Sandboxing: purpose and application explained

Testing a new computer program for its functionality is an important step in software development. Even if the source code does not contain visible errors, unexpected complications may still occur during practical application. But testing an unrefined or unknown software program comes with certain risks. For instance, a program may alter or even damage the operating system when faulty or harmful code is installed. A sandbox can solve this dilemma. It offers you a way to test your software or third-party code in an isolated environment, without affecting the overall system.

In the IT world, the terms “sandbox” or “sandboxing” are becoming increasingly common. But what is sandboxing exactly and how is it used? Sandbox technology allows you to create an isolated test environment within a system. In this way, certain actions can be performed by a program, without it being able to cause damage to the hardware. Sandboxing is essentially about protecting your operating system by shielding it from faulty code or malware. In both software development and cyber security, sandboxing is now considered a standard practice as it provides large companies the protection required to avoid system damage and cyberattacks.

The concept of sandboxing is nothing new; it emerged during the development of the first PC systems. In the 1970s, programmers used sandboxes for test purposes and simulations. They wanted to find out whether certain code could work within a closed environment. Initial security mechanisms like Hydra did not only protect expensive hardware, but had other advantages: Sandboxing technology made it possible to record problems which would have arisen without isolation.

Nowadays, certain programs not only enable you to catch and redirect access to your registration database, but using virtual machines (VMs), you can even simulate an entire computer.

Sandboxes can be generated in a number of ways. Previously, programmers developed their own separate test environments, but now they have access to programs that can be put to immediate use. Depending on the operating system and suggested purpose, various versions and different approaches are available. This is important because a developer working on a brand new computer program will have different needs compared to a company primarily focused on protecting its operating system from unknown code or cyberattacks. As a general rule, the more aspects of a real system environment the sandbox application should simulate, the greater the resource requirements will be.

The following provides a brief overview of different sandbox versions and how they work:

• Sandbox programs: When it comes to sandboxing technology, a popular standalone program is Sandboxie which provides a ready-made sandbox for Windows users. Once activated, all write accesses to the hardware attempted by the potentially harmful program are redirected to a folder that you can define yourself prior to the test. Files saved in the sandbox can be moved into the real system on command. Within these applications, you have the option to manage multiple sandboxes at the same time.
• Sandbox in the operating system: Some applications allow you to use the sandbox directly in your program code, with the help of layers and levels. This sandbox is then part of your operating system, albeit self-contained. Like other sandboxing software, you enter certain parameters for the duration of the respective program, enabling a targeted sandbox analysis. With Windows 10 (from version 1903, build 18305), you receive the integrated Windows Sandbox as standard, which you can activate or deactivate yourself.
• Virtual machines: Virtual machines (VMs) are more extensive than individual programs. A VM can be used much like a normal computer and is often located on a separate server due to its size. It’s possible to divide the VM into multiple guest systems. These pseudo-systems exist independently from one another and are fully isolated from the hardware. Well-known VMs include VMware, Java Virtual Machine, and FAUmachine for Linux and macOS.
• Plug-in sandbox: The programming language Java provides an example of a plug-in sandbox. Here, the sandbox is used by Java applets. Applets are computer programs that are executed in a client web browser. However, thanks to the integrated sandbox, the program code loaded online is run within a separate environment, keeping the hard drive, working memory, and functions of your operating system protected.

There are many ways to use sandboxing. In general, the objectives pursued with this technology can be split into two areas: software testing and cyber security. Below you can find a brief summary of which functions they fulfill.

Software testing: Sandboxes play a major role in testing a newly developed software program. The virtualization of computer systems helps programmers to develop a secure and functional application and test it in various environments. Sandbox testing is a tool that demonstrates to developers where code needs to be adjusted. Sandboxing is sometimes used to separate programs running simultaneously if they are not compatible with one another. Since code in the sandbox can be executed safely, IT experts use the technology to analyze malware and determine its effects on the operating system.

Cyber security: Even in connection with browser security, sandbox tools are a popular solution in addition to effective firewall security systems. They protect the operating system from manipulation when launching critical applications. In particular, public institutions and companies that work with sensitive data need to protect themselves from advanced persistent threats (APTs). This includes concealed and recurring hacking attacks that take place over a prolonged period of time. Additionally, regular internet users can surf the web more safely using a sandbox application. In fact, the current Chromium-based web browsers work with separate sandbox processes for each website or loaded plug-ins to prevent browser exploits.

There are many arguments in favor of using sandboxing technology. But the question remains of how secure sandboxes truly are when it comes to cybercrime. In general, using a sandbox should not give you a false sense of security. After all, hacking attacks continue to advance just like modern security mechanisms. Smart cyberattacks recognize classic sandboxing environments and can circumvent them by first concealing the harmful code as innocuous before installation. For this reason, experts not only recommend using a silo-like standalone system, but also multiple sandbox technologies at different levels. The multi-sandbox array technology uses multiple sandboxes in the same cloud, for example.

Here is a quick review of the advantages and disadvantages of sandboxes: