... But I do use Sandboxie and not an AV, so my system is not vulnerable to (present or future) viruses that might exploit potential remaining bugs.
Does Sandboxie impact performance at all (how about system startup, program loading, etc)? Is there a free implementation?
Sandboxie does not impact performance and uses very few resources. Your system will most likely run FASTER with SBIE b/c you can dump any real-time AV, and the AV is what slows boot and system performance.
SBIE is free to use but not all extended features are enabled without a license, however they are more features of convenience. For example, with the free version you can right-click on any .exe (program) and run it in the sandbox. But the paid version allows you to set certain programs to always run in the sandbox, automatically. It also allows you to permanently set ports like the USBs to run inside the sandbox. Which can be handy for family computers with kids that have lots of exposure to unknowns. So the paid features aren't really vital for most, but some might find them handy.
When you install SBIE it makes a new shortcut on your desktop to start your browser, which runs the browser inside the sandbox. (After 30 days you will get a 30-sec nag at the start of each new browser session to get a lic.)
You can config SBIE to delete the sandbox at the end of each session, or make it persist between sessions. Some people choose to have the sandbox persist if they want to actually install a program inside the sandbox and use the program from there. (For readers who don't know, a sandbox is a recreation of system folders and files so programs running inside the sandbox 'think' they are running on the system, but they aren't. They are running in a self-contained environment, safely separate from the actual system.)
You can still run your browser outside the sandbox by using the normal shortcut, but you shouldn't unless you are installing browser add-ons, or doing some other update to the browser itself. If you update the browser inside the sandbox the update won't be saved [assuming the sb is config'd to be deleted at the end of each session]. But you can config certain functions within the browser to ALWAYS operate outside the sandbox, such as bookmarks, history, and tab sessions. That way those stick between sessions and don't pose a threat, so it's just more convenient.
With SBIE the only time you really need an AV is to manually scan a file on-demand. For example if you want to download a freeware program, SBIE will offer you the choice to "recover" it from the sandbox once the download has completed. SBIE does not scan files to see if they are safe, so it is up to the user to be diligent about what you transfer from the sandbox to the computer. Once saved to the desktop, you can scan the file with an on-demand scanner before using it, if you aren't sure of its authenticity.
If you like SBIE, the best thing about considering a lic is it's a
lifetime license and only costs $15, IIRC; removes the 30-sec nag, and enables some extra features.
FTR I am completely unaffiliated with Sandboxie. Just a really happy user. It is SO nice to not have a real-time AV running, and to know I am 100% safe from Internet threats, unlike when I was using an AV. On top of that, the machine is much faster. But it's an older laptop now. For ppl running super-fast state-of-the-art hardware, they might not feel the impact of their real-time AV anyway.
