Wednesday, December 19th 2018

Microsoft Windows Sandbox Securely Runs Suspicious Apps in Isolation

In an always-online world having the ability to test unknown programs or .exe files on PC has required the use of extra software which has always come with issues of its own or the more in-depth use of a virtual machine. In order to eliminate the fear of running unknown programs along with the desire to make testing them easier, Microsoft has announced the development of their Windows Sandbox. This new feature will be coming to Windows 10 Pro and Enterprise next year and as you may have guessed it allows for the creation of a temporary desktop environment. This work environment is made to be secure and disposable meaning you can run an app in the sandbox check for compatibility, possible issues, malware, etc and once done just delete the entire sandbox. Thus keeping your real operating system free and clear of any potentially hidden nasty surprises.

The entire system works by using Microsoft's Hypervisor to create an entirely separate kernel isolated from the host PC. Each time its run it creates a pristine installation of Windows as nothing persists between uses. More importantly, the prerequisites for its use are quite low, with systems currently at the minimum needing Windows 10 Pro or Enterprise Insider build 18305 or later, virtualization capabilities enabled in the BIOS, 4 GB of memory, 1 GB free disk space and 2 CPU cores. Recommended specifications include a CPU with four threads, 8 GB memory, and an SSD, which in this day and age is quite minimal all things considered. While this feature is not likely to be a game changer for the average consumer it should make the lives of IT personnel a bit easier.
Source: Microsoft Blog
Add your own comment

15 Comments on Microsoft Windows Sandbox Securely Runs Suspicious Apps in Isolation

#1
windwhirl
YES! I've been hoping for this kind of thing ever since I learned about sandboxes!

And no, I know about other third-party programs that do this, but I wanted something built-in.
Posted on Reply
#2
FreedomEclipse
~Technological Technocrat~
<div class="youtube-embed" data-id="LtKe1ZnyRK8"><img src="https://i.ytimg.com/vi/LtKe1ZnyRK8/hqdefault.jpg" /><div class="youtube-play"></div><a href="https://www.youtube.com/watch?v=LtKe1ZnyRK8" target="_blank" class="youtube-title"></a></div>
Posted on Reply
#3
Blueberries
Long overdue and a good play by Microsoft.
Posted on Reply
#4
Flyordie
Blueberries said:
Long overdue and a good play by Microsoft.
They used to have this of a sort...

Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.
Posted on Reply
#6
silentbogo
This is awesome. Waiting for public release.

Flyordie said:
Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.
That was a VM.
What they do now is an equivalent of Docker containers.
Posted on Reply
#7
TheGuruStud
It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.

Still decades behind, dumb dumbs. Maybe next century you can have a grown up OS.
Posted on Reply
#8
silentbogo
TheGuruStud said:
It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.
Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.
Posted on Reply
#9
lemonadesoda
Glad this is coming. Perhaps it will also allow me to deal with annoying "we own you software", such as:

skype in a sandbox
office in a sandbox
autoupdating W10 in a non-updating W10 sandbox

;)
Posted on Reply
#10
TheGuruStud
silentbogo said:
Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.
Anything in windows can access another process's memory willy nilly (the pop ups granting access are just a joke). The only thing stopping that are good security apps. Gee, I wonder why everything is hackable and infectable. Restricted my ass.

Takes a sandbox to achieve security from any rando malware...laughable.
Posted on Reply
#11
MyTechAddiction
Finally, something that makes upgrading to win 10 worth it.I'll definitely switch once this becomes available and the bugs have been worked out.
Posted on Reply
#12
Easo
This makes me happy as someone working in IT.
Posted on Reply
#13
Blueberries
Easo said:
This makes me happy as someone working in IT.
I've done a lot of debugging and reverse engineering of third party software and having a sandbox to work in is invaluable especially when generating security signatures.
Posted on Reply
#14
XXL_AI
I've been using VMWare Workstation ever since I had hands on one of the keys. You are a decade too late mikey.
Posted on Reply
#15
Gorstak
soo, back to pirated home edition...
Posted on Reply
Add your own comment