I’ve had Avast for quite a while now and not until now have I started wondering about the Sandbox and when I should use it. I checked the forum already for info but all the search results were from old threads from like 2011 and prior, so I started a new one.
I read a website about what the Sandbox basically does, and I think I understand… and since it’s a way to protect me even more, is there any reason not to just open Chrome and/or all 3rd party programs every time using the Sandbox?
If it’s good to open everything, especially Chrome, Sandboxed all the time, is there any risk involved? Can the Sandbox itself become hacked or anything?
And within the Sandbox, when I surf the internet, am I still protected in the same way with Avast Antivirus and Malwarebytes?
When you sandbox your browser ( or any other application ) you basicly isolate it from the rest of your system, so your system can not be infected by whatever the browser downloads.
I have a small tutorial for you to start :
Most important is to Sandbox your browser(s).
But first, if you are using an Administrator account, go to :
Avast - Settings - Tools - Sandbox - Customise - Parameters - Drop administrative rights etc. … and select that.
And click : Ok - Ok.
Now go to :
( Avast - Settings - Tools - Sandbox - Customise - ) Virtualised processes - Add - … and select the executable(s) of your brower(s).
And click : Ok - Ok.
But there is also another way to Sandbox ( your browser(s) ) :
Right click on a Shortcut ( of your browser(s) ) and choose “Run inside sandbox” or “Always run inside sandbox”.
Also regulary delete your Sandbox contents. You can even scedule it if you like. Go to :
Thanks, Rednose! I’ll follow the tutorial to make sure Chrome is always sandboxed. So it’s always important to keep it Sandboxed? There is no reason that I should turn it off/unsandbox it at any time?
And then just probably a silly question, but when it’s in sandbox, does Avast Internet Security and also my Malwarebytes still protect everything like it normally does without sandbox?
Yes, I think it is important that you sandbox your brower(s) if you have the oppertunity.
In my opinion the Avast sandbox is more important than the webshield, as the sandbox also protect you from unknown threads.
And Avast anti-virus and MBAM will protect you stiil the same.
Unfortunate news though… I just tried to use the sandbox, after following your tutorial (I dropped administrative rights and then right-clicked on Chrome to “always run in sandbox”). But it’s not working – Chrome gives me the error message: “Aw, Snap! Something went wrong while displaying this webpage. Closing the apps and tabs that you don’t need may help by making more memory available.”
I didn’t have anything open except for Chrome and the only actual running apps in my system tray are just Avast, MBAM, and CCleaner. I have 12GB memory and Intel Core i7 3770 CPU on this computer, shouldn’t that be plenty just to use Chrome in the sandbox? It’s weird that the error message says I need more memory.
When I first opened Chrome after sandboxing it, a little box popped up to say that Avast Online Security had crashed… does that have anything to do with this, or why it’s not working? (I have the Avast WebRep extension.)
Sorry to bug you (and/or others) with another question/problem… ??? Thanks again in advance!
Nope, it still doesn’t work after that, unfortunately. I wasn’t sure if Avast WebRep was part of the problem or something, so I disabled that and then tried to run Chrome in the sandbox again and I still get the same error. It won’t load any web pages at all.
I’m signed in to my Google Account (to sync my bookmarks to other devices) and when I try to run Chrome in sandbox, it does show my name as logged in and has my Chrome theme and everything, but just won’t load any pages (gives the same “Aw, Snap” error).
I am asking because, while I can run Firefox in Avast Sandbox, I get errors when I try running Chrome (or Edge) sandboxed. Chrome process is listed in the Avast Sandbox window, but Chrome does not run and after a while I get a “WerFault.exe - Application Error” message (“The instruction at 0x0 etc. etc. referenced memory at 0x0 etc. etc. The memory could not be written. Click on OK to terminate the program.”).
I am not an expert though. Maybe I have some wrong settings in my Sandbox!
Sandboxing makes a lot of sense when you’re in a dangerous environment or you’re doing financial transactions.
Sandboxing also slows everything down greatly and certainly isn’t something I use for my normal browsing on the internet.
Your computer your choice.
I personally don’t see a need for running sandboxed all the time.
I have one Browser I use sandboxed all the time and use that Browser only for traveling in dangerous areas.
I use “SafeZone” for all my Financial/Data transactions And I use another Browser normally combined with Layered Protection for most all my work/research and Internet Browsing.
As Bob said, Your computer Your choice.
123ava: Yep, Firefox worked in the sandbox, thanks! After I reset Windows 10, I forgot to reinstall Firefox, so I did and it works perfectly fine with the Sandbox. It’s still a no-go with Chrome, though.
But based on the other recent replies (thanks, bob3160 & schmidthouse), I think I will then just start using Firefox sandboxed for my banking/financial stuff and then just run Chrome regularly. I’m a pretty safe (borderline paranoid) internet surfer, so I should be fine… and like you guys mentioned, I did notice that Firefox was significantly slower in the sandbox so I probably don’t want that in my default Chrome browser (if the sandbox worked on it, that is).
Just out of curiosity though, if I decided to visit unknown or potentially risky sites, is it okay to do that in Firefox while sandboxed while also using that same browser to do my banking? Or is that pretty dangerous?
I personally don’t visit known risky sites.
I learned a long time ago that when you play with fire, you’re most likely going to get burned.
I play it safe but not to the extent that it hinders my work or my enjoyment on the internet.
I use Avast to keep me safe in case one of those “safe” sites became a “dangerous” site.
To sandbox or not to sandbox that is the question.
Well unless you are some sort of paranormal psychic and know precisely when your next big malware attack will occur i can only say that the sandbox must be run at all times.
However a sandbox will not save you from a phishing attack for instance.
I have used firefox for years and never “sandboxed” it as i see it as a false sense of security.And i dont buy all that google chrome baloney about sandboxing etc as all chrome does is use the access controls already present on the operating system.Chrome by the way is stronger on linux than on windows.
[i]A Chinese attack group infected Forbes.com back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies.[/i]
Drive-by download pages are usually hosted on legitimate websites to which an attacker has posted exploit code. Attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form, like a comment field on a blog. Compromised sites can be hosted anywhere in the world and concern nearly any subject imaginable, making it difficult for even an experienced user to identify a compromised site from a list of search results. ...snip...
How on earth did the web survive without sandboxing we will never know…I really dont understand this obsession with sandboxing everything.
Why bother…?
My tip for all the sandboxing junkies is to install a virtual machine and be done with it… :o
Google chrome already provides a sandbox function so why would people suggest putting chrome in yet another sandbox.
My god this is getting ridiculous.
My point here is going to be that you may as well dump chrome and use any other browser if its going to be sandboxed anyway.
Maybe we should all pop over to the google forum and ask the developers why their sandbox is so ineffective that another sandbox by a 3rd party is required.
I guess that you haven’t been browsing the viruses and worms forum recently.
There have been lots of instances of Google Chrome being exploited and effecting the system - so its sandbox isn’t really protecting itself or the system.
On which operating system are these exploits occuring.?
The chrome sandbox is stronger on linux as it uses seccomp bpf filters.YAMA enforcing and namespace sandboxing.
