The web browser is your interface with the Internet, and consequentially all the bad code that is transmitted with it.  Your security is primarily compromised by through the browser, as in most Windows machines you're running programs as a root/Administrator user with far too much access.


One method of protecting yourself is to run a Virtual Machine.  This is an emulated Operating System, but that's a bit overkill.  You need to give it all the resources to run the operating system itself when all you want to run is one program.


At the same time, while I still recommend using anything but Internet Explorer as an improvement in security, it's not as if Firefox, Opera and others are perfect.  Ideally the programs you use that are connected to the web can only affect that connection to the web and itself, and nothing on your own system, such as files/folders, the registry or anything else that could potentially do harm, regardless of any exploit found in the browser itself.


This ideal is fully realised in the program Sandboxie.


I wrote a program in college for a report on web security that allowed me to replace Internet Explorer with Notepad via ActiveX code embedded in a web-page.  Sandboxie completely thwarts this kind of exploit.


You can set specific directories as accessible for a browser, such that you can still download files to your computer yet not expose anything at all important.


Sandboxie also adds the ability to right-click any program and have it run in Sandboxie quickly and easily.  Additionally, for heavily used programs such as a web-browser, you can set program shortcuts to run directly in Sandboxie by right-clicking the shortcut, then adding the Sandboxie shortcut before your program shortcut in the shortcut text field, so that it looks something like this:


"C:Program FilesSandboxieStart.exe" "C:Program FilesInternet Exploreriexplore.exe"


This, finally makes Internet Explorer secure.


If you're thinking, "What about Trojans?" well, good question for one.  When installing programs, you can create give the .exe only access to the installation directory and nothing else, allowing an installation while sandboxed and protected.  Consequently, it can be used as a method of avoiding registry bloat.


The only downside here is that the program is essentially a 30-day trial before it starts begging for money.  But given the amount of time spent with malware issues, the amount of resources wasted on antivirus, 20 Euros is a pretty good investment for near web invulnerability.
Posted by Ellyoda Sat, 22 Nov 2008 23:04:40 (comments: 5)
 
Sun, 23 Nov 2008 04:19:51

Hmm, sounds like an interesting program. I'll have to look into it soon.

 
Sun, 23 Nov 2008 22:10:39

Sounds like more of a hassle than Vista's security measures.

Also when you're installing most .EXEs don't they need to put DLLs and the like into the Windows folder?

 
Sun, 23 Nov 2008 22:22:12
installations aren't its intended purpose, just a concept I found useful.

Programs in Windows are typically comprised of three parts:
1 - The program folder itself
2 - Registry entries
3 - Local Settings/Application Data folders

The program folder is what you allow, and the Local/Application Data folders are typically created when you run the program if they don't exist anyway, so basically it just kills the registry entries.  Some programs can be installed like this, some can't.

The important part of Sandboxie is that it's absolutely minimal hassle.  Change the shortcut you use to open your browser to run sandboxed and you don't have to do a thing after that.  And at anytime with any program, you can right-click and run as sandboxed.

This is primarily an application to strictly forbid web browsers from having too much power.
 
Mon, 24 Nov 2008 00:59:06

Well, I just installed it. So far, everything seems to be working just fine. It changed my Opera shortcut icon to Sandboxies icon, but I was able to change it back to Opera's easily enough.

Do I need to do anything else besides adding Sandboxie's shortcut to my Opera shortcut, Yoda?

 
Mon, 24 Nov 2008 03:03:24
Nope, doing that will automatically run it as sandboxed.  You can double check by opening the Sandboxie control panel by double clicking the taskbar icon to make sure Opera's in there.  Similarly, you can try to download a file to a location you haven't given Opera access, such as just the top level C:
Log in or Register for free to comment
Recently Spotted:
Login @ The VG Press
Username:
Password:
Remember me?