Compartmentalization for high privacy and security

Gaiko

New member
I'm trying to set Sandboxie up as the alternative for Qubes OS.

I have found Qubes OS very inconvenient for my use/work model. So, I'm trying to create a similar environment on Windows. The main goals are: (1) to give away as little information (about my hardware, OS, running processes, etc.) to other processes/apps, as possible — privacy; (2) limit the damage in case of sandboxed app or sandbox compromise — security.

I know that Sandboxie has not been developed specifically for privacy geeks, and Windows is bad for such kind of setup in general, but, as I mentioned before, Windows is the OS I stick with.

Here is my default sandbox setup process:
1726317174769.png
1726317320805.png
1726317375040.png
1726317477592.png

My question is:
What else, that won't require a big maintenance effort and/or have severe apps compatibility issues, can I do to harden my sandbox?

As I understood, the only network thing, that I can manage in Sandboxie, is adding SOCKS5 proxy. Do the team have plans to implement VPN/Wireguard tonneling?
 
1) Different sandboxes for different apps. E.g. a browser sandbox and a downloader sandbox.
2) Use SandboxieLogon=y, Sandbox Options > Security Options > [Advanced Security] > "Use a Sandboxie Login instead of an anonymous token" Originally all Sandboxes shared the same anonymous token, but with this option, it is just as restricted, and on top the sandboxes are isolated by a different SID.
3) You could enable to start only allowed programs per box. Sandbox Options > Program Control > [Start Restrictions], for sandboxes where you start programs that are installed to the host.
4) You can block network access for apps on the host, in the Network Options. You could use the firewall to allow only connections to certain IPs, which can work for connections to an email server or for putty, where you know where you want to connect to in advance and it does not change often. And as you said, you could use a SOCKS5 proxy. I am not aware of there being considerations about implementing a VPN.
 
1) Different sandboxes for different apps. E.g. a browser sandbox and a downloader sandbox.
2) Use SandboxieLogon=y, Sandbox Options > Security Options > [Advanced Security] > "Use a Sandboxie Login instead of an anonymous token" Originally all Sandboxes shared the same anonymous token, but with this option, it is just as restricted, and on top the sandboxes are isolated by a different SID.
3) You could enable to start only allowed programs per box. Sandbox Options > Program Control > [Start Restrictions], for sandboxes where you start programs that are installed to the host.
4) You can block network access for apps on the host, in the Network Options. You could use the firewall to allow only connections to certain IPs, which can work for connections to an email server or for putty, where you know where you want to connect to in advance and it does not change often. And as you said, you could use a SOCKS5 proxy. I am not aware of there being considerations about implementing a VPN.
1. ✅
2. Great suggestion, I missed that point!
3. Found this during my research today. Already implemented for some sandboxes. For complex apps this may be ricky, as some apps require a lot of parts and sub-programs to run.
4. ✅

Great suggestions overall. Thank you a lot!
 
2) Use SandboxieLogon=y, Sandbox Options > Security Options > [Advanced Security] > "Use a Sandboxie Login instead of an anonymous token" Originally all Sandboxes shared the same anonymous token, but with this option, it is just as restricted, and on top the sandboxes are isolated by a different SID.
What about this feature? Is it worth enabling it for more privacy?
1726427330206.png
 
This option enables a new mechanism for how tokens are created. When partly checked, it only enables the new mechanism, which can have effects on compatibility, possibly in both directions. (Bugs were found and fixed, but it's still quite new) When fully checked, it also adds "Sandboxie\All Sandboxes" as SID to be able to address all sandboxes at once, for example to apply security policies for all of them. This should not be beneficial for privacy, but also not being bad for privacy, as far as I am aware.
 
Back
Top