Test Center: Sandbox security versus the evil Web
Five products strive to trap drive-by downloads and other threats in a virtual Web browsing space, with mixed resultsFollow @infoworld
After you install SafeCentral, which requires a multistep process more complicated than its competitors, it loads a custom version of Firefox and modifies the toolbar in Internet Explorer, if it finds Internet Explorer on your system. Various "elements" are installed to secure and protect the desktop from the custom version of the Firefox browser and vice-versa.
When the user is in a secure Firefox browser session, the rest of the system is dimmed (see Figure 1) and interaction is restricted in significant ways. If you click any program or desktop area outside of the browser, the secure browser session is paused and dimmed. Every switch between the protected browser session and the desktop took an extra click and often caused slightly uncomfortable latency. It reminded me of Microsoft Windows Vista's "secure desktop" feature that accompanies User Account Control (UAC) protection, except that Microsoft's secure desktop provides significantly more separation and security.
In extensive testing, SafeCentral did not allow a single silent install in Firefox, except for the Adobe Flash clipboard hijack, which every other product missed as well. That's about the only good point I could give this product, and one that would be matched by a fully patched browser as well. In my testing, SafeCentral permitted hundreds of malware downloads, if the site "fooled" the user into downloading and running the program. At no time did SafeCentral stop any malware download initiated by the user, or prevent the subsequent system modification, or ever warn the user of the impending potential damage. For example, Figure 2 shows a fake MSN.com site requesting to install an update to the Adobe Flash Player.
Protection was worse for Internet Explorer. Even though SafeCentral modified the toolbar and offered an indication of alert messages, it allowed nearly every silent malware install I threw at it, without so much as a peep. Clicking the SafeCentral toolbar icon (with Internet Explorer) simply launches the further secured version of the Firefox browser, which doesn't help when visiting the millions of Web sites that require Internet Explorer. Overall, I saw no advantage to using SafeCentral with Internet Explorer and questionable value with Firefox. The strength of this product lies with its DNS and anti-phishing protection. Those who want protection against browser threats should look elsewhere.
Sandboxie is a superquick download (421K) and an easy install, supporting Windows 2000 and later Microsoft operating systems. It can be used to provide sandboxed protection (for files, disk devices, registry keys, processes, threads, driver objects, named pipes, mailbox objects, events, mutexs, semaphores, sections, and LPC ports) while running any program, including any Internet browser, command prompts, and Windows Explorer. It has a multitude of configuration options and a good interface that is directed more toward technical end-users.
Sandboxie offers many runtime and configuration choices over two main views: Programs (Figure 1) and Files and Folders (Figure 2). Both figures show Sandboxie running with active malware. At any point, the user can choose to terminate sandboxed programs and delete or restore the involved objects.