Helping people with computers... one answer at a time.

It's best not to click on spam links. But if you must, there are a few steps above and beyond a sandbox that can add some more protection.

If you truly wanted to check a link contained in a spam email, would accessing your online email account, Gmail, Hotmail, Yahoo, whatever, via a sandboxed browser fully protect you?

In this excerpt from Answercast #40, I look at the protection that a sandbox can give to your machine if you click on a questionable link, but still recommend that you don't.

Sandbox

Fully protect you? I can't really go along with that.

Absolutely, it goes a long way to protecting you:

  • It does a very good job of protecting your system from malicious downloads or drive-by downloads;

  • But without knowing the specific sandbox, it's still accessing something that's running on your machine;

  • And it's very possible that malicious software, running within that sandbox, could still cause problems.

It could infect your network

Perhaps it won't cause problems on your machine, but on your network. Or it might do something else that is going to have some negative side effects.

Like I said, it's good – in fact, it's probably very good – but there is no way that I could say, "fully protected," or give you any kind of a hint that you're really totally safe by doing that.

Don't click on spam links

My biggest recommendation, of course, is don't. Don't try and satisfy your curiosity.

If it's been marked as spam, if it's clearly spam;

  • Then just don't.

  • Do something else. Get on with your life.

If you must, if you absolutely must, the approach I take (because yes, occasionally in what I do, I do need to investigate things like this) – my approach is to:

  • Use what boils down to a throwaway machine.

I end up firing up a virtual machine that I have specifically configured for this. It's actually running Ubuntu Linux, so I've removed the ability for Windows-based malware to do anything to this virtual machine.

I'll fire up a copy of Firefox (probably with no scripts turned on so all the scripting is not going happen automatically), then (and only then) will I actually try and do something with that link.

If that turns out to be malicious, or if some reason, I feel that I can no longer trust that virtual machine that I had everything installed in – I'll delete it. It's like reformatting your machine all over again, but that's the safest way to protect yourself from malware of this sort.

Protection from malicious links

So, in short:

  • I really rather you didn't try.

  • If you must, a sandbox is good, but it's not perfect.

The only way to really get closer to perfect (and even this isn't perfect) is to use something that is:

  • Not connected to your own local network;

  • And is a completely throwaway-able machine.

In most cases (because they're easy to clone, easy to copy), it should be something like a virtual machine-based technology.

Article C5652 - August 2, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Ken B
August 3, 2012 7:58 AM

I've found that, even when running in a VM, the anti-virus program on the host computer typically kicks in and prevents the VM from getting the file(s). Have you ever run into that? Short of turning off the host's AV, is there a way to let the VM get the file(s)?

James
August 3, 2012 8:24 AM

When I first set up a VM, I make a back up copy of it. Then if I infect my VM#1, I just toss it out and boot up the backup VM. Don't forget to make a new copy of your former backup VM as the fall-back fresh clean VM. No need to re-create a VM from scratch each time.

anon e mouse
August 3, 2012 9:41 AM

You might also try copying the link, then pasting it into notepad.

Look at the link and remove any identifying code. or just copy the URL part and paste that into the "go" box on your bowser.

Main thing is remove anything that identifies you in the link.

HA
August 3, 2012 12:12 PM

I use a friend's machine when he's in the bathroom.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.