Up the Sandbox

 

By David Shamah, The Jerusalem Post, Friday, May 6 2005

 

Down at the playground, the little tykes were brewing a little plot. This week's victim? Little Irving, whom the kids don't like because he smells funny, or some other ridiculous reason.

 

Those kids seem so cute when you see them playing on the playground, don’t they? Forget it; all that "googoo gaga" is just a front. Playground life is a turf war, with various baby gangs vying for influence on the swing, slide, climbing contraption, and duckie pond.

 

I don't want to sound cynical, but life can be tough for the little ones. Where do big bullies learn their stock in trade? On the playground – where they learn to be little bullies.

 

Little kid social life is organized much like adult life, as a matter of fact. Hook up with the right clique, and you'll find yourself on the fast track to lots of fast swinging. Otherwise, you'll be doing a lot of waiting on line while the privileged few cut in front of you. And you can't keep running to Mommy; she has her own problems, what with the adult social whirl on the benches. It's amazing any of us grew up normal!

 

All over the playground, power plays are the name of the game, with kids vying for influence on the equipment. There is one spot, though, that is considered a "safe haven" – sort of like a nobleman's castle, a medieval refuge where no warfare could take place. The safest place in the playground for kids that have trouble with the tough babies? It's the sandbox – which is in direct sight of the parents.

 

Ever notice that? Playground sandboxes, where they exist, are usually situated right in front of the benches where parents congregate. Park planners apparently believe that kids who play in the sandbox need to be watched. Which is rather strange reasoning; sand is soft, and the likelihood of a kid eating too much of it is pretty low – after the first mouthful, most kids realize that apple juice tastes better. It's not like kids ever fall off the swing or the slide, of course. But, be that as it may, the sandbox is where the parents hang out, and any manifestations of gang violence or bullying are usually quickly stanched.

 

Maybe that's where the computer term "sandbox" came to be applied to a safe haven, where programmers can experiment with techniques and applications without affecting the operating system. In the sandbox, you can unleash any application you want – even viruses, if you wanted - to see what affect they have on a computing environment, if you want. Whatever happens in the sandbox, stays in the sandbox, to paraphrase a popular ad tagline.

 

The sandbox concept is valid not just for programmers and virus fighters; regular ordinary computing folk can also use a safe place to ensure that no untoward nasties infect their PCs. As we are all aware, the simple act of surfing to a Web page can sometimes infect your system with a virus! If you can’t even surf the Web without worrying about the consequences, what has the world come to?

 

It's not like there aren’t solutions to invasive Web nasties. We've discussed a number of techniques to avoid getting infected in the past, such as limiting Internet Explorer ActiveX or scripts or increasing your Web browser security level. Avoiding clicking on some links or images (which have in the past been used to dump viruses on user's systems), as well as voiding some Web sites altogether, are among the techniques recommended by security experts.

 

But all these solutions have one common denominator; they force you to limit your computing experience by denying you the opportunity to use legitimate programs that utilize programming methods that you have limited. Not all ActiveX scripts are hazardous – in fact, 99% of them are just fine – but how can you know which ones are harmful and which aren't without running them? Well, you could check out a script and manually turn scripting off, but that's too much of a hassle for most people – so they end up just turning off the whole thing altogether.

 

Which is where the idea of the sandbox comes into play. If you set up your system in such a way that you can have a "safe haven" that will let you run scripts without having to fear the consequences of a rogue program, you won't have to miss out on the potentially helpful things you come across. My Web browser, for example, does not utilize ActiveX at all – it just does not address or load them at all – and I occasionally come across sites that promise interesting-looking experiences, only to be disappointed that I can't see what the hullabaloo is all about. Ditto for Java applets and other stuff, which I have to manually turn on if I want to see them.

 

While building an isolated segment of an operating system sounds like a daunting task, there is a free program available that will do all the hard work for you. Sandboxie, once installed, will take control of any application you assign it and write any changes to a special folder, preventing any system-level changes from taking place, while letting you use the 99% of Web services that are on the level without worries.

 

Think of Sandboxie as an operating system proxy. You instruct it to open a program – like your Web browser – and it will take custody of any communication between the application and your operating system. In the case of a rogue script, for example, Sandboxie will take the information and write it to the "sandbox" – a special cordoned off area that contains all new data that should have been written to the system, but isn’t. Instead, Sandboxie's sandbox contains a mirror structure of whatever would have been written – like changes to preferences, configuration files, etc. – and stores them.  

 

Sometimes you will want to run Sandboxie, and sometimes you won't, because the program is very thorough. Exploring the Internet is an occasion for protecting the system, because you never know what you'll get. But if you find a site you want to bookmark, you should run your browser without Sandboxie, because your bookmark will not be written to your favorites list. Ditto for e-mail; if you see a suspicious message that you just have to read, quite your e-mail client, re-open it under the aegis of Sandboxie, and read the offending message. But if you want to write a message, make sure to turn Sandboxie off, because your message will not get saved in your sent messages list. You can even run two instances of the same program, one under Sandboxie an one "regular." You know a program is being controlled by Sandboxie when you see a little number sign - # - next to its name in the title bar. Sandboxie is a combination of the word sandbox and IE (Internet Explorer), which it was originally designed to take control of (this version of the program, 1.8, will equally control Firefox and other browsers just as well as IE).

 

Sandboxie is effective against not only rogue scripts, but even "normal" Web operations, like cookies, spyware, etc. – all the things we have come to take for granted, but are really no less invasions of our privacy (if on a less destructive scale). If you want to see what programs are being sandboxed, open the Sandboxie control panel on your programs menu; the control panel in turn will lead you to your sandbox, the folder where all the changes are written to. There you can really get a handle on who is trying to do what to you remotely, and ensure that the system you carefully try to keep as clean as possible is not sullied by outside influences, even inadvertently.

 

Sandoxie offers the kind of protection you would get with anti-virs and anti-spyware programs – only better, because those applications can help you only after your system is infected, whereas Sandboxie will prevent their installation in the first place.Sandboxie is your PC mommy, patrolling the sandbox and making sure the Internet bullies keep their dirty paws off you!

 

Sandboxie is free for Windows 2000 or XP. Download from http://www.sandboxie.com

 

ds@newzgeek.com