Five sandboxing apps to protect your Windows computer
Sandboxing programs are a great way to prevent these kinds of headaches. What do they do? In simple terms, they prevent applications from making changes to your system. It's kind of like having an imaginary hard drive where programs think they're operating like normal, but their actions never make an impact on your real filesystem.
Here are five options available for Windows systems to get the job done. These apps are great not only for the workplace or situations where you're looking after public or shared computers, they're also a fantastic way to protect your home computer from unwanted changes due to accidental misuse and malware.
Faronics' flagship product has long been the nemesis of would-be high school hooligans for years, and with good reason. Once a system has been frozen, it's just about impossible for it to be monkeyed with (unless you know the admin password). User profiles can be left in a "thawed" area so as to allow changes to persist. Attempted changes is a frozen area? They're gone as soon as the system reboots.
There's no detectable performance hit with DeepFreeze, and it's also available for Mac and Linux systems. A 30-day trial is free and $45 for a license with 1-year maintenance.
Returnil Virtual System
In addition to providing full system protection, Returnil offers a wide array of useful features. It integrates tightly with the real operating system and provides a good set of tools for working in both the real and virtual filesystem. Users can whitelist or blacklist individual files and all virtualized changes can be completely undone with a reboot.
The current version is free for personal use, and the Premium Edition goes for 20 Euros. There's a feature comparison on the Returnil site if you'd like to see how they stack up. They're also seeking beta testers for version 3.0. If you're interested, apply here.
Sandboxie is one of the most talked about and widely used free applications in this group. It's not so much designed as a "total desktop" solution, but as a way to isolate certain programs that pose a risk - like web browsers.
The paid version allows simultaneous use of multiple sandboxes, enables forcing programs and folders into sandboxes, and removes the post-30-day nag screen. For personal use, a lifetime license will set you back a paltry $22 Euros and it can be installed on every computer you own.
Similar to Sandboxie, Bufferzone is more about isolating threats from the internet than completely locking down your system. It's designed to isolate apps like your web browser, email, and peer-to-peer programs. Downloaded files inherit Bufferzone's protection, so if you install something that was downloaded from a protected app, it becomes protected as well.
BufferZone is free to try for 30 days. After that, it's $39.95 to register for home use. Trustware also offers various enterprise-grade solutions. Vista users can sign up for a beta version tryout.
Microsoft's offering was one of the first apps I wrote about after joining DS, and it's seen some nice improvements since then. SteadyState offers some additional functions, like locking down access to Windows functions like control panel and the command prompt, limiting access to specific websites, and maintaining Windows and antivirus program updates.
It's worth noting that this functionality is baked in to the Windows 7 pie as PC Safeguard.