In association with heise online

22 September 2006, 11:29

Sandbox inspects suspicious programs

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

CWSandbox was created as part of a diploma project at the Laboratory for Dependable Distributed Systems at the University of Mannheim. It serves to inspect suspicious programs. Public access is now being provided whereby potential malware can be passed through the scanner. It launches the test subjects in an isolated virtual machine (VMWare) and registers all relevant activity.

The result of the analysis is provided in forms such as a list of the newly created files and registry entries, as well as any processes that were launched. The latter are also analysed (see sample report). CWSandbox particularly notes any network activity. CWSandbox has already been used for some time now in relation to the MWCollect project, which automatically collects malware through distributed honey pots.

The web interface is currently in a public beta test. It can be visited at, but is not yet designed to sure-footedly handle large loads and is hence not directly linked. Antivirus maker Norman has been running a similar sandbox for some time now, although that involves no more than a simplified dummy API with only selected analysis of information.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit