You can endlessly look at the fire, water and activity of programs isolated in the sandbox. Thanks to virtualization, with one click you can send the results of this activity - often unsafe - into oblivion.
However, virtualization is also used for research purposes: for example, you wanted to control the impact of a freshly compiled program on the system or run two different versions of an application at the same time. Or create a standalone application that will leave no traces on the system. There are many options for using a sandbox. It is not the program that dictates its terms in the system, but you who show it the way and distribute resources.
If you are not satisfied with the slowness of the process, using the ThinApp Converter tool you can put virtualization on stream. Installers will be created based on the config you specify.
In general, the developers advise making all of these preparations under sterile conditions, on fresh OS, so that all the installation nuances are taken into account. For these purposes, you can use a virtual machine, but, of course, this will leave its mark on the speed of work. VMware ThinApp already loads system resources quite heavily, and not only in scanning mode. However, as they say, slowly but surely.
BufferZone
- Website: www.trustware.com
- Developer: Trustware
- License: freeware
BufferZone controls Internet and software activity of applications using a virtual zone, closely approaching firewalls. In other words, it uses rule-governed virtualization. BufferZone easily works in conjunction with browsers, instant messengers, email and P2P clients.
At the time of writing, the developers warned about possible problems when working with Windows 8. The program can kill the system, after which it will have to be removed through safe mode. This is due to the BufferZone drivers, which come into serious conflict with the OS.
What falls under BufferZone's radar can be tracked in the main Summary section. You determine the number of limited applications yourself: the Programs to run inside BufferZone list is intended for this. It already includes potentially unsafe applications such as browsers and email clients. A red border appears around the captured app window, giving you confidence to surf safely. If you want to run outside the zone - no problem, the control can be bypassed through the context menu.
In addition to the virtual zone, there is such a thing as a private zone. You can add sites where strict confidentiality is required. It should be noted right away that the function only works in retro versions of Internet Explorer. More modern browsers have built-in anonymity features.
The Policy section configures policies in relation to installers and updates, as well as programs launched from devices and network sources. In Configurations also see additional security policy options (Advanced Policy). There are six levels of control, depending on which BufferZone’s attitude towards programs changes: without protection (1), automatic (2) and semi-automatic (3), notifications about the launch of all (4) and unsigned programs (5), maximum protection (6) .
As you can see, the value of BufferZone lies in total Internet control. If you need more flexible rules, then any firewall will help you. BufferZone also has it, but more for show: it allows you to block applications, network addresses and ports. From a practical point of view, it is not very convenient for actively accessing settings.
Evalaze
- Website: www.evalaze.de/en/evalaze-oxide/
- Developer: Dögel GmbH
- License: freeware / commercial (2142 euros)
The main feature of Evalaze is the flexibility of virtualized applications: they can be launched from removable media or from a network environment. The program allows you to create completely autonomous distributions that operate in an emulated file system and registry environment.
The main feature of Evalaze is its convenient wizard, which is understandable without reading the manual. First, you make an OS image before installing the program, then you install it, do a test run, and configure it. Next, following the Evalaze wizard, you analyze the changes. Very similar to the principle of operation of uninstallers (for example, Soft Organizer).
Virtualized applications can operate in two modes: in the first case, write operations are redirected to the sandbox; in the second, the program can write and read files on the real system. Whether the program will delete traces of its activities or not is up to you; the Delete Old Sandbox Automatic option is at your service.
Many interesting features are available only in the commercial version of Evalaze. Among them are editing environmental elements (such as files and registry keys), importing projects, and setting reading mode. However, the license costs more than two thousand euros, which, I agree, slightly exceeds the psychological price barrier. The use of an online virtualization service is offered at a similarly prohibitive price. As a consolation, the developer's website has prepared virtual sample applications.
Cameyo
- Website: www.cameyo.com
- Developer: Cameyo
- License: freeware
A quick look at Cameyo suggests that the functions are similar to Evalaze, and in three clicks you can create a distribution with a virtualized application. The packager takes a snapshot of the system, compares it with the changes after installing the software and creates an ecosystem for launch.
The most important difference from Evalaze is that the program is completely free and does not block any options. The settings are conveniently concentrated: switching the virtualization method with saving to disk or memory, selecting an isolation mode: saving documents to specified directories, prohibiting writing or full access. In addition to this, you can configure the virtual environment using the file and registry key editor. Each folder also has one of three isolation levels, which can be easily overridden.
You can specify the sandbox cleaning mode after exiting the standalone application: removing traces, without cleaning, and writing registry changes to a file. Integration with Explorer and the ability to link to specific file types in the system are also available, which is not available even in Cameyo’s paid counterparts.
However, the most interesting thing is not the local part of Cameyo, but the online packager and public virtual applications. It is enough to specify the URL or upload the MSI or EXE installer to the server, indicating the system bit depth, and you will receive a stand-alone package. From now on it is available under the roof of your cloud.
Summary
Sandboxie will be the best choice for sandbox experiments. The program is the most informative among the listed tools; it has a monitoring function. Wide range of settings and good capabilities for managing a group of applications.
It does not have any unique functions, but it is very simple and trouble-free. An interesting fact: the article was written inside this “sandbox”, and due to an unfortunate mistake, all the changes went into the “shadow” (read: astral plane). If it weren't for Dropbox, a completely different text would have been published on this page - most likely by a different author.
Evalaze offers not an integrated approach to virtualization, but an individual one: you control the launch of a specific application by creating artificial living conditions for this. There are advantages and disadvantages here. However, given the stripped-down nature of the free version of Evalaze, its advantages will fade in your eyes.
Cameyo has a certain “cloud” flavor: the application can be downloaded from the website, uploaded to a flash drive or Dropbox - this is convenient in many cases. True, it brings to mind associations with fast food: you can’t vouch for the quality and compliance of the content with the description.
But if you prefer to cook according to a recipe, VMware ThinApp- your option. This is a solution for experts who care about every detail. A set of unique features is complemented by the capabilities of the console. You can convert applications from the command line using configs, scripts - in individual and batch mode.
BufferZone is a sandbox with a firewall function. This hybrid is far from perfect and the settings are up-to-date, but BufferZone can be used to control Internet activity and applications, protect against viruses and other threats.
