How do we sandbox proprietary software?

What is a basic but secure way to sandbox a closed-source program we’re running on Linux (Ubuntu, in my case) or otherwise make sure that it is not accessing the internet or sending any data out?


If any app is really untrusted and you just want to be sure its not going to affect anything, you should set up a separate box to test it with. Best case would be another physical machine or if you only have one computer set up a testing box virtually using virtual machine software.

Furthermore, you might not want that box to be in the same network as your important stuff, so in all solutions you’d set up a separate user with no rights, so that it is very limited on what it can do.

  • So the safest option would be a separate box removed physically from your network.
  • You could give in a bit by adding it to the physical network, but on a different subnet: no ‘real’ connection inside
  • A virtual machine is also an option, but might have to give up some performance

Hope this helps

Thanks, mva. Is a virtual machine the same as sandboxing? Where can I learn how to set up a virtual machine?

This software I’m looking into (Everdo) syncs with my phone through the local network, but says it does not go online to the web with any data. If I set up a separate subnet for it to use, I could then direct my phone to sync across that subnet with it while the phone uses my internet connection for getting on the web, correct? Where can I learn how to set up a isolated subnet for this app to use?