Not a truly mobile story today by itself but one that started as a such some time ago on this blog. A while back I reported on a first weakness found in the Wi-Fi WPA encryption. I didn't get all the facts right the first time and was promptly corrected by a reader who was kind enough to supply a link to Security Now, a great podcast show, that each week explains security issues at great length but easy to understand. I listened to the podcast, corrected my mistakes and subscribed to the podcasts on my N95 to have interesting podcasts while traveling. Recently I listened to podcast 172 about a program called Sandboxie for Windows machines that I think is so useful that I would like to mention it here.

With Sandboxie, you can put programs like web browsers, e-mail clients, instant messengers, etc. in a sandbox that redirects write access to files and the registry to a copy instead of to the original. This way should you catch a virus via a web page or via that attached power point file of an e-mail from a trusted friend, all the malicious code can do is harm a copy of the file and the registry. It can still steal data as it has standard read access to all other files but it can't harm the machine anymore. As soon as the last program in the sandbox ends, the files in the sandbox are deleted and gone is the threat.

It's even possible to install programs in the sandbox. They just run just fine afterward, but only in the Sandbox of course. Once you are done with testing, delete the sandbox and you can start from scratch. No orphan files remaining, no extra clutter in the already fat registry. So the concept of Sandboxie is quite similar to that of a virtual machine except that the applications have read access to the outside. The big advantages are that it requires no extra memory and processor resources, it just adds a shell of protection around those programs so they can't do any harm.

Completely blocking write access has it's drawbacks, too, of course. With a complete isolation, it's not possible to permanently store bookmarks for example and you will also loose your e-mail that is stored in local files once the sandbox is deleted. But the author has thought about that as well and it's possible to activate exceptions for the most well known programs so that their configuration and data files are not sandboxed. For less well known programs, it's possible to configure files or directories that are excluded from the sandbox manually. And, with the registered version, it's even possible to define programs which are automatically run in the sandbox when they are started. Great for an installation for less computer savy users to make the sandbox almost transparent for them.

So while it's not the purpose of Sandboxie to replace an anti-virus scanner it's a great tool to add another layer of protection. It takes some knowledge to configure it for individual purposes but once done, even less computer savvy users should not have a problem with it. So while the proof for that is still outstanding, I'll install it on a normob notebook soon 🙂

I love it how one gets from A to B on the web, I would never have heard of it would I not have blogged about the Wi-Fi WPA attack, if someone would not have commented and left a link and if someone else hadn't bothered to do a great podcast every week I listened to on my mobile phone during a long car trip. In this way, it is actually a mobile story after all.