Windows has always been considered one of the most insecure of operating systems. That has to do with it's popularity but also with the way it handles many of it's programs. One of the most popular ways to hack a Windows machine is through various insecure applications, like Internet Explorer or Microsoft Word. If an attacker can successfully attack one of these programs, they can alter the operating system and get access to the whole computer. The problem is that, even if you know about all of this, it's really hard to protect yourself against these attacks because so many people depend on these programs that it's impractical to stop using them.

After listening to a recent Security Now, I heard about a program for Windows called Sandboxie. Sandboxie is a way to run these vulnerable programs in a protected area, kind of like putting your one year old in one of those large plastic fences in the yard. The program can still function normally, but it won't be able to hurt anything else outside of the "sandbox". So if IE decides that it wants to install some malware on your computer, it will only be installing it inside the sandbox, which disappears after you close IE.

The great thing is, you can have a sandbox for any Windows application you want. You can put them all in the same sandbox or even have a different sandbox for each program so they can't modify each other's data.

Install

If you're running a 64-bit version of XP or Vista, you won't be able to use Sandboxie. It appears that Microsoft has "security" features in place that prevent the use of applications like Sandboxie without giving you any good alternatives. Thanks, Microsoft!

Otherwise, just follow the easy install directions listed on the site.

Using Sandboxie

The key with Sandboxie is that any hard drive access by a program running in Sandboxie is prevented and kept local to the sandbox. So if you download a file from the internet, Sandboxie won't actually write that file to the hard drive but will keep it in the sandbox. This is important for viruses that are trying to sneak through your browser. But how do you let Sandboxie know that you actually do want to save a file to the hard drive.

In order to let certain locations on your hard drive be accessible from Sandboxie, like your downloads folder, you'll need to let Sandboxie know that it's a safe folder. You can do that by adding those folders to the Quick Recovery list. Now, when you download a file to one of these folders, Sandboxie will ask you if you want to "Recover" the file, meaning actually save it to the hard drive.

With Sandboxie, you have full control over what gets stored on the hard drive and that gives you a quick layer of defense in combating worms and viruses through malicious web sites. The only problem I see is that Sandboxie might turn into a headache with all of it's constant dialogs asking you for permission, but it looks like with the right configuration, it should make things a lot safer online. In fact, my wife has been using it for a couple weeks and hasn't had any problems with it so far.

If you decide to use Sandboxie on your computer, be sure to check out the Getting Started instructions after you install it. It runs through a quick list of what you most likely want to do.

I've gone back and forth on whether or not to backup applications. Backing up user preferences for applications is a must, but the value of backing up the actual application files is more up in air.

One of the things that makes this hard to mandate a backup rule about applications is the fact that applications act differently on each platform.

Mac

The Mac might be the one platform where I could see backing up the applications. Most Mac applications are self contained and can be recovered by simply dragging and dropping them back into the Applications directory. The only issue to watch for is an application's size, which could get pricey for remote backups. If that's not a concern I would say, for the Mac, backup your applications.

Windows

Windows applications are different since they install, not just the applications, but a lot of other auxiliary files and registry entries. Running applications without all these other files can have unexpected results. It makes more sense to backup the installer programs and not the installed application.

Remember to also backup the Application Data folder in your user directory. That's where all your preferences are stored for most of your applications.

Linux

Although Linux doesn't have a registry, applications do install a lot of data into various directories in the system. There's /usr, /usr/local, /var and so many others that it's hard to tell if you've gotten everything or if the permissions are right once you've recovered your data.

Luckily with most Linux distributions, all the applications you have installed are in the central repositories and can just be reinstalled with a simple command line call. There's no need to backup most of them when they can all be gotten from a central online location.

I will backup things that I've installed myself, usually under my home directory or in /opt. It's also important to backup application preferences in your home folder. But, you don't need to backup your applications under Linux.

Conclusion

In general, for Mac, go ahead and back them up. For Windows, don't bother, but backup the application installers if you can. For Linux, backup a list of the applications you have installed, then just run your package manager to get them all back out again.

Have any other ideas on how to backup installed applications?

If you have a Windows computer, make sure you have the latest patches installed. There's a nasty botnet worm growing in size from a bug in Windows that was patched in October. If you're not up to date, I'd recommend running the updates as soon as possible.

Like now.