Besides full-blown Virtual machines (VirtualPC, VMware server is free) there are application level virtualization sandboxes..
Sandboxie is perhaps the most famous -
http://www.sandboxie.com/A recent new entry is SafeSpace (beta/freeware) -
http://www.artificia...gister-personal.aspxBufferZone as already being mentioned (freeware for single app), GreenBorder has being sold to google and might be released free in the future.
Another one lesser known is Virtual Sandbox -
http://www.fortresgrand.com/There's also
http://www.vappware.com/vapp/ but I don't recommend it.
There are other sandboxes that are "policy control type sandboxes" , they don't virtualize the file system but just sandbox programs and prevents them from carrying out certain potentially dangerous actions.
Popular examples are
GeSWall (free version), Coreforce (free), Defensewall, DriveSentry (free) etc
http://www.gentlesec....com/getstarted.htmlhttp://www.drivesentry.com/index.htmhttp://force.coresec...se&page=downloadNext there are apps that use windows own built in policy management. They either make it easier to run all the time in none-admin accounts (Sudown) or conversely run selected programs like browsers with restricted rights (drop myrights).
http://sudown.sourceforge.net/http://cybercoyote.o.../security/drop.shtmlThere's also Altiris Software Virtualization Solution (free)-
http://www.svsdownloads.com/ which I don't know how to classify but that one isn't meant as a sandbox/ for security purposes.
Lastly there is Retunril (free) , PowerShadow, Shadowsurfer, firstdefense, rollback rx, Windows SteadyState (free) which are often called virtualization, but are closer to rollback tools.
These software allow you to "freeze" the system partition (and sometimes other partitions). Once in this frozen stages (often called Shadow , virtualization or protected mode as well) any further file changes made to the partition during this period will only be temporary stored elsewhere (though it appears as normal to the user) and will be discarded once the system gets out of the frozen or protected state (typically at the next re-start).
There is 0% protection while in that state, malware is free to act as usual, but you are certain to restore back to pre-clean state.
Of course if you are the paranoid type and want to watch all programs and want granular control so you can give specific and indidivual permissions to each and every program as compared to sandboxing where the bunch of permissions of sandboxed processes are generally fixed, you should try out other HIPS like System Safety monitor or ProSecurity, but that's a whole other kettle of fish.
http://wiki.castleco...ization_-_Comparisonhttp://wiki.castleco...ticing_Safe_Installshttp://wiki.castleco...f_freeware_sandboxeshttp://wiki.castleco...eware_virtualization
Show Posts
