Meet HeadSpin at STARWEST in Anaheim from Oct 4 - 6
Close
Browser Sandboxing

Browser Sandboxing—What is it, and why do we need it?

May 19, 2022
 by 
Kazuaki MatsuoKazuaki Matsuo
Kazuaki Matsuo

Organizations across the globe are breached with multiple security issues. Not only do these issues jeopardize the sensitive data and information but cause hefty financial losses. According to Statista, in the year 2020, the number of data breaches in the US accounted for 1001 cases, while over the same year, more than 155.8 million individuals were impacted by these data exposures. Since 2001, the financial damage driven by cybercrime has continually increased, which reached $4.2 billion in 2020 as per IC3 reports. Amidst the cybercrime turmoils, sandboxing acts as a technology to efficiently protect digital assets and systems.

What is sandboxing?

In the IT realm, sandboxing is becoming increasingly popular. The sandbox technology is an offering that enables you to create an isolated test environment within a system. With this capability, a program can perform specific actions without the action causing any damage to the hardware, and primarily, sandboxing aims to protect your operating system by safeguarding it from any faulty code or malware. In a physical sandbox at a playground, children can create anything within the boundary without messing on the outside. Similarly, in sandboxing technology, the application code can be executed within a restricted environment, with minimum contact with the external environment. For instance, in a sandbox, Javascript is free to add and modify elements on the page but could be restricted from accessing any external JSON file due to the presence of a sandbox feature called same-origin.

A brief history of sandboxing

The concept of sandboxing trails down to when the first PC systems were developed. In the 1970s, programmers leveraged sandboxes for test purposes and simulations. The programmers wanted to identify whether certain codes could work within a restricted and closed environment. Conventional security mechanisms like Hydra not just protected expensive hardware but showcased other advantages; sandboxing technology made it possible to record the problems that arose without isolation.

Why is sandboxing crucial?

As the nature and effectiveness of zero-day threats are continually evolving, an organization requires a strategy to protect its data and programs. Especially in the case of threats that can slip by malware and virus detecting email filters, sandboxing has emerged as one of the most efficient tools for guaranteeing an organization to mitigate the malicious actors. It offers crucial protection regardless of where sandboxing is executed—in the cloud or on an appliance. 

Let’s walk through the benefits of sandboxing—

  • Creating and deploying environments: using sandboxes make it easier to create and deploy environments at scale. A sandbox provides you the flexibility to test multiple versions and new lines of code.
  • Gaining access to advanced networking and support: The appropriate sandbox architecture allows you to utilize advanced networking features and test those to evaluate how the features fit in with or enhance your current system.
  • Saving company’s financial resources: In place of sourcing, purchasing, staffing, and maintaining the in-house development labs, you can utilize cloud-based sandboxing that assists in saving the money spent on procuring, running, and maintaining the equipment. The saved amount can be invested in other project areas to support the organization’s objectives better. 
  • Preparing for future attacks: Containing a threat within the sandbox environment is similar to quarantining it and making it available and accessible for study by the in-house IT team or external cybersecurity experts. Careful studies can assist in revealing patterns that can be used to identify and prevent future attacks. Further, you can utilize the knowledge gained from dissecting the threat to identify vulnerabilities in the network.

Different types of sandboxing

1. Application Sandboxing

Several applications leverage sandboxing by default to protect the local operating system. For instance, the Windows 10 operating system has a built-in sandbox protecting the desktop from unauthorized code. Again, HTML 5 has a sandbox for protecting against the misuse of its iframe feature, while Java has its sandbox, like a Java applet running on a web page. 

2. Developer Sandboxing

As the term implies, the primary target of a developer sandbox is to test and develop code in an isolated environment. Generally, a developer sandbox comprises a copy of a company’s production metadata.

3. Cloud-based or Virtual Sandboxing

A virtual sandbox is similar to a regular sandbox, but here, the software is used in a virtual or cloud-based environment. This phenomenon ensures the complete separation of URLs, downloads, or code from the network devices at the time of testing.

4. Web browser sandboxing

Browsers evidently require much more added security protection. Fortunately, the majority of the browsers today come with built-in sandboxes where minimum end-user interaction is needed. Browser sandboxing is vital for identifying and separating malicious applications that run on the Internet from accessing local machines and their resources. Following are some of the popular browsers and their sandboxing capabilities:

  • Google Chrome has been sandboxed from the beginning of its use
  • Mozilla Firefox provides selective implementations of sandboxing
  • Internet Explorer introduced certain levels of sandboxing in 2006 with IE 7
  • Apple’s Safari browser runs websites in separate processes

What does browser sandboxing mean?

Browser sandboxing refers to a security model that physically isolates Internet users’ browsing activity from the infrastructure, local computers, and networks. In order to prevent security breaches in your system or web application, developers must delineate how to deal with the issues, and this is what sandboxing assists in. The browser sandbox offers a safe virtual environment for testing suspicious and harmful codes or running third-party software without compromising the system data or local files.

The foremost goal of a sandboxed browser is to protect your machine from browser-associated risks. Thus, if a user downloads malicious software, the software gets downloaded into the browser’s sandbox, and every element inside it, including the harmful code, is wiped out upon closing the sandbox.

The two primary isolation techniques used in browser sandboxing are:

  • Local browser isolation

This conventional browser isolation technique runs the virtual browsers in the sandbox or the virtual machine on the user’s local infrastructure that aids in isolating data from external security threats and harmful browsing. The virtual browsers act as a protective barrier between external threats on the web and user machines. In this case, if any user visits a malicious site or downloads a harmful file, the threats are unable to reach the endpoint. 

  • Remote browser isolation

This sandboxing technique can be hosted over the cloud by an organization or any third-party provider. It involves a virtualization technique where the browser is run on a cloud-based server—both public and private cloud. In remote isolation, the user’s local system is free from browsing activities, while the browser sandboxing, filtering, and risk evaluation are executed on the remote server. 

Remote isolation might often be expensive as it needs the allocation of resources to run a large volume of containerized browsers. However, utilizing third-party providers can prove to be cost-effective.

The two key methods in remote browser isolation for isolating user local infrastructure and web content are:

1. DOM mirroring —The browser isn’t entirely isolated from the user’s local system. However, the DOM mirroring technique filters out the malicious content and delivers the rest of the content to the user.

2. Visual Streaming — This technique offers complete remote browser isolation where visual streaming functions like Virtual Desktop Infrastructure systems in which a browser runs on the cloud-based server, and the visual output is displayed to the user’s local machine.

Sandboxing with different browsers

Today, the majority of the browsers have a sandbox already that improves the capabilities for protecting your system. Following are some of the primary web browsers and the respective sandboxes.

  • Firefox sandbox

Firefox executes untrusted code within a sandbox to protect the local system from threats. The Firefox browser is sandboxed by leveraging the parent and child processes. While the users browse, potentially malicious programs run in the Firefox sandbox. This capability assists in limiting the contamination from malware in case of suspicious activities. The parent is a mediator between the child process and the other system resources during sandboxing.

To check the level of Sandboxing in use in Firefox, one can enter the following command in the address bar of Firefox;


about:config

This returns the Firefox configurable variables on the web page. Following this, users can press CTRL+F when the cursor is placed on the config page.

Then enter the following command in the ‘Find input field box.’


security.sandbox.content.level

This command returns the value of the current sandboxing level of Firefox. These level values indicate  the unique sandboxing settings for every platform and process. Most of the processes have two active levels, which are the current setting and the lower (previously released) setting. Any level setting other than these two values do not carry a guarantee of altering security behavior—level settings are generally a release rollout debugging feature.  Please read https://wiki.mozilla.org/Security/Sandbox for more details to see what the level means.

  • Edge Browser Sandbox

While launching the Edge sandbox browser Windows 10, the user is presented with a fresh desktop that has the Recycle Bin and Edge shortcuts. The page displays the Start menu and other icons, but those aren’t functional in this sandbox environment. It is highly recommended to open those in the main Windows 10 instead of sandboxed Windows 10. When the Edge browser sandbox is closed, the browser is no longer available. The user’s ISP may keep track of actions in the sandbox; however, this data is not auditable. 

  • Chromium Browser Sandbox

This sandbox is utilized by both Google Chrome and Microsoft Edge browsers. Similar to Firefox Sandbox, it runs in two parts, where the parts run the broker process and the target process of the code. Here the parent process is called the broker process, and the child processes are known as the target processes. Each code that is run by the child processes runs within the sandbox. On the other hand, the parent process acts as a mediator between the child process and computer resources to maintain the necessary supply of the resources.

Leveraging a Browser Sandbox for cross-browser testing

Browser testing and evaluating browser compatibility can often become stressful. While there are several ways to install different versions of a browser on one system, certain apps like Turbo Browser Sandbox  can be helpful. The Turbo Browser Sandbox enables you to utilize almost every popular web browser without installing them on your machine. You can seamlessly run all popular browsers like Chrome, Firefox, Internet Explorer on your machine directly from the web.

What are the benefits of sandboxing?

Sandboxing is the key to mitigating the varied online threats one can face. The primary benefits of sandboxing include—

  1. Protects host devices and operating systems from being exposed to potential threats.
  2. Sandbox assists in launching newly developed code by evaluating and testing it to identify potential vulnerabilities before the code goes live.
  3. While working with new vendors and untrusted software sources that can trigger various threats, sandboxing can help eliminate the threat factor of these interactions by pre-emptively testing the new software.
  4. Sandboxing applications are hybrid solutions that drive them to be deployed locally and remotely. Hybrid systems are more secure, reliable, and cost-effective than conventional solutions.
  5. A sandbox environment helps quarantine threats and viruses. This capability helps cyber experts study and analyze threat trends and allows the prevention of future intrusions and the identification of network vulnerabilities.
  6. In the majority of the cases, sandboxing allows easy integration with existing security-based policies and products, providing comprehensive coverage for security protection.

Turning off Google Chrome Sandbox

Following are the steps to turn off Google chrome Sandbox—

  • Right-click on its icon
  • Click on 'Properties' > 'Shortcut tab' in the dialog box that appears
  • Add the following to the app path that is being shown in the target

--no-sandbox
  • Post these steps, whenever you click the Chrome icon, it will load Chrome without a sandbox

How secure is browser sandboxing?

Though most web browsers utilize a sandbox, the Internet is still a significant source of viruses and different malware. Further, the level of sandboxing tends to vary. Other web browsers deploy sandboxing differently, and hence it is difficult to evaluate how these work. Nonetheless, it doesn’t imply that every web browser is unsafe. Again, a browser sandbox can make them safer and more secure. 

But no technique of browser sandboxing can guarantee 100 percent security. Specific browser components might stretch beyond the sandbox if these leverage ActiveX and Flash. Instead, developers can attempt to use a secure real device cloud to test web applications that can help achieve improved security.

FAQs

1. What are some of the assets that are being sandboxed? 

The assets being sandboxed are:

  • Web Browsers
  • Browser Plug-ins
  • Mobile Apps
  • Web Pages
  • Windows Software

2. What is sandboxing in a firewall?

Sandbox environments are also utilized for threat detection, apart from serving as a testing ground. Sandbox environments can help check files before going through the firewall and into your network for an added layer of security.

3. How does a sandbox work?

There are various options to implement a sandbox based on multiple use cases. Following are some ways of how it works:

  • Complete system emulation where the sandbox mimics everything of your device, including hardware like memory, CPU
  • Emulation of an OS where the sandbox mimics your OS but is devoid of any access to hardware
  • Virtualization where the sandbox runs under a virtual environment like VMWare but has access to virtualized hardware

4. What are some of the issues with sandboxing?

The primary drawbacks of sandboxing include:

  • Extreme resource utilization and time consumption as setting up a mock sandbox environment consumes extra time, effort, and resources
  • Threats might find evasive ways and go undetected
  • A sandbox environment can often degrade network performance and increase operational costs.

Browser Sandboxing—What is it, and why do we need it?

4 Parts