What does it mean to run in a sandbox on a computer. Everything you wanted to know about the Sandbox server. What is PUBG Battle Royale in WOT

IN Lately cybercriminals have become so inventive that reports of virus outbreaks are not surprising and have become, in general, commonplace. However, seeing the news about the distribution of a new Trojan on 3DNews is one thing, but finding this same Trojan on your computer is quite another. You can find a lot of advice on the Internet on how to avoid becoming a victim of fraud, from using modern versions of software that fixes all known vulnerabilities, to having a reliable modern security solution on your computer.

However, in some cases, even the most reliable firewall and the most eye-catching antivirus do not save the user from infection. This happens when the computer protection program is not sure about the malicious action of the application being launched or the script being executed on the web page, and therefore leaves the decision to allow the action to the user. You may well decide that the antivirus is unnecessarily suspicious, or simply click on the "OK" button with the mouse, thereby allowing the execution of malicious code.

What to do? Is it really better not to launch new applications because of the possibility of catching a Trojan, but to abandon web surfing altogether? There is a great solution, which for many can be a great addition to all means to protect your computer from pests. We are talking about working with applications in the "sandbox".

A "sandbox" is an isolated environment for which a small amount of hard disk space is allocated and which does not depend on the real operating system. When you run a program in a sandbox, it works just like a normal application, but it cannot affect any system components that are outside the sandbox. This means that it is not possible to make changes in the sandbox. system registry, replace system files, or perform any other action that may affect the stability of the system. Thanks to this, the sandbox can be used to surf the Internet safely and to run unknown applications. There are other uses for such an isolated environment, for example, programmers and testers can run unstable versions of programs in it.

⇡ "Sandbox" in Kaspersky Internet Security 2010

The fact that working with applications in the "sandbox" can be useful to the widest range of users is evidenced by at least the fact that the corresponding opportunity appeared last year in Kaspersky internet security. Users of this security package may be able to work with suspicious applications in an isolated environment if they open them through the context menu item. windows menu"Run in a safe environment". For clarity, the window of the program running in the isolated environment will be surrounded by a green frame.

Kaspersky Internet Security also allows you to compile a list of programs that can be potentially dangerous (you can include, for example, a browser). To do this, open the "Application Control" section in the application settings and use the "Add" button to add the application to the list. If you then open the application from the Kaspersky Internet Security window, it will run in an isolated environment. It is convenient to use such a function, say, if during the session in the browser you plan to visit sites that may contain suspicious code. In addition, such a function can be a good replacement for the privacy mode that appeared in latest versions popular browsers.

However, it should be noted that Kaspersky Internet Security provides only the most basic features running programs in the sandbox. Specialized applications have much more options. Let's look at some popular programs designed to work in an isolated environment.

⇡ Sandboxie 3.44

• Developer: Ronen Tzur
• Distribution size: 1.6 Mb
• Distribution: shareware
• Russian interface: yes

Sandboxie is without a doubt the most known solution to organize the sandbox. The program uses the classic protection method - the application specified by the user is placed in an isolated environment, as a result of which it cannot affect the operation of the system. Interestingly, Sandboxie was designed to be used with Internet browser Explorer, which is one of the most popular targets of cyber criminals. However, nowadays Sandboxie can work with almost any Windows application.

One of the features of Sandboxie, which distinguishes it from many other programs of this kind, is the ability to create an unlimited number of "sandboxes". In this case, the user can make a list of applications that will run in each of them. By default, the program itself creates a "sandbox" called DefaultBox, so you can start working with Sandboxie immediately after installation. To open a program or document in a sandboxed environment, select the "Run in Sandbox" command that appears on the Windows context menu.

If you create additional sandboxes in the future, you can ask the program to open files and applications in a different sandbox instead of the DefaultBox. To do this, select the "Sandboxie Start Menu" item from the "Start" menu and change the "sandbox" that will be used by default.

You can run applications in an isolated environment not only from the context menu, but also directly from the Sandboxie window. To do this, right-click on the name of the "sandbox" and select the appropriate command (this menu is also available when clicking on the Sandboxie icon in the system tray).

By the way, to speed up the selection, you can use the commands "Launch Web browser" and "Launch mail client", which open applications installed on the system by default. Using context menu sandboxes, you can perform other commands, such as one-click to close all applications running in the sandbox, view the contents of sandboxes, or completely delete them.

In order to quickly identify a program that is running in an isolated environment, Sandboxie provides a special command "Window in the sandbox?", When selected, a special crosshair appears on the screen, dragging it to the desired window, you can get information about the status of the program.

However, if the sandbox works with default parameters, then this tool is not needed, since the [#] icon appears next to the application name in the header. If for some reason you want to disable the display of the icon in the header, this can be done in the sandbox settings. In addition, you can add the name of the "sandbox" to the title of the window, as well as draw a thin border of any color around the window, which will help to more clearly identify belonging to it.

By referring to other sandbox settings, you can flexibly configure permissions to access different resources. So, you can determine which files and folders will be blocked from access, which programs will be able to access read-only, and also configure interaction with system registry keys.

If necessary, in the sandbox settings, you can specify applications that will be forced to run in it. In other words, when starting specified file Sandboxie will intercept the application and prevent it from working normally. The program allows you to specify not only individual executable files, but also folders, when you run any applications from which they will open in a safe environment. The latter possibility can, for example, be used to launch new programs that have been downloaded from the Internet to the Downloads folder.

⇡ BufferZone Pro 3.31

• Developer: Trustware
• Distribution size: 9.2 MB
• Distribution: shareware
• Russian interface: no

BufferZone Pro is another good decision to work with applications in an isolated environment. While the program can run a variety of applications in the sandbox, it is primarily designed to work with browsers, IM clients, peer-to-peer file sharing programs, and other Internet software. This is evidenced at least by the fact that BufferZone initially has a fairly extensive list of applications that are launched by default in safe mode. Among them Mozilla Firefox, Google Chrome, ICQ, BitComet, Skype, GoogleTalk and others. The user can edit this list at his own discretion, adding to it additional programs and removing unnecessary ones.

Similar to the utility discussed above, BufferZone can monitor all applications that run on the computer and redirect them to the sandbox. BufferZone can also block the launch of any unknown programs.

Unlike Sandboxie, this program does not provide the ability to create multiple "sandboxes". The windows of all programs that are running in the sandbox are surrounded by a red frame. See which programs are in this moment work in an isolated environment, you can also in the main BufferZone window. Brief statistics about the operation of programs in an isolated environment are also displayed here. BufferZone not only counts how many actions were performed by such applications in total, but also keeps a record of potentially dangerous operations in the system, as well as security-related threats that were prevented.

In the event that a program running in a sandbox has executed malicious code or other destructive action, you can quickly remove all data related to applications running in a sandbox. In addition, there is the possibility automatic cleaning such data according to a user-defined schedule.

BufferZone also has some additional features that are not directly related to the organization of the "sandbox", but help to increase the overall level of computer security. So, using the program, you can prohibit opening files from external hard drives, DVDs, and USB drives, or allow such data to be accessed only in an isolated environment.

In conclusion, we note that in addition to paid version BufferZone Pro is also available as a free edition of the program. It implements a number of limitations, for example, it is not possible to create a snapshot of a virtual environment and restore the data saved in it. In addition, the free version has fewer applications for which protection is enabled by default.

⇡ Conclusion

When choosing a specialized program for running applications in a sandbox, you need to keep in mind that there are two main approaches to organizing an isolated environment. In the first case, a "sandbox" is created for applications specified by the user, and during one session of working at the computer, he uses both such programs that are running in an isolated environment and those that work in normal mode. Programs that use this approach to organizing system protection were discussed in this article.

However, this solution is not always acceptable. There is a second approach to organizing the work of software in an isolated environment, which involves the creation of a "sandbox" the size of an entire operating system. This creates an image of a working system, after which the user starts working with it, and not with the real environment. All actions performed by him are saved only until the reboot, and after it is completed, the system returns to the initial state. This solution is convenient to use on public PCs, for example, in Internet cafes, in computer classes, etc. We will talk about programs with which you can organize such protection in the second part of the article.

It is a mistake to believe that the built-in protection of the operating system, antivirus or firewall will completely protect against malware. However, the harm may not be as obvious as in the case of viruses: several applications can slow down Windows work, lead to various kinds of anomalies. Over time, the consequences of uncontrolled processes on the part of "amateur" software make themselves felt, and uninstallation, deletion of registry keys and other cleaning methods no longer help.

In such situations, sandbox programs, which this review is dedicated to, can play an excellent service. The principle of operation of sandboxes is partly comparable to virtual machines(Oracle VM VirtualBox and others, VMware Virtualization). Thanks to virtualization, all processes initiated by the program are executed in a sandbox - an isolated environment with strict control of system resources.

This method of code isolation is quite actively used in anti-virus software (KIS 2013, avast!), in programs such as Google Chrome (Flash works in the sandbox). However, one should not conclude that sandbox programs are a complete guarantee of security. This is just one of the effective additional means to protect the OS (file system, registry) from external influences.

A review of the program for creating a virtual environment has already been published on the site -. Today, other applications will be considered, in a broader sense: these are not only desktop solutions, but also cloud services that improve not only security, but also anonymity, making it possible to run from removable media, from another computer.

Sandboxie

Developer Ronen Tzur compares the action Sandboxie programs with an invisible layer applied on top of the paper: any inscriptions can be applied to it; when the protection is removed, the sheet will remain intact.

There are 4 main ways to use sandboxes in Sandboxie:

• Secure internet surfing
• Privacy Improvement
• Secure Email Correspondence
• Keeping the OS in its original state

The last point implies that you can install and run any client applications in the sandbox - browsers, IM messengers, games - without affecting the system. Sandboxie controls access to files, disk devices, registry keys, processes, drivers, ports, and other potentially insecure sources.

First of all, SandboxIE is useful in that it allows the user to flexibly configure sandboxes and privileges using the Sandboxie Control shell. Here, through the context and main menu, the main operations are available:

• Starting and stopping programs controlled by Sandboxie
• Viewing files inside a sandbox
• Restoring the files you need from the sandbox
• Deleting all work or selected files
• Creating, deleting, and configuring sandboxes

To run the program in the sandbox, just drag the executable file into the Sandboxie Control window, into the sandbox created by default. There are other ways - for example, the menu Windows Explorer or notification area. The window of a program running in an emulated environment will have a yellow border and a hash mark (#) in the title.

If, when working with a sandboxed program, you need to save the results to disk, any desired source is specified - the files will be placed in the sandbox folder, while specified address, outside of the sandbox, it won't. To "real" transfer files from the sandbox, you should use the restore option. There are two types of them - quick or immediate, in both cases, before starting the program in the sandbox, you need to configure folders for recovery ("Sandbox Settings - Recovery").

More detailed access settings are located in the "Restrictions" and "Access to resources" sections. They may be required if the application cannot run without certain privileges (requires a certain system library, driver, etc.). In "Restrictions", in relation to programs or groups, access to the Internet, to hardware, IPC objects, as well as low-level access is configured. In "Access to resources" - the appropriate settings for files, directories, the registry and other system resources.

Also in the Sandboxie settings there is an important section "Applications", which contains groups of programs for which access to the specified resources is granted. Initially, all list items are disabled; to apply changes for a specific application, you need to mark it in the list and click the "Add" button.

Thus, it is possible to create sandboxes with different parameters. It is allowed to clone the configuration of an existing sandbox, for this, when creating a new one, from the drop-down list, select the environment from which you want to transfer the settings.

Summary

With the Sandboxie application, you can create virtual environments of any configuration, without user restrictions. Sandboxie provides a large number of settings for both individual applications and sandboxes.

[+] Flexible configuration of each sandbox
[+] Creating rules for a group of applications
[-] You can't create distributions
[-] No setup wizard

Evalaze

It is symbolic that Evalaze originates from the Thinstall 2007 program, currently VMware.

Evalaze is not as well-known as Sandboxie among sandboxing programs, but it has a number of interesting features that distinguish it from a number of similar solutions. Thanks to virtualization, applications can be run in a standalone environment from any computer, regardless of the availability of drivers, libraries, or newer versions of the application being launched. It does not require any prior configuration or additional configuration files or libraries or registry keys.

Evalaze does not require installation, one caveat: you need Microsoft . NET Framework version 2.0 or higher. In the free version, as well as in the professional edition, a virtualization setup wizard and an unlimited number of virtual applications are available. You can download a trial version from the developers' site only upon request (see the developers' email on the site).

The resulting configuration can be saved to a project. From start to finish, the virtual application setup process takes longer than, say, Sandboxie, but is more consistent and straightforward.

It should be noted two additional features of Evalaze, which are likely to be of interest to software developers and testers: this is work with a virtual file system and a virtual registry. These standalone Evalaze environments can be edited at your discretion by adding files, directories, keys necessary for the functioning of a particular virtual program.

Also in Evalaze, you can set up associations out of the box: the virtual application will immediately create the necessary associations with files in the OS upon startup.

Summary

A program with which you can create stand-alone applications that are convenient to use in all sorts of situations, which in general facilitates migration, compatibility, security. Alas, free version is practically useless, it is only interesting for a very superficial study of the functions of Evalaze.

[-] Poorly functional trial version
[-] The high price of the Pro version
[+] There is a setup wizard
[+] Virtual file system and registry

Enigma Virtual Box

The Enigma Virtual Box program is designed to run applications in an isolated virtual environment. The list of supported formats includes dll, ocx (libraries), avi, mp3 (multimedia), txt, doc (documents), etc.

Enigma Virtual Box models the virtual environment around the application as follows. Before starting the application, the Virtual Box loader is triggered, which reads the information that is necessary for the program to work: libraries and other components - and provides them to the application instead of the system ones. As a result, the program works autonomously with respect to the OS.

It usually takes about 5 minutes to configure Sandboxie or Evalaze sandboxes. At first glance, Virtual Box also does not involve lengthy configuration. In the documentation, the use of the program is actually contained in one sentence.

Only 4 tabs - "Files", "Registry", "Containers" and, in fact, "Options". You need to select an executable file, specify the location of the final result and start processing. But later it turns out that the virtual environment needs to be created independently. For this, the three adjacent sections "Files", "Registry" and "Containers" are intended, where the necessary data is manually added. After that, you can click processing, run the output file and check the program's performance.

Summary

Thus, in Enigma Virtual Box there is no OS analysis before and after installing the application, as is the case with Evalaze. The emphasis is shifted towards development - therefore, rather, Virtual Box is useful for testing, checking compatibility, creating artificial conditions for running a program. Virtualization of unknown applications will cause difficulties, since the user will be forced to specify all the program's links on his own.

[−] Absence convenient setting
[+] The resources used by the program can be determined independently

cameyo

Cameyo offers application virtualization in three areas: business, development personal use. In the latter case, the sandbox can be used to keep the OS in a "clean" state, store and run applications on removable media and cloud services. In addition, several hundred already configured virtual applications are published on the cameyo.com portal, which also saves user time.

The steps for creating a virtual application are similar to Enigma Virtual Box: first, a snapshot of the system is created before installation, then after it. Changes between these states are taken into account when creating the sandbox. However, unlike Virtual Box, Cameyo syncs with a remote server and publishes the application to cloud storage. Thanks to this, applications can be run on any computer with access to the account.

Through the library (Library) you can download popular system applications (Public Virtual Apps) for subsequent launch: archivers, browsers, players, and even antiviruses. At startup, you are prompted to select an executable file and indicate whether it works stably or not (which, apparently, is somehow taken into account by the moderators of the Cameyo gallery).

Another interesting feature is the creation of a virtual application through . The installer can be downloaded from a computer, or you can specify a file URL.

The conversion process, according to statements, takes from 10 to 20 minutes, but often the waiting time is several times less. Upon completion, a notification is sent to the email with a link to the published package.

Email notification about distribution creation

With all the cloud conveniences, there are two important points to note. First: each program is updated from time to time, and there are rather outdated copies in the library. The second aspect is that applications added by users may violate the license of a particular program. This must be understood and taken into account when creating custom distributions. And thirdly, no one can guarantee that the virtual application posted in the gallery has not been modified by an attacker.

However, speaking of security, Cameyo has 4 application modes:

• Data mode: the program can save files in the Documents folder and on the Desktop
• Isolated: the ability to write to file system and no registry
• Full access: free access to the file system and registry
• Customize this app: modifying the launch menu, choosing where to store the program, etc.

Summary

A convenient cloud service that can be connected to on any computer, allowing you to quickly create portable applications. Setting up sandboxes is minimized, not everything is transparent with virus scanning and security in general - however, in this situation, the advantages can compensate for the disadvantages.

[+] Network synchronization
[+] Access to custom applications
[+] Create virtual applications online
[-] Lack of sandbox settings

Spoon.net

Spoon Tools is a set of tools for creating virtual applications. Except professional environment, spoon.net deserves attention as a cloud service that integrates with the Desktop, allowing you to quickly create sandboxes.

To integrate with the Desktop, you need to register on the spoon.net server and install a special widget. After registration, the user gets the opportunity to download virtual applications from the server through a convenient shell.

Four features brought by the widget:

• Create sandboxes for files and applications
• Tidying up the desktop with shortcuts, quick launch menu
• Safe testing of new applications, running legacy versions on top of new ones
• Undo changes made by the sandbox

Quick access to the spoon.net widget is possible through the combination Alt keys+Win. The shell includes a search string, in combination - the console. It searches for applications on the computer and on the web service.

The organization of the desktop is very convenient: you can drag and drop to the virtual desktop required files, which will sync with spool.net. New sandboxes can be created in just two clicks.

Of course, in terms of setting up sandboxes, Spoon cannot compete with Sandboxie or Evalaze for the reason that they simply do not exist in Spoon. You can not set restrictions, convert a "regular" application into a virtual one. The Spoon Studio complex is intended for these purposes.

Summary

Spoon is the "most cloudy" shell for working with virtual applications and, at the same time, the least customizable. This product will appeal to users who care not so much about the security of work through virtualization, but about the convenience of working with necessary programs everywhere.

[+] Widget integration with Desktop
[+] Quick Creation sandboxes
[-] Lack of settings to limit virtual programs

pivot table

Program/service	Sandboxie	Evalaze	Enigma Virtual Box	cameyo	Spoon.net
Developer	Sandboxie Holdings LLC	Dogel GmbH	The Enigma Protector Developers Team	cameyo	Spoon.net
License	Shareware (€13+)	Freeware/Shareware (€69.95)	Freeware	Freeware	Free (Basic account)
Adding applications to the sandbox	+	−	−	−	−
Personalization (shortcut creation, menu integration)	+	+	−	+	+
Setup Wizard	−	+	+	+	−
Creation of new virtual applications	−	+	+	+	−
Online synchronization	−	−	−	+	+
Setting Sandbox Privileges	+	+	+	+	−
Analysis of changes when creating a sandbox	+	+	−	+	−

Surely at least once in your life you had to deal with untrustworthy applications and scripts that could harm the system. Or you wanted to run the browser in the most isolated environment, so that if it was hacked, nothing threatened your system. Today, such tasks are usually solved using the ubiquitous Docker, but there are many simpler and more convenient tools for quickly launching applications in sandboxes.

Applications to run sandbox programs in isolation

Long before the idea of ​​Docker was born in the minds of its creators, the LXC (LinuX Containers) project appeared. It was based on all the same technologies for separating namespaces (Linux Namespaces) and in the same way allowed you to create a minimalistic execution environment closed on itself (sandbox, container) for running services or insecure applications. However, LXC was not as friendly to new users and did not have Docker features like a layered file system, the ability to quickly download and run a ready-made application, and configs for automatically building environments.

Much earlier, FreeBSD introduced the jail technology, which allows you to create sandboxes similar to chroot, but with an emphasis on a deeper level of isolation. For a long time jail was the pride of FreeBSD and even served as a prototype for the Solaris Zones technology. However, today it can no longer provide the level of flexibility and resource management that LXC and Docker offer, so the whole jail has fallen on the sidelines of history. Today, sandboxes on Linux can be created with many different ways. These are the already mentioned LXC and Docker with their namespaces, this is the seccomp mechanism used by Chrome to isolate tabs and plugins, these are SELinux / AppArmor technologies that allow you to fine-tune the application's access to anything. In this article, we will get acquainted with the most convenient for regular user tools that are best suited for everyday tasks, such as:

• launching an untrusted application that can harm the system;
• isolation of the browser, email client and other applications so that their hacking does not lead to data leakage;
• launching "one-time" applications that should not leave traces in the system.

Sandbox MBOX

Let's start with one of the simplest sandboxes. Mbox is not quite a standard isolation tool, it doesn't cut permissions running application, does not perform network stack virtualization and does not have any settings. Mbox's only job is to make sure that the application can't write anything to the file system. To do this, it creates a special virtual file system to which it redirects all I / O requests. As a result, under the control of Mbox, the application works as if nothing had happened, however, in the course of its work, you get the opportunity to apply or reject certain changes in the virtual file system to the real file system.

This concept is best demonstrated by an example from the official Mbox page:

$ mbox -wget google.com ... Network Summary: > -> 173.194.43.51:80 > Create socket(PF_INET,...) > -> a00::2607:f8b0:4006:803:0 ... Sandbox Root: > /tmp/sandbox-11275 > N:/tmp/index.html [c]ommit, [i]gnore, [d]iff, [l]ist, [s]hell, [q]uit ?>

In this case, Wget is running under Mbox. Mbox carefully tells us that Wget is accessing address 173.194.43.51 and port 80 and writes an index.html file that we can apply to the main system (press "c" for this), ignore (i), view diff, execute other operations or terminate the application altogether. You can check how it all works by simply installing the ready-made Mbox package. On Debian/Ubuntu this is done like this:

$ wget http://pdos.csail.mit.edu/mbox/mbox-latest-amd64.deb $ sudo dpkg -i mbox-latest-amd64.deb

On Arch Linux, Mbox is available in the AUR, so installing it is even easier:

$ yaourt -S mbox-git

This is all. Now you can run any binaries without worrying that they will leave a backdoor in the file system. If an application needs to restrict access to certain parts of the file system, profiles can be used. These are plain text files that list allowed and denied directories. For example, the following profile will prevent the application from accessing your home directory (~), but will allow it to work with files in the current directory (.):

Allow: . hide:~

To run an application with a specific profile, just specify it via the -p option:

$ mbox -p profile.prof -wget google.com

Another useful option is -n. It completely blocks the application from accessing the Internet.

Isolate app launches with FIREJAIL

Needless to say, simply denying access to files is too little to create truly isolated sandboxes. Malicious code or a hacker may not write anything to the system at all, but simply take your Bitcoin wallet and KeePass password database with them or use an application vulnerability to get root rights and out of the sandbox. In addition, Mbox is not friendly with graphics software and is generally not suitable for running complex applications that can write a lot of temporary files to disk and constantly update their databases.

SANDBOX application isolation system.

If among the 95 Firejail profiles there are no applications you need, and the idea of ​​\u200b\u200bwriting your own profiles does not make you too happy, then Sandbox is your choice. This kind of sandboxing is technically very different from the two tools already described (it uses SELinux rules instead of seccomp and Namespaces), but in terms of functionality it is somewhere in between.

Like Mbox, Sandbox completely cuts off the application from the outside world, allowing you to read only stdin (that is, you can pass data from another application to the input of an application running in the sandbox), and write only to stdout (display data on the screen or redirect it to another application). Everything else, including access to the file system, signals, other processes, and the network, is prohibited. The simplest use case:

$ cat /etc/passwd | sandbox cut -d: -f1 > /tmp/users

This command reads the /etc/passwd file, extracts usernames from it, and writes them to the /tmp/users file. There is no benefit from it, but it perfectly demonstrates the principles of how Sandbox works. In the sandbox, only the cut command is run, and the /etc/passwd file itself is passed to it using an external command. Output, on the other hand, is implemented using a normal stdout redirection.

The beauty of Sandbox is that it makes it pretty easy to extend what an application can do. For example, you can create a temporary home directory and a /tmp directory for it by passing just one flag to the command:

$ sandbox -M mc

After the program ends, these directories will be destroyed, which is very convenient when running untrusted software. But what if the home directory needs to be preserved between runs (well, let's say, in order to test software that works with many files)? To do this, just create a directory that will become the home for the sandbox, and add one more option:

$ mkdir sandbox_home $ sandbox -M -H sandbox_home mc

Now mc has its own home directory where it can save configs and read files from. Sandbox also allows you to run graphics software (using the Xephyr virtual X server). To do this, just pass another flag:

$ sandbox -X -M -H sandbox_home gvim

But that's not all. Sandbox has built in security policies for running browsers. All you have to do is run the following command:

Application performance in Mbox is on average 12-13% lower than usual

Running Firefox in a sandbox

Part of a firefox profile

$ sandbox -X -H sandbox_home -t sandbox_web_t firefox

Moreover, as you should have already understood, you can use different home directories to launch different browser sessions or use a “one-time” home directory for trips to haunts. Another useful flag worth mentioning is -w, which can be used to specify the window size for graphics software. It will definitely come in handy, since you cannot dynamically resize the window (this is a technical limitation of Xephyr).

In general, Sandbox is a very handy tool, the only problem with which is support in distributions. In fact, out of the box, Sandbox only works on Fedora, RHEL/CentOS based on it, and possibly other distributions with SELinux enabled by default.

Comparison of sandboxes CONCLUSIONS

Running software in a sandbox is pretty easy and there are many tools you can use to do it. In this article, we have covered three of them.

• Mbox is extremely simple and ideal when you need to control which files an application should access.
• Firejail is suitable for creating complex configurations and running almost a hundred different applications, but is not very convenient if desired application not in the supported list.
• Sandbox is a great tool for running any type of software, but is only available to users of Fedora and distributions based on it.

Which of these tools to choose - decide for yourself. And in the next article, we will dive into the intricacies of implementing sandboxes and create it with our own hands.

About the imminent launch of a separate test server "Sandbox", where together with the players we will test the new balance of World of Tanks. This server will allow us to get your opinion on upcoming changes faster, and you will have more opportunities to influence our decisions.

What is "Sandbox"?

The Sandbox is a separate test server where developers and players will work on a new balance of World of Tanks vehicles. But this does not mean at all that these changes will soon appear on the main game servers.

Testing in the Sandbox will begin this summer, we can’t reveal details yet, but you will definitely be able to familiarize yourself with the changes for Tier X vehicles at the very beginning of testing.

How to get into the "Sandbox"?

To get started, submit your application by clicking the button below. You will be redirected to a special page where you can complete the application in a couple of steps.

What are the selection criteria?

Not everyone will get access to the test server. The criteria for selecting participants depend on the tasks of a particular stage of testing, but the goal remains the same - to invite players who are not indifferent to the fate of their favorite game and are interested in close cooperation.

How do I know if my application has been approved?

Tankers who have gained access to the test server will find out about this from several sources:

• letter to Mailbox, linked to the account;
• notification in the game client.

We will need time to process applications and determine the number of invited test participants. It is planned that the first wave of invitations will take place in mid-June.

Access to the test server can be terminated or limited at any time for non-compliance with the provisions of the User Agreement, and other rules of Wargaming. Restrictions for actions performed while playing on the test server can be transferred to the player's main account.

We are waiting for your applications. Together we will make the game better!

you can download a special wallpaper and calendar for June dedicated to the "Sandbox".

Some users sometimes have to deal with software of dubious origin - for example, for testing purposes. The best option in such cases will start a separate computer or virtual machine for this, but this is not always possible. But there is a solution - you just need to use the "sandbox" program, which includes Sandboxie.

The application allows you to run executable files (including software installers) in a sandbox, work with a web browser and files, and customize their behavior in certain cases.

Launching a web browser

The main reason why users are interested in such Sandboxy software is safe browsing on the Internet. The program under consideration achieves this goal.

Launching programs

The next scenario for using the sandbox environment is to launch software.

Working with files

In the "sandbox" of the environment in question, you can also open various files, for example, archives of dubious origin. The algorithm of actions is exactly the same as with programs (technically, the software first opens to view the target document), so the previous instruction is also suitable for opening files in the sandbox.

Environment management

The developers have also provided users with tools to control the environment in which programs are launched and files are opened. They have an obvious name "Sandboxie Management".

Setting Sandboxie Options

The sandbox can be customized "for yourself" for more comfortable use.

Solutions to some problems

Alas, sometimes problems arise when using the sandbox. Consider the most frequent, and suggest options for their elimination.

Error "SBIE2204 Cannot start sandboxed service RpcSs"
This problem is common with Sandboxie 5.0 and older versions that are installed on Windows 10. The reason is that the environment is incompatible with the capabilities of this operating system, so the only solution is to install actual updates programs.

Error "SBIE2310 Name buffer overflowed"
This problem also concerns incompatibility, but this time with a specific program. Most often, the culprits are antiviruses with sandbox capabilities or similar software. The method for fixing the error is also obvious - disable or uninstall the application that conflicts with Sandboxie.

Error "SBIE2211 Sandboxed service failed to start: *application or file name*"
This failure most often occurs in Windows users 7. The problem lies in the User Account Control system, which interferes with the operation or installation of a file that requires administrator rights to run. The solution is simple - in the "sandbox" selection window, when opening such software or document, check the option "Run as UAC Administrator".

Conclusion

This concludes our guide to using the Sandboxie program. Finally, we remind you that the sandbox environment is not a panacea for computer security, so if you have to deal with suspicious software, it is better to use a virtual machine.