Can I configure a Sandboxie Plus to use Heidi's eraserl.exe for deletion?
If so, how? Thx.
secure delete
- DavidXanatos
- Posts: 340
- Joined: Fri Mar 19, 2021 11:26 am
Re: secure delete
Currently this is not supported, as its not really a usefull feature and more fake than secure.
You see, the old sandboxie sure can delete the files left in the end in a sandbox,
but it does not do anything of that sort with files created and deleted during the boxes operation.
So for example chrome wants to save a bookmark file, it creates a new file saves the bookmarks to it, deletes the old bookmark file and than renames the temp file to be the new bookmark json file
and it does that 10's of times basically each time something about the bookmarks changes.
All these files are not erased securely at all.
Also if you have a SSD you _CAN_NOT_ erase anything securely die to wear leveling, i.e. your SSD transparently reaping sectors and your overwriting hits other sectors than the original data was in.
So if you need to securely get rid of you a sandbox, create a encrypted file based container using for example veracrypt, and point your sandbox to that location, once you are done using it, forget the password and create a new container.
This described strategy is the only one that offers meaningful security on a SSD system
You see, the old sandboxie sure can delete the files left in the end in a sandbox,
but it does not do anything of that sort with files created and deleted during the boxes operation.
So for example chrome wants to save a bookmark file, it creates a new file saves the bookmarks to it, deletes the old bookmark file and than renames the temp file to be the new bookmark json file
and it does that 10's of times basically each time something about the bookmarks changes.
All these files are not erased securely at all.
Also if you have a SSD you _CAN_NOT_ erase anything securely die to wear leveling, i.e. your SSD transparently reaping sectors and your overwriting hits other sectors than the original data was in.
So if you need to securely get rid of you a sandbox, create a encrypted file based container using for example veracrypt, and point your sandbox to that location, once you are done using it, forget the password and create a new container.
This described strategy is the only one that offers meaningful security on a SSD system