[Windows] Protect yourself from malware and malicious websites by running your browser in a sandbox with SecuBrowser

sandboxed_screenshot_ffThe traditional way to fight malware is to use an anti-virus (or anti-malware, if you prefer to call it that). A newer way to protect against malware that has emerged in the last decade or so is using a sandbox — isolating attack vectors (e.g. your browser) so even if you are infected by downloading a malicious file or visiting a malicious website, that infection cannot spread to the rest of your computer. SecuBrowser is a new sandboxing program that aims to help you sandbox your browser and protect you. Let’s see if it does what it claims.

What is it and what does it do

Main Functionality

SecuBrowser sandboxes your browser with the aim to protect you from malicious malware on the Internet.

Pros

  • Works with Internet Explorer and Firefox
  • Makes it easy to run your default browser in sandbox mode (as long as it is IE or FF) — simply double-click the SecuBrowser shortcut placed on your desktop
  • Won’t conflict with your anti-virus/anti-malware

Cons

  • Is a very poor sandbox
  • Only works for Internet Explorer and Firefox; Chrome, Opera, and other browsers are not supported
  • Does not yet support Windows 8, although developer says Windows 8 will be supported soon
  • Makes it difficult if you want to run your non-default browser in sandbox mode; you have to copy the shortcut and modify it to point at Firefox or Internet Explorer (whichever one is not your default)
  • Does not work with the sandbox Adobe has put into Reader 11 and higher, so defaults to Adobe’s sandbox when Adobe Reader is run. We all know Adobe Reader’s sandbox has been bypassed before, so… yeah…
  • Why must the developer use an icon for SecuBrowser that very closely resembles the icon for Sandboxie? Tsk tsk.

Discussion

sandboxed_screenshotWhile not perfect, sandboxing is an excellent way to protect yourself from malware. So when I came across SecuBrowser, I was very excited. Another sandboxing program can only be a good thing, right? Eh, not so much.

As per my tests, this is how SecuBrowser “sandboxes” your browser. After installed, it places a shortcut on your desktop which you must double-click to run your default browser in sandbox mode. When you do that, all files (including temporary files) generated by that browser session are saved in a C:/sbox/[user name] folder on your hard drive. The idea here is if you come across a malware infested website while surfing the web, the malware will be downloaded to the C:/sbox/[user name] folder and you can easily get rid of the malware by deleting that folder. The only problem? This is an extremely stupid sandboxing method.

SecuBrowser restricts write/modify restrictions for your browser, forcing it to write to C:/sbox/[user name]. Cool, that is good. The issue is SecuBrowser has absolute no control over malware execution once it is downloaded to the C:/sbox/[user name]; if you ever happen to be infected with a drive-by attack on a website, all SecuBrowser will do is ensure all malware related files are downloaded to C:/sbox/[user name] — it won’t actually stop the malware from executing and accessing other parts of your system, nor can it stop a virus from replicating to other files in your system. In other words, it isn’t really a sandbox.

On top of that, SecuBrowser does not have the ability to automatically delete the contents of C:/sbox/[user name] (e.g. like on a reboot or after browser session has ended); you must manually delete that folder every time you want the contents gone, such as if you suspect malware infection. This means if you are infected while in a sandboxed browsing session, the infected malware will sit on your computer in C:/sbox/[user name] until you manually delete the folder. Who is going to remember that they should regularly delete C:/sbox/[user name]? Not very many people, I suspect.

Oh and you haven’t even heard the best part yet.

SecuBrowser restricts all files generated during the browser session to C:/sbox/[user name]… except for files you download yourself. Files or programs that you download yourself are placed in the Downloads folder in My Documents or the Downloads library, depending on what version of Windows you are running. Once downloaded, you can run/open the files/programs as normal, and those files/programs have access to your whole system like normal — SecuBrowser does not restrict the system access downloads have to your computer. So, essentially, if you unknowingly download a program with malware, SecuBrowser will do nothing to protect you except sit there and watch. Again, not a sandbox.

Conclusion and download link

Is this program a joke? Either this was programmed by a kid (which I doubt, since the developer claims to have a wife) or an amateur because, as per my testing, this is not a sandboxing program despite what the developer claims. In fact, I’d say this is a hoax more than anything. (Either that or I completely misunderstood what this program does, which is a possibility.) Based off my experience with this program, I wouldn’t touch SecuBrowser with a ten-foot pole if I were you, at least not in its current form. Rather, if you want a competent sandboxing program, check out Sandboxie. Sandboxie is an excellent sandboxing program that has a feature-limited, but still useable, free version with the full version costing €29.

Price: Free

Version reviewed: 1.0.0.0

Supported OS: Windows XP/Vista/Win7

Download size: 900KB

VirusTotal malware scan results: 0/46

Is it portable? No

SecuBrowser homepage

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

13 comments

  1. Druid

    I used to use sandboxie all the time on my 32bit and vista x64 OS, since changing over to win 7 x64, sandboxie installs the x64 version and keeps giving me errors and not executing the browser or apps. I have tried all alternative fixes suggested to me, still no go even with the latest update. For the past three years I have been lost without sandboxie.
    I am still on the lookout for an alternative sandbox program that works similar to sandboxie

  2. Rob (Down Under)

    [@JonE]
    Your welcome. Thanks for the feedback.
    . . .
    For others that may wish to try it, I don’t think you can get it now, in the FF Addons web page ?
    How ever if you update Flash (Shockwave perhaps ?), it is included as an optional extra.

  3. Ashraf
    Author/Mr. Boss

    [@Tom] One word: Ditto.

    [@Rob (Down Under)] That is a good setup but it isn’t the same as a sandbox.

    [@stilofilos] Welcome!

    [@JonE] Welcome!

    [@midwest guy] Then no one would read it o_O

    [@Strahd] Yes and no. A virtual machine gives you a whole new operating system — a virtualized computer. A sandbox isolates programs/files from the rest of your computer, sometimes by creating a virtual layer on top of your computer.

  4. midwest guy

    I think the title of this article should have been called “HOW NOT TO Protect yourself from malware and malicious websites by running your browser in a sandbox with SecuBrowser”.

    Like others have posted, I’ll stick with rock solid Sandboxie.

  5. JonE

    I’ll be sticking with Sandboxie. Thank you, Ashraf for the heads up.

    [@Rob (Down Under)] I’ve never used or even heard of Avast WebRep, but I have heard of McAfee SiteAdvisor; guess I’ll have to give that a try, but I don’t necessarily agree with you about WOT. Don’t get me wrong; I have it installed and I do use it, but I cross check the results with NetCraft and LinkExtend and there are some sites I will only open up in Sandboxie.

    I have been becoming less and less enamored with WOT the more I use it. Why? It is a user based device and more and more I find the information it provides to be less and less accurate. And this is so because WOT depends on user input. And if all of us that used WOT were updating WOT with accurate information about the security of a site I would be fine with it. But more and more I’m landing on known good sites, that I’ve frequented for years, to find that the site is now being shown as unsafe. It’s really annoying to have to step through that mess for a site you know is safe.

    WOT is not a tool to show ones distain for the content of the site, or it’s moral or ethical views, but to show whether a site is safe or not safe. But more and more this is not the case.

    I certainly agree with the theory behind WOT, but until there is some group of individuals to check the validity of user ratings WOT will continue to lose ground to the individuals who continually rate sites based on opinion rather than safety.

    This, of course, is my opinion.

  6. stilofilos

    [@Rob (Down Under)] Thanks for the hint Rob, This IceDragon looks like an intriguing combination indeed. I just downloaded it cos I’m totally fed up with that Firefox that keeps hanging every couple of minutes…

    @Ashraf: thanks for another interesting review. There can’t be enough people like you , warning us againt all the junk and cheating on the web. This function is at least as important as a (real) sandbox.

  7. Rob (Down Under)

    Two word: NoScript (+WOT + Avast WebRep + McAfee SiteAdvisor)

    Rob
    PS And have a copy of Comodo IceDragon, with Comodo’s extras active, just for the occasional dangerous session