Sandboxie - A Virtual Protection

[heero_yuy]

I seem to recall a saying something along the lines of "Computer security takes a genius months to set up and a fool seconds to defeat"

Given the genius to fool ratio in the population a layered approach makes perfect sense.

[Qtx]

Sandboxie can be useful but as part of a security solution and in some circumstances but you don't run it instead of antivirus or other products. It's far from perfect and programs can and do get out of the Sandboxie sandbox. An exploit would normally move from being contained in the sandboxie container to getting in to the memory space of a program outside of the container and then executed, using whichever technique is feasible at the time. A lot of malware droppers do checks to see if they are being run in a virtual machine or sandbox and either decide not to run or to use methods known to them to bypass it.

You also have to remember that every time you introduce another product/layer of security, you are also adding in another attack vector. There have been plenty of exploits that infect your system via vulnerabilities in firewall software, most antivirus programs and Sandboxie will likely be no different, even ignoring the kernel level issues it can't contain.

Running a 20kb keygen using sandboxie is something you should feel safe about...yet never say never