5 Oct 2010

Run un-trusted applications securely

Most of the time, you install a third party application and take the risk of running it on your Operating System without knowing the consequences. In most of the cases, the application may be genuine in nature and may not cause any harm to your operating system.
But you never know which application that you have installed in the past start messing up with your files and folders, the registry values etc which may, in turn trigger a remote application and cause the havoc! To prevent the core Operating System from being infected or files getting changed, Windows had created a virtual environment called User Access Control (UAC) (started with Windows Vista). Such a virtual environment is temporary and corresponding files get deleted upon reboot and system is restored back to its normal settings. You can also run such un-trusted applications in a controlled environment by using Sandbox technology.  Sandbox is in use since almost a decade now but seen less implemented widely across the globe. Lets have a walkthrough on the technology to understand better.

What is Sandbox? 
The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. The ability to access network and inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization like UAC provided by Windows Vista itself.

How does it help?
Every action you perform on your workstation is being logged and monitored by the OS, and system files getting overwritten continuously. So until you realize that there is something wrong with your workstation after using an un-trusted application, your system files are already messed up. So how do you protect it?  Sandbox basically runs the application in a virtual environment and protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. This allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the originally configured 'frozen' state of the operating system is restored. So basically, t protects the core operating system and configuration files on a workstation or server by restoring a computer back to its original configuration each time the computer restarts.
Courtesy: http://www.sandboxie.com/


comments powered by Disqus