How To Explain Sandboxing To A Five-Year-Old

Rob Norris, director enterprise & cyber security at Fujitsu UK and Ireland

“In the Avengers, imagine Iron Man has designed a new Iron suit and he needs somewhere to test it. But to do that he needs somewhere safe where, if the new suit goes wrong or isn’t very good, he doesn’t end up wrecking buildings, or hurting anyone. He also needs somewhere that is safe from Loki and the other bad guys. So someone puts a force field around him to protect him while he tests out the new suit. He would need a ‘sandbox’. This is where people who make new technologies test them out safely.”

Dr Guy Bunker, SVP Products, Clearswift

“Imagine you had robots at school to look after you. One day a bully sends in a bad robot to steal your lunch money, hidden amongst a new batch of robots that are being delivered.

“To check which robots are good, your school could put them inside the sandbox where they can’t do any damage, and watch how they behave. After a while, the good ones are set free inside your school and the one that keeps trying to steal is thrown out.

“The problem is, these robots are getting more intelligent and some pretend to be good until they get out of the sandbox.

“So your school also needs to consider other approaches such as using highly trusted adaptive security solutions, and monitoring the robots leaving so they can spot if lunch money (sensitive data) is being stolen by a bad robot that has tricked its way in.”

TK Keanini, CTO at Lancope

“If someone in your family came home from a trip, and was showing some symptoms of having a highly contagious disease but you did not know what it was, you would want to put them in a room by themselves and call in experts to figure out what it is that he/she has before letting them out of the room.”

Yong Chuan Koh, a security researcher at MWR InfoSecurity

“Let’s say a PC is like a house with many rooms – each room holds an application and the furniture in each room represents the application’s data. Now sometimes, a naughty dog gets into the house and wants to break all the furniture – this dog is like a piece of malicious code.

“So without the dog, the house is neat and tidy and all is well. But if he enters the house through room A and all the doors inside the house are open, the dog will surely run into other rooms and break furniture in the rest of the house! However, if we can close the door and lock room A, then the dog can only rampage in room A.

“Other parts of the house remain unaffected, so locking the door and keeping the dog from going any further is just like we do with sandboxing on a PC, where we segregate applications to prevent malicious code from damaging the data we want to keep safe and secure.”

Stuart Brown, principle solutions architect, Redcentric

“Josh gets a toy helicopter for Christmas, but Mum and Dad are concerned. He can’t wait to fly it around the house! “But hang on,” Mum says, “this could be really dangerous- you could injure someone or break something.” Before letting him loose, Dad takes some precautions in a controlled environment. He takes to the controls first and makes sure it takes off, lands properly and flies straight, checking that its top speed is not excessive.

“Josh then starts to fly the helicopter, closely supervised by Mum who also makes sure he can make the helicopter take off, fly straight and land. Only then is Josh allowed to fly the toy helicopter alone when he wants.

“In computer security, sandboxing is just like this. Potentially dangerous traffic sent to you is diverted to the sandbox where it can run in a controlled environment to see what damage it could do.”

Kevin Epstein, VP of advanced security and governance at Proofpoint

“Software programs on your computer are like children in your school classroom: some are nice, and some behave badly. Imagine – what if you could see how someone behaved before they were admitted to your class? Sandboxing is like someone set up a fake classroom in front of your school, with robots that look like other children and teachers instead of real people. Any new person would have to play in that classroom for an hour, being watched by hidden video cameras, before they were allowed in the real classroom. If the new child behaves badly in the fake (“virtual”) classroom — for example, hitting the robots and shouting bad words, or stealing school supplies – then they’re not allowed into the real classroom full-time.”

Fraser Kyne, principal systems engineer, Bromium

“Do you remember when we visited the aquarium and saw the cool sharks? Luckily they were behind a glass wall so we could watch them without getting eaten. This is the idea of a sandbox: put dangerous stuff in a box to stop it hurting you. Unfortunately, it doesn’t work very well, because a sandbox isn’t very strong. Many sharks can bite their way out, and others just swim out of the big hole at the bottom. So what we need isn’t a sandbox, but an individual aquarium for each individual shark. Luckily there’s a new tool called microvirtualization that does exactly this. The glass is very thick, and the hole at the bottom is so tiny that a shark can’t get out.”

Catalin Cosoi, chief security strategist at Bitdefender

“Imagine your room is neatly arranged and everything is not only clean, but also where it’s supposed to be. All of your clothes are in the right drawers, all of your toys are neatly arranged, and even your bed is perfectly made. What if someone were to come into your room and start throwing your clothes around, jumping on your bed or breaking your toys? Now imagine building a box around the person who’s doing all the damage so that he can’t continue.

“It’s pretty much the same with operating systems and applications. To restrict the amount of damage an application can do, it can be sandboxed and prevented from interfering with your operating system.”

Thierry Karsenti, Check Point’s technical director

“Sandboxing is a bit like a special ‘test chamber’ that allows businesses to see if incoming emails contain harmful and damaging files called malware. The sandbox allows files to be tested before they get onto a company’s networks and computers. Malware pretends to be other things, like Office documents or picture files, so that it can get onto a computer to damage it or steal information for criminals. Sandboxing lets organisations test files in a safe area, to check they are what they say they are and that they are not malware. If the file is safe, it’s allowed to go to the recipient; if it is not safe, it’s blocked. This is important because our 2015 Security Report discovered that companies download new and unknown types of malware every 34 seconds.”

Ian Hood, MD at Babel PR

“It’s like when you bring a puppy home and you don’t know if it’s going to make a mess all over the carpets and rip all your best shoes to pieces. Until you know it’s not going to create havoc, you keep it in one room, preferably with a tiled floor, and keep a very close eye on it. That’s sandboxing – think about an untested piece of code or a programme as the puppy and the software and hardware that keeps the business running as your favourite pair of shoes and the front room carpet.”

Andy Soanes, CTO of Bell Integration

“When you put new apps on your computer, you don’t want to accidentally introduce something that will break the computer or let other people spy on you. What you need is somewhere you can try out those apps first to make sure they’re not dangerous. A sandbox is like a playroom for computers: a safe space where you can try out apps you maybe don’t trust without making too much of a mess.

“In a sandbox, you have total control over the computer, so you can see what an app does when you make little changes. If those changes make something bad happen, it only happens to the sandbox and not to your proper computers. So you can just clean up and start again. This means that you can make sure that new apps won’t do anything funny to your computers before you start using them properly.”

Terry Greer-King, director of cybersecurity, Cisco UKI

“Sandboxing is when running programs are separated so that they can be tested or analysed in isolation. Developers use sandboxing when they want to test new programming code or when security teams want to test untrusted programs from third parties or untrusted websites. The sandbox environment is strictly controlled and many restrictions, such as the ability to read from input devices or access the network, are enforced. Sandboxing is a critical step in mitigating any risks associated with flawed or malicious programs, and gives IT teams the confidence that any exploits do not impact or compromise the entire system.”

How much do you know about hacking and viruses? Take our quiz!