Sandboxing is a process where an application is separated from other programs and system resources for security purposes. So if the application proves malicious, the other systems and programs in the same network would not be affected or infected with malware. Afterward, the malicious program can either be cleaned if it is required or deleted if it is unnecessary, without causing problems within the networked environment—essentially, the systems and devices that are connected to one another and the Internet.
It is just like building sandboxes in real life. They are made to contain playtime within a specified area because you don’t want toys to be scattered throughout your yard. It also prevents your child from wandering to potentially dangerous areas.
Other interesting terms…
Read More About “Sandboxing”
A sandbox is a tightly controlled environment. As such, you can safely run even a malicious application in it without worrying about malware spreading throughout your network. Its functionality depends on the permissions it is given.
If it is installed in your web browser, for instance, when you visit a malicious website, your computer and the programs and data stored in it won’t be affected. The said site would be isolated within the sandbox, and so it opens in a separate location. Without it, visiting the malicious site would be synonymous with installing a virus into your computer.
Where is Sandboxing Used?
Most people may not know it, but a lot of the technologies they use have built-in sandboxes. These include:
- Browser plug-ins: The content loaded by browser plug-ins like Adobe Flash and Microsoft Silverlight run in sandboxes. That is the reason why playing a game on a web page is safer than downloading and running it as a standard program. Flash isolates it from the rest of your computer and restricts what it can do.
- Web pages: Your browser uses a sandbox before it loads a page you want to view. Pages that contain JavaScript codes, for instance, can be limited to the permissions you allow. Codes that attempt to access local files are not allowed to load.
- Mobile apps: Most mobile platforms run apps in a sandbox too. That way, they are prevented from doing many things that standard desktop applications can do. They have to declare permissions if they want to access your location, for example. The sandbox also isolates apps from each other. That way, they can’t affect or share information with each other.
Sandboxing is also applied to PDF and other documents, browsers and other potentially vulnerable applications, and Windows programs.
What are the Other Uses of Sandboxing?
Sandboxing is not solely for enhancing cybersecurity; it can also be used for:
- Software testing: Developers can run untested code changes and experiments right after production within a sandboxed environment. Sandboxing protects other programs and content from unintended changes that the untested code may do, causing them to fail.
- Running multiple operating systems (OSs) on a single computer: Using so-called virtual machines (VMs)—special software programs—can let you run Windows programs on a Mac OS and vice-versa. That said, you don’t need to buy two computers to use programs that can only run on one or the other platform.
Does It Have Limitations?
While sandboxing offers various cybersecurity benefits, it still has some flaws. Since it depends on the permissions you give, it can limit the functionality of some applications. Backup programs and keyboard shortcuts may not work as well in sandboxed applications.