A secure democratic Net is a fundamental right

In a very interesting review of a few sandbox solutions, the end declaration is also of interest. This kind of technology will need more attention and integration in the near future. A sandbox is a folder in which everything you do online is stored. There are no downloads directly to your kernel, programfiles or where ever in your system. You have to retire them manually from this folder. The other advantage is that you can keep it all there and let the antivirus go over and over it again - untill it finds all the malware that it didn't know about before. It is not yet totally clear if it can defend against exploits but it surely is a technology that should be integrated with any antivirus or firewall product and in fact with any downloader - which it can indicate to the security tools on the computer as the folder to scan over and over again. So these products are temporary solutions because in the end the sandbox folder will have to be integrated in the OS policies, the browser and any other program that put things on your pc. The most simple way would be that in future you could choose your sandbox folder as default download folder for all downloads.

"it's hard to give a strong recommendation to a product that only works to prevent "silent" drive-by downloads. While this is good, a fully patched system will do the same, albeit without the same level of warnings. These days, a large portion of malware is intentionally downloaded and installed by the end-user because of incredibly realistic social engineering. This is a hard deficiency to overlook.

Second, ForceField is prone to false negatives, detecting many of my very malicious test Web sites as safe or merely suspicious. In my testing of hundreds of malicious links, it became almost surprising to see ForceField call a Web site definitely malicious. These two complaints alone make it hard to bestow a strong recommendation, but ForceField also caused an unintentional DoS problem, which I think reveals a serious design flaw.

Frequent exploit attempts from a single Web site (which is pretty common) caused ForceField to create and re-create numerous processes (Figure 4), leading to 100 percent CPU utilization (Figure 5). Even killing the malicious browser session would not stop the DoS, as ForceField was now out of control.

Lastly, some integrated applications, such as instant messaging, can open additional browser sessions that escape ForceField's protection. And clearing ForceField's virtualized session data often removed browser settings I had hoped to keep.

ForceField does provide additional security value, but is not nearly as strong as some of the competitors. For most users, Prevx is the best choice for Web browser protection. Technical users will find a lot to like in Sandboxie."

source