Running untrusted third party software

Question

What's the best way to protect system integrity while running possibly malicious third party executables?

I would like to allow a program to be able to store some information for its own use during execution, but disallow access to the network and to devices, and of course to other users' data and the overall system.

A few constraints: 1. This needs to be able to run on Windows. 2. I can't restrict the language (e.g. "just use Java"). 3. It needs to have native, or near-native performance. 4. Ideally it should be able to run in the background as a service.

Can I simply use a restricted-privilege windows user? Would it be safe?

Do I have to use a virtualization environment? Are there any free ones?

Other ideas?

Answer 1

Sandboxie could be a first solution. Very easy.

Setting up a restricted account can work too. But you still have to be aware of some problems depending on what you use.

VM's are also quite rapid nowadays.

Answer 2

Although not a perfect solution for what you are getting to I have a few options that I have used in the past.

1.) Use a virtual environment. I personally prefer VMWare after using it for a whiel ($189) as it works well and just easy to work with. THis at least isolates the application into a test bed that you can use to evaulate it, and see if it does anything bad.

2.) Use a limited account in vista or others, this will at least prevent it from getting access to critical files, however, it isn't foolpoof!

edit

I'll also second the recommendation that if you are really scared, DO NOT put the VM on your network.

Answer 3

A virtual machine using Virtual PC 2007 sounds like a good way to go to me - its been free for a while, and i've used it heavily over the last 4-5 years with no issues

Download here