Up the Sandbox
By David Shamah, The
Down at the playground, the little tykes were brewing
a little plot. This week's victim? Little Irving, whom
the kids don't like because he smells funny, or some other ridiculous reason.
Those kids seem so cute when you see them playing on
the playground, don’t they? Forget it; all that "googoo
gaga" is just a front. Playground life is a turf war, with various baby
gangs vying for influence on the swing, slide, climbing contraption, and duckie pond.
I don't want to sound cynical, but life can be tough
for the little ones. Where do big bullies learn their stock in trade? On the playground – where they learn to be little bullies.
Little kid social life is organized much like adult
life, as a matter of fact. Hook up with the right clique, and you'll find
yourself on the fast track to lots of fast swinging. Otherwise, you'll be doing
a lot of waiting on line while the privileged few cut in front of you. And you
can't keep running to Mommy; she has her own problems, what with the adult
social whirl on the benches. It's amazing any of us grew up normal!
All over the playground, power plays are the name of
the game, with kids vying for influence on the equipment. There is one spot,
though, that is considered a "safe haven" – sort of like a nobleman's
castle, a medieval refuge where no warfare could take place. The
safest place in the playground for kids that have trouble with the tough
babies? It's the sandbox – which is in direct sight of the parents.
Ever notice that? Playground sandboxes, where they
exist, are usually situated right in front of the benches where parents
congregate. Park planners apparently believe that kids who play in the sandbox
need to be watched. Which is rather strange reasoning; sand is soft, and the
likelihood of a kid eating too much of it is pretty low – after the first
mouthful, most kids realize that apple juice tastes better. It's not like kids
ever fall off the swing or the slide, of course. But, be that as it may, the
sandbox is where the parents hang out, and any manifestations of gang violence
or bullying are usually quickly stanched.
Maybe that's where the computer term
"sandbox" came to be applied to a safe haven, where programmers can
experiment with techniques and applications without affecting the operating
system. In the sandbox, you can unleash any application you want – even
viruses, if you wanted - to see what affect they have on a computing
environment, if you want. Whatever happens in the sandbox,
stays in the sandbox, to paraphrase a popular ad tagline.
The sandbox concept is valid not just for programmers
and virus fighters; regular ordinary computing folk can also use a safe place
to ensure that no untoward nasties infect their PCs.
As we are all aware, the simple act of surfing to a Web page can sometimes
infect your system with a virus! If you can’t even surf the Web without
worrying about the consequences, what has the world come to?
It's not like there aren’t solutions to invasive Web nasties. We've discussed a number of techniques to avoid
getting infected in the past, such as limiting Internet Explorer ActiveX or scripts
or increasing your Web browser security level. Avoiding clicking on some links
or images (which have in the past been used to dump viruses on user's systems),
as well as voiding some Web sites altogether, are among the techniques
recommended by security experts.
But all these solutions have one common denominator;
they force you to limit your computing experience by denying you the
opportunity to use legitimate programs that utilize programming methods that
you have limited. Not all ActiveX scripts are hazardous – in fact, 99% of them
are just fine – but how can you know which ones are harmful and which aren't
without running them? Well, you could check out a script and manually turn
scripting off, but that's too much of a hassle for most people – so they end up
just turning off the whole thing altogether.
Which is where the idea of
the sandbox comes into play. If you set up your system in such a way that you can have a "safe haven"
that will let you run scripts without having to fear the consequences of a
rogue program, you won't have to miss out on the potentially helpful things you
come across. My Web browser, for example, does not utilize ActiveX at all – it
just does not address or load them at all – and I occasionally come across
sites that promise interesting-looking experiences, only to be disappointed
that I can't see what the hullabaloo is all about. Ditto for Java applets and
other stuff, which I have to manually turn on if I want to see them.
While building an isolated segment of an operating
system sounds like a daunting task, there is a free program available that will
do all the hard work for you. Sandboxie, once
installed, will take control of any application you assign it and write any
changes to a special folder, preventing any system-level changes from taking
place, while letting you use the 99% of Web services that are on the level
without worries.
Think of Sandboxie as an
operating system proxy. You instruct it to open a program – like your Web
browser – and it will take custody of any communication between the application
and your operating system. In the case of a rogue script, for example, Sandboxie will take the information and write it to the
"sandbox" – a special cordoned off area that contains all new data
that should have been written to the system, but isn’t. Instead, Sandboxie's sandbox contains a mirror structure of whatever
would have been written – like changes to preferences, configuration files,
etc. – and stores them.
Sometimes you will want to run Sandboxie,
and sometimes you won't, because the program is very thorough. Exploring the
Internet is an occasion for protecting the system, because you never know what
you'll get. But if you find a site you want to bookmark, you should run your
browser without Sandboxie, because your bookmark will
not be written to your favorites list. Ditto for e-mail; if you see a
suspicious message that you just have to read, quite your e-mail client,
re-open it under the aegis of Sandboxie, and read the
offending message. But if you want to write a message, make sure to turn Sandboxie off, because your message will not get saved in
your sent messages list. You can even run two instances of the same program,
one under Sandboxie an one
"regular." You know a program is being controlled by Sandboxie when you see a little number sign - # - next to
its name in the title bar. Sandboxie is a combination
of the word sandbox and IE (Internet Explorer), which it was originally
designed to take control of (this version of the program, 1.8, will equally
control Firefox and other browsers just as well as
IE).
Sandboxie is effective against not only rogue scripts,
but even "normal" Web operations, like cookies, spyware, etc. – all
the things we have come to take for granted, but are really no less invasions
of our privacy (if on a less destructive scale). If you want to see what
programs are being sandboxed, open the Sandboxie
control panel on your programs menu; the control panel in turn will lead you to
your sandbox, the folder where all the changes are written to. There you can
really get a handle on who is trying to do what to you remotely, and ensure
that the system you carefully try to keep as clean as possible is not sullied
by outside influences, even inadvertently.
Sandoxie offers the kind of protection you would get
with anti-virs and anti-spyware programs – only
better, because those applications can help you only after your system is
infected, whereas Sandboxie will prevent their
installation in the first place.Sandboxie is your PC
mommy, patrolling the sandbox and making sure the Internet bullies keep their
dirty paws off you!
Sandboxie is free for Windows 2000 or XP. Download
from http://www.sandboxie.com
ds@newzgeek.com