.
Some years back I used to install all manner of programs in a virtual environment for testing–there was this great little program which let you do it really easily. But, then Symantec bought the company and the program turned to crap (so, the usual problem with Symantec acquisitions); I don’t even remember its name now. Sandboxie wasn’t all that stable back then–may be time to try it again.
It was Altiris SVS, an excellent soft !
You can download it from this link,click on Trialware,it’s free for home users (even it says trialware).
http://www.symantec.com/workspace-virtualization
I like Sandboxie but in my experience some programs just don’t like running in the sandbox so I have always preferred to virtualize the whole system rather than individual programs. On my PC I run Windows 7 x64 from a Solid State Drive and experienced issues with a number of so-called ‘light virtualization’ programs (Shadow Defender, Wondershare Time Freeze, Toolwiz TimeFreeze) which failed to isolate my real system.
After some research I found the problem was due to the TRIM feature being enabled on my SSD. The feature can be turned off but I was reluctant to risk potential performance loss from the SSD. Fortunately I stumbled upon the ‘Try & Decide’ feature that’s built into Acronis True Image Home and it works perfectly with TRIM enabled.
Would be interested to know if there are any similar programs that can handle SSD’s with TRIM enabled.
An essential tool for Sandboxie is MiTeC Windows Registry Recovery (http://www.mitec.cz/wrr.html).
You can use this tool to view the changes that the sandboxed application has made to the virtual registry.
sandbox is created in RAM or written to HDD ?
which is better : sandboxie or sandbox of 360TS ?
sandboxie’s sandboxes (in paid version, you can create and maintain an unlimited number of boxes) are written to HDD
Which is better? I have no idea what “360TS” refers to, so good luck with that.
best method is Shadow Defender it is revert your system to sate before installing software.can keep clean fully your system
sandboxie is also very good but not working with any software(i know we can config it but we can not fully restore system)
I usually stick with just using virtualbox
Same for me. I find VirtualBox a great method to test software in a secure way. An advantage of VirtualBox over Sandboxie is that using snapshots you can move both backward and forward in time between different states.
I’ll sure be glad when the Windows 10 version is finished.
why ? and what does this ahve to do with this topic ?
The current version of Sandboxie has issues with Windows 10; I think you read the comment as “when windows 10 is finished” as opposed to “when Sandboxie that is Windows 10 compatible is finished”.
As always with ‘free’ programs, read the license terms:
• For personal use, you are encouraged, but not required, to upgrade to the paid version.
• For non-personal use (including commercial, educational, governmental, and not-for-profit use), Sandboxie must be properly licensed.