Can you really "sandbox" a browser?

4

I’ve played around with SandBoxie & I use Hyper-V all of the time, but is it truly possible to be protected since it has to be interacting with the host system to run. Can you run a process in an operating system while also isolating it from that same OS?

My gut feeling is, it may give a user a false sense of invulnerability and therefore make them MORE likely to be infected.

Comments (4)

4 responses to “Can you really "sandbox" a browser?”

  1. SWCetacean

    By that logic, no program can be sandboxed, because all programs run in an OS and use its facilities. Any graphical program must go through the OS to render anything, because only the OS can access hardware. Any console program will use the OS's I/O systems to display output and acquire input.


    All modern OSes already "sandbox" programs in other ways; the user/kernel privilege split and virtual memory are 2 ways that programs running on an OS are isolated from it.


    Sandboxing limits the damage that an errant program can do to the filesystem and settings, so that it cannot overwrite the OS files and settings, and can be disposed of cleanly if needed. The OS exposes APIs that all programs use to do things; that's unrelated to the sandbox. The sandbox doesn't prevent a program from using the OS's services, it limits what the program can do to the OS.


    As for your gut feeling, you could probably test your hypothesis by looking at user data. A few years back, Google Chrome started using sandboxing for each tab. If your hypothesis is correct, then Google Chrome adding sandboxing would result in more infections among Chrome users after it was implemented. Also, if people using sandboxes get a false sense of security, then people using Sandboxie should experience more infections than people who don't. Does the data fit the hypothesis?

  2. wright_is

    Sticking it in a VM and going back to a snap-shot after each browing session would work. But you can't, for example, give the VM access to a share on the host computer to share data.

    If it is running native, there is always a chance to break out, when it isn't running with a proper VM environment

    That is, of course, assuming the hardware, the VM and all operating systems are patched against all know security holes, like Meltdown and Spectre, for example.

  3. dcdevito

    Chrome OS does it really well.

  4. dhoomkethu

     Facetime for Windows 10 designed as a traditional application, where you can able to make video calls and video chatting. Then with the help of Facetime for PC, you can able to experience the high-quality call features just by using the internet connection. 

Leave a Reply