Here we can see, “Windows 10’s New Sandbox Feature is Everything We’ve Always Wanted”
Whether it’s a program, you found on the web or something that came in your email, running executable files has always been risky. Testing software in clean systems requires virtual machine (VM) software and a separate Windows license to run inside the VM. Microsoft is close to solving that problem with Windows Sandbox.
VMs: Great for Safe Testing, But Hard to Use
We’ve all received an email that appears to be from a lover or a loved one and has an attachment. Maybe we were even expecting it, but somehow it’s almost right. Or perhaps you’ve found an excellent-looking app on the web, but it’s from a developer you’ve never heard of.
What does one do? Download and run it and take the risk? With things like ransomware running rampant, it’s almost impossible to be too cautious.
In software development, sometimes the thing a developer needs the foremost may be a clean system—a quick and straightforward to tug up OS that has no other installed programs, files, scripts, or other baggage. Anything extra could skew testing results.
The best solution to both situations is to spin up a Virtual Machine. This provides you a clean, isolated OS. If that attachment seems to be malware, then the sole thing it affects is the virtual machine. Restore it to an earlier snapshot, and you’re good to travel. If you’re a developer, you’ll do your testing as if you’d just found out a fresh machine.
There are some problems with VM software, though.
First, they are often expensive. Albeit you employ a free alternative like VirtualBox, you continue to need a legitimate Windows license to run on the virtualized OS. And sure, you’ll escape with not activating Windows 10, but that limits what you’ll test.
Second, running a VM at decent performance levels requires reasonably powerful hardware and much space for storing. If you create use of snapshots, you’ll quickly refill a smaller SSD. If you employ an outsized HDD, then performance is often slow. You almost certainly don’t want to use these power-hungry resources on a laptop.
And finally, VMs are complicated. Not exactly something you would like to line up to check out a questionable executable file.
Fortunately, Microsoft has announced a replacement solution that solves all of those problems directly.
In a post on Microsoft’s Tech Community blog, Hari Pulapaka details the new Windows Sandbox. Previously mentioned as InPrivate Desktop, this feature creates an “isolated, temporary, desktop environment” that you can run software on without worrying about harming your machine.
Much like a typical VM, any software you put in within the Sandbox stays isolated and can’t affect the host machine. Once you close the Sandbox, any programs you installed, files you added, and settings changes you made are deleted. The subsequent time you run Sandbox, it’s back to a fresh start. Microsoft is using hardware-based virtualization through the hypervisor to run a separate kernel to isolate Sandbox from the host.
This means you’ll safely download an executable file from a risky source and install it in Sandbox without risk to your host system. Otherwise, you could quickly test out a development scenario during a fresh copy of Windows.
Impressively, the wants are fairly low:
- Windows 10 Pro or Enterprise build 18301 or later (currently not available but should soon be released as an Insider Preview build)
- x64 architecture
- Virtualization capabilities enabled in BIOS
- At least 4GB of RAM (8GB recommended)
- At least 1 GB of free disc space (SSD recommended)
- At least 2 CPU cores (4 cores with hyperthreading recommended)
One of the higher parts of Sandbox is that you won’t get to download or create a virtual hard disc (VHD). Instead, Windows dynamically generates a clean snapshot OS supported by the Host OS on your machine. The process links to files that don’t change on the system and refers to common files that do change.
This makes for an incredibly light image—just 100 MB. If you don’t use the Sandbox, the image gets compressed to a small 25 MB., and since it’s essentially a replica of your OS, you don’t need a separate license key. If you’ve got Windows 10 Pro or Windows 10 Enterprise, you’ve got everything you would like to run Sandbox.
For safety and security, Microsoft makes use of the container concept it’s introduced previously. The Sandbox OS is isolated from the host, allowing what’s ostensibly a VM to run like an app.
Despite those degrees of separation, the host machine and Sandbox work together. As needed, the host will reclaim memory from the Sandbox to stay your machine from slowing down. And therefore, the Sandbox is conscious of your host machine’s battery levels so that it can optimize power consumption. It’s feasible to run the Sandbox on a laptop on the go.
All of this, and other enhancements, bring a particularly safe, fast, and cheap virtual system. It provides a quick and safe VM-like solution with far less overhead than a standard solution. You’ll quickly call up, test, and destroy snapshots—then repeat as necessary. Like all things intensive, better hardware will make this run even more smoothly. But as shown above, even less powerful hardware should be ready to run the Sandbox.
The one downside is that not all machines accompany Windows 10 Pro or Enterprise. If you’re using Windows 10 Home, you won’t be ready to use Sandbox.
How Do I Get it?
Update: Microsoft just released Windows 10 build 18305 to Insiders on the Fast Ring, which suggests if you’re willing to measure on the sting, you’ll update to the newest preview build now by joining the Insiders program and updating. We don’t recommend doing this on your primary PC, though.
Unfortunately, you can’t get Windows Sandbox quite yet. It requires Windows 10 build 18301 or higher, which Microsoft hasn’t released yet. But once that version is out there, it’s an easy affair. You’ll want to form sure that your BIOS has virtualization capabilities enabled. Then you’ll just get to turn Windows Sandbox on within the Windows Features dialog.
Once the Windows Sandbox is installed, launching is almost equivalent to the other app or program. Just find it within the Start menu, run it, and accept the UAC prompt giving it administrative privileges. You’ll then be ready to drag and drop files and programs into the Sandbox to check as you would like. Just close the program when you’re done, and Sandbox discards all the changes you’ve made.
Adapting Windows Sandbox for everyday use
What you’ll quickly realize, however, is that Sandbox is quite just a testbed for apps you’re unsure about. It’s also a bonus layer of security when you’re poking about the online. We liked Windows 10’s hidden secure browser, Windows Device Application Guard, but it allowed you to download files only to its secure environment. With Sandbox, you’ll copy files between Sandbox to your PC.
Both Microsoft Edge and Google Chrome include their sandboxing elements to guard your PC. But if you don’t trust a specific site, you’ll always open Edge within your Sandbox (creating a kind of “sandbox within a Sandbox”) and open that untrusted site. Are you a touch skeptical that Chrome’s Incognito mode doesn’t track your browsing? Download Chrome within Sandbox, surf away without logging into your Google account, then destroy your whole session by closing Sandbox.
Windows Sandbox doesn’t anonymize your viewing—your Internet provider will still theoretically have a record of what sites you’ve visited, unless you furthermore may use a VPN—but once you destroy the Sandbox, that browsing record disappears. And if you download something you’re unsure about, you’ll always test it within Sandbox to assist in determining whether it’s malicious.
Oddly, Windows Defender doesn’t seem to figure within Sandbox, but I downloaded a free third-party antivirus from BitDefender and was ready to check individual files for malware.
As we noted above, Sandbox demands a price in terms of performance. Running on a first-gen Surface Laptop (with a Core i5-7200U Kaby Lake chip powering it), just three media-rich Edge tabs within Sandbox gobbled up enough resources to stay the entire CPU utilization well above 90 percent. I occasionally saw a touch of stuttering when moving down a webpage. Windows Sandbox ran far more smoothly with a more robust Surface Pro (2017) and a couple of code revisions later.
Don’t think that you’ll be playing games within Sandbox. But opening an email via Outlook.com? Sure. Downloading what I assumed was a Linux distribution over uTorrent? That worked just fine. (Trying to mount the ISO file within Sandbox, though, did not.)
How far you incorporate Sandbox into your lifestyle is up to you. We’ve already seen Sandbox videos demonstrating the consequences of computer viruses—because when they’ve finished wreaking havoc on the Sandbox virtual machine, the Sandbox is often pack up. (We still wouldn’t recommend this with known dangers, as we can’t say surely that malware won’t be ready to escape the Sandbox virtual machine.) Nevertheless, Sandbox offers the potential for far more than app trials.
Note that there are other third-party sandbox applications that you can still try: Sandboxie (both free and paid versions); BitBox, designed specifically for browsing; ShadeSandbox, and more. All of them have their pros and cons. What Windows Sandbox offers, though, is that the convenience of a free, secure sandboxing solution built right into Windows.
I hope you found this guide useful. If you’ve got any questions or comments, don’t hesitate to use the shape below.
- Does Windows sandbox save?
When you launch the sandbox environment, it’ll automatically execute and run the program at startup whenever. 2. Save it. Once this is often complete, Windows Sandbox will run the command that you specified after the session has been created.
- Is Windows sandbox a VM?
In short, Windows Sandbox is the half app, half virtual machine. It allows you to quickly spin up a virtual clean OS imaged from your system’s current state so that you’ll test programs or files during a secure environment that’s isolated from your main system. Once you close the Sandbox, it destroys that state.
- Can malware escape windows Sandbox?
Windows Sandbox may be a new lightweight desktop environment tailored for safely running applications in isolation. The environment must be in pristine condition at every launch. Changes got to be discarded after analysis has been completed. The malware must not be ready to escape the analysis environment.
- YSK that there’s a version of Windows 10 that comes with no ads, bloatware, and spyware. It’s called Windows 10 LTSC.
- The major features of Windows 10 version 1903 – gHacks Tech News