MacOS – The best way to sandbox programs in OSX


I know that this question have been discussed before on AskDifferent, but none of the threads really satisfied me. For Windows you have a wonderful program called Sandboxie that let you easily set up sandboxes with different rules and privileges. What is the eaisest and most secure way of sandbox really malicious programs?

Best Answer

easiest and most secure way

Please choose A or B, not both.

really malicious programs

Are we talking invasive virus software, like the stuff that came on Sony CDs?

Either a carefully-configured virtual machine, like VMware Fusion, or an isolated physical machine. By "isolated" I mean not used for anything else and not connected to any network. Make a fresh install of the OS, do what you need, but then never use the machine for anything else. I would assume that "really malicious" software would modify the recovery partition, bootloader, and even the firmware.