onepk, please let me know what's your exact OS and web browser
1) are there any downsides to always running your browser Sandboxed? Well, yes if you want to download and save files...any others I haven't discovered yet?
I imagine that avast sandbox should be mainly used for web browsers and therefore any compatibility issues should be fixed asap. If you find something strange/missing feature, please let me know. Web browsers's downloads should be automatically detected by avast sandbox and excluded from the sandboxing - they should be stored directly on disk (see "Automatically detect safe locations..." checkbox in the settings). Two days ago, I found out there was a problem with detection of the default download location in Firefox browser (only on XP systems). It's still under investigation, because I haven't find a solution for this yet.. So, everything what's downloaded in web browsers or over SaveAs dialog, this operation is detected and considered as trusted operation.
2) Is there a way of extracting downloaded files (eg "safe" email attachments) from the SB and saving them - or would that be silly and against the SB philosophy?
not at all, but there's no UI for that in the current avast version.. it wasn't time to do that yet, but i'll implement it probably in v6.0 (because v5.1 is already knocking on the door). It will be called something like sandboxes manager to support multiple sandbox containers, web browsers, secure desktop, etc. You'll be able to extract files/registry outside the sandboxes or copy something inside.
3) Some programs (eg Skype - previous topic) are not Sandboxable. Is there a way to press for this to change?
Oh, I haven't read that topic yet, thanks for info. I'll add support for these apps - the problem is, that skype shortcut doesn't use direct filename path, so sandbox wasn't able to determine which EXE belongs to this shortcut. That's the reason why sandbox actions were not shown in the right-click menu. I think even "avast scan" action was missing. In past I added support for IE - and I know also MS Office/Safari shortcuts are not resolved yet.
4) Are there any other major programs that are currently not amenable?
e.g. some installers, because they're little hard to virtualize... usually you won't be able to run them properly, that's because they use lot of complex system APIs to register themselves to the system (COM interface, SCM, ...). This is on my to-do list to improve this situation.
5) The AIS help file says the SB is a "completely safe environment" in which to browse and run files. "Completely" - really? Does that mean I can relax and sleep at night?!
In recent times I tested a lot of viruses/malware/web attacks in sandbox environment and nothing leaked from the sandbox. I know there are some weak parts, which are not fully virtualized yet (e.g. SCM, COM, RPC interfaces, OB), but it's really improved with each build. These interfaces aren't easy to abuse, but they mainly improve software compatibility (e.g. with the mentioned installers). All sandboxed programs are also automatically run with the lower access rights. Last fixed leak was caused by improper virtualization of Print Server in Windows.
This would likely replace the sandbox
@Gargamel360: no, secure desktop will only extend avast sandbox functionality; it won't replace the current sandbox modes
