Sandbox: a convenient piece of playground where the mess of errant toddlers can actually be contained. But the sandbox isn't just for kids — it's also a popular security feature of many Web browsers, applications and software programs.
Just as a playground's sandbox allows children to experience the joy of digging in the dirt without making a big mess, virtual sandboxing allows technology users to run unknown or suspicious programs in a controlled environment without sullying their entire network.
History of the sandbox
Sandboxing has its origins in a project out of Carnegie Mellon University in the early 1970s — the Hydra system. Researchers, who were exploring different computer structures for artificial intelligence applications, needed a safe way to experiment with new codes in their operating system.
In traditional operating systems, one bad code can lead to system failure. But with Hydra as the kernel, or base, of the operating system, researchers could run experimental codes as user programs, which don't have access to the higher-level mechanisms that cause system failure. With this innovative new tool, researchers could experiment with new codes without damaging their entire system.
Other developers also picked up on this idea in the decades that followed, leading to the development of dynamic system domains — also called zones or "trusted containers" — on Sun's (now Oracle's) operating systems, as well as the "jails" featured on FreeBSD's operating system. These security mechanisms are isolated areas within an operating system where programs can be executed without affecting the system as a whole.
While such sandboxing techniques were once only a feature of a few choice operating systems, they are now a common security tool used by many software programs and applications. Advances in virtualization — which allows users to run multiple applications and operating systems independently on a single server — have also made sandboxes more available for end users.
Many of today's most popular applications use sandboxing, including all apps available for purchase in Apple's Mac App Store. In an attempt to keep the data of its users safe from malicious apps, Apple starting requiring developers to include sandboxing features in their apps in 2012.
Google also uses sandboxing within its Chrome Web browser, which has gone a long way to earn the browser a good reputation within the security community. However, Chrome's sandbox shouldn't be used as a comprehensive solution against malware and other threats because it relies on security features built into Windows. If there's a flaw in the Windows operating system, then Chrome may also be susceptible to threats.
There are also software programs that create sandboxed environments for any program — Web browser, application, etc. — within an operating system. One popular example is Sandboxie, a proprietary software program that sandboxes programs that are the most vulnerable to attack, such as Web browsers, email clients, instant messaging clients, peer-to-peer (P2P) software and online games. Sandboxie users can dictate which programs always run within a sandbox.
When to use a sandbox
BufferZone, another sandboxing software program, creates a virtual space on the hard drive where modifications performed by Internet programs — like downloads — are run. This "virtual zone" can help keep operating systems free of malware.
Antivirus programs can go a long way toward defending your computer against unwanted malware, but if you need an extra layer of defense on your PC, then you might want to consider setting up a sandbox. Sandboxes can be set up to automatically or manually run unknown programs in order to determine if they're safe.
If, for example, you frequent websites that distribute malware, you might run your Web browser within the sandbox to prevent the spread of malware to the rest of your PC while you browse.
And if you know that you have existing malware program on your computer, then sandboxing might be a good security option for you as well. By running your Web browser in the sandbox, you can prevent existing malware from obtaining sensitive login credentials or credit card details.