https://community.sophos.com/products/s ... ource-tool

It's free now. Sandboxie's been my primary online protection for over a decade now (using a sandboxed OS and recovering to a golden set point every few weeks has been secondary). I still use (and am typing this now) in my WinXP VM (some here already know that). Anyway, I can vouch that SBIE is the best protection tool you can use for your online presence. It won't protect against keyloggers (hence I do recover to golden set points every couple of weeks), but it will protect you against viruses and driveby's (still remember when MediaMilitia's site was infected; it's the site I got my skull images from). Anyway, just thought I would share here.

Gimp Chat!

COME, for the Beauty!

STAY, for the Deep IT Training... ;^)

Could you comment on the steps to get to
a working system,
and maybe also mention your typical usage workflow?

Thanks, Lyle.

Have no idea what the steps are now, Gramp. I did some reading and someone mentioned they had to fill out some form, so I would just wait until it becomes completely Open Source. That said, my typically flow is thus. Again, my primary defense is SBIE. I would browse for a week or so within this session and then SBIE would warn that my session is over a week old so I would clear it and start fresh. When a flash update (or other software that I do run within my VM) comes out I would hose the complete VM to a golden set point, install the update, and then save the new golden set point (happens roughly once every one to two months). I also sometimes just recover from a golden set point for the heck of it; my prerogative. In VirtualBox, recovery to a golden set point takes around 10 seconds (no joke) and all history that may have been created after that point is obliterated (to include an infection if you get one). VM recovery is my secondary offense, though and don't do so that often; I mostly just delete the SBIE session (takes 2 seconds; lol). I do run 5 SBIE sessions; only use 3 at most (and mainly use just one; the others are for banking and such). Each SBIE session is isolated from each other (no crosstalk). That's what is so powerful with SBIE.

Just as a side note, my XP VM typically boots in around 20 seconds; I've never had a WinXP boot that fast ever when I was running XP natively (Host). I know XP is still a vulnerable OS, but it's still the best OS M$ ever created IMO. I usually run Iron Browser even though it's not been updated for several years now. Was also running FireFox since it was still being updated but no longer do so since it hasn't been updated in over a year now as well. Currently vetting MyPal (been vetting for 4 months now; do have to re-install it every time when I recover from a golden setpoint since I'm not willing to make that a part of my Golden setpoint at the moment; maybe after I year I will). It still supports XP with all the newest bells and whistles that matter (to include TLS encryption). Even so, I'm a cautious person (call my borderline paranoid; lol). I don't run any anti-Virus on my Guest OS (do so for Host but only Window's Defender). Anti-Virus programs just gives the user a false sense of security; it would probably help with keyloggers, but even that's questionable. Anyway, you asked, so, I shared my usage.

In terms of "steps", I was referring to how you got to your "golden setpoint"/"working sweetspot", and for having no idea, you did a great job! :^)

Reading between your lines-writ-large, I imagine something like this:
* install "virtual machine manager" (VMM) software/package/app (however you need to do that on your machine)
* create a "virtual machine" (VM) (however that's done) inside that app and install your favorite OS on that new "machine"
* "boot" that new "machine" from inside the VMM app, bringing up the OS you installed
[Here, the light starts dimming...]
* install Sandboxie (SBIE?) in that new machine's OS
* start a Sandboxie "session" (?)
* browse the world (only?) from inside that session "for about a week" (can I shutdown the VM and reopen
the existing SBIE session upon return?)
* rely on Sandboxie to warn when it's time to "start over"
* inside the VMM app return to the "machine's" "golden setpoint"[1], rinse, and repeat

[1] "Golden setpoint" taken to mean "a point in time when the 'state' of the new virtual machine was intentionally 'saved out' to a file in the VM app, in order to be able to restore the machine to that exact state whenever desired in the future."

Correct, or disavow all association with, as you will. (If it's egregiously and incorrigibly un-fixable, I will take down.)

SBIE's installed in my VM so, in effect, I'm double-sandboxed (talk about paranoid; lol). I've yet to install SBIE on my host OS even though I purchased, at that time over 10 years ago now, a lifetime license for SBIE and could install it on as many machines as I own (but only ever did so one machine at a time and only within my VM). Just never got around installing SBIE on my host OS since I try to never use it to even browse online (but I do for certain sites, so I should be more paranoid than I am; lol).

Thanks Lyle. Downloaded. Might install it tomorrow

Long overdue update (should have shared this with you back in November). Sandboxie's now fully Open Source. If you are running XP (like I do in my Virtualbox interface), below's a link to where you can get the latest version that supports XP (and bypass the notification nag now associated with the old 5.22 version):

https://github.com/sandboxie-plus/Sandb ... /tag/v5.40

Also, 5.45.1's been released for Win10 that addresses some issues with the 2004 release of Win10 (ever since 5.45, Sandboxie finally got a certified Microsoft cert so Defender won't flag it any longer; if you have an older version of Sandboxie running in Win10, you will need to completely uninstall it before installing the latst version of SBIE):

https://github.com/sandboxie-plus/Sandboxie/releases

If you are running this version, Edge's built in sandbox isn't really compatible with sanboxie (you'll get launch errors but then all's well). Best to just run Edge without it's built in sandbox using the string below (which I created a quicklaunch for in my OS).

I remember Sandboxie from way back when I ran Windows. Linux has firejail which works similar. I use firejail on all my PC's. Basically you allow the program access to one folder (default is /home/user/Downloads/", everything else is in-accessible. It's a good extra layer of protection.

https://firejail.wordpress.com/