86 Chapter3·BuildingaSandbox Summary Sandbox technology is used to protect the local system while executing unknown or malicious code. They achieve this protection by either blocking critical operations (e.g., the sandbox provided in Java) or by executing the suspect code in a virtual environment. The virtual environment permits you to instrument and observe malware with impunity to its effects. You can choose to permit or block communi- cations with other computers. You can configure the sandbox to respond as if it has transmitted spam while in reality it has sent nothing. Sandbox technology in a virtual environment is ideal for analyzing unknown or malicious code. Using the sandbox to isolate the real operating system, a sandbox can reveal valuable information about the behavior of malicious or unknown code. It can reveal decompressed and decrypted versions of packaged code, connections attempted, files opened, userids, passwords, and much more. For those occasions when you must perform malware analysis in the field, we have described the process for building a Live DVD with built-in VMware, Windows XP and the CWSandbox. We described an application of sandbox technology as the