Tiny Software’s Trojan Trap provides a sandbox for unauthorized software to be executed within - in principle, allowing it only the environment it needs to do the job that it is authorized to do, all other functions being stopped before they can do any damage. In addition to the sandbox, Trojan Trap allows the user to filter outbound email content and inbound HTTP content, and control the browser and cookie caches.

When Trojan Trap is started for the first time, all of the programs on the system, with the exception of a few common files that Trojan Trap recognizes and places in special groups of their own, are put into the unrestricted applications group. This is displayed using the same type of two-window display that Windows Explorer uses: a tree down the left with the files on the right. To move files from the unrestricted applications group into another group, you simply highlight the files in the usual manner, right-click the mouse and select from the drop-down menu which group you wish to move them to. In this way, whole groups of files may be dealt with quickly, although it must be pointed out that the file list is alphabetical without differentiation for directories so all of the Windows files will appear between Windows.exe and Windows.exe in the list. In the case of special programs with peculiar requirements, the user may define groups of their own within which more specific access may be required.

With the programs in their respective groups, each group may be defined in terms of access to: system security - OLE/COM, process spawning, low level access, shutdown, forcing process/thread termination and so on; file security - defining the type of access to whole drives or specific directories if required; and registry security - which is similar in many ways to file security. In order to make the process of defining access to resources easier, Trojan Trap allows resources to inherit permissions from parents and replace permissions on sub-objects, thus speeding up the process and allowing the user to concentrate on the likely areas of concern for programs to access and then be monitored if appropriate.

If all of this sounds a little daunting, there are two helpful options. Easy mode reduces the number of applications groups to just the user groups and pre-configured groups. The latter includes MS DOS applications along with any browsers and Windows mail applications that Trojan Trap recognizes (it missed one mail application that I use), and two types of directories - one that is protected from untrusted applications and the other in which applications from the Internet may be downloaded.

Learn Mode allows specified applications to perform normally so that after the specified time limit their observed behavior is used as a template for that particular application’s permitted requirements. The advantage of learn mode is clear to see regarding the amount of time that it saves configuring the program manually; however, this only monitors the programs you have specified, it does not stop them from destroying your system in the process.

Like similar programs, Trojan Trap offers you the opportunity to empty the browser cache of files except for those from specified URLs. In addition to this, it is possible to go through the remaining cache and, using the file extension filter as an option, eliminate other files or look at their properties. Cookies are configured and edited in a similar way, with URLs specifying which cookies are not deleted.

Although editing or eliminating browser caches and cookies are activities that are normally done after a session has finished, Trojan Trap does have two content filtering features that are of great value as they prevent things from happening: www content filtering and email filtering.

Trojan Trap’s www content filtering allows a list of banned words to be entered, such that if that word is found in the inbound traffic for the browser, that web page is rejected. Unlike many other desktop firewall/sandbox programs, Trojan Trap does not come with a ready-made list of words, so you will have to type them all in, one at a time. The copy of Trojan Trap that was supplied for review would not accept input from the Windows clipboard so making use of an existing list of such words was not an option either.

The email filtering suspends all outbound emails that contain certain words and is, perhaps, more important than filtering inbound HTTP traffic. In a matter of less than a second, it is possible to destroy a
company accidentally by emailing off inappropriate data - such as customer and vendor lists and prices - to a competitor. By looking for banned words from a list - words such as, secret, research, security, viruses and so on - it is possible largely to preclude this sort of disaster. In order to make it possible to communicate this type of information when necessary however, there is also a list of trusted domain names that do allow this.