Microsoft Windows Sandbox Securely Runs Suspicious Apps in Isolation

crazyeyesreaper · Dec 19, 2018

In an always-online world having the ability to test unknown programs or .exe files on PC has required the use of extra software which has always come with issues of its own or the more in-depth use of a virtual machine. In order to eliminate the fear of running unknown programs along with the desire to make testing them easier, Microsoft has announced the development of their Windows Sandbox. This new feature will be coming to Windows 10 Pro and Enterprise next year and as you may have guessed it allows for the creation of a temporary desktop environment. This work environment is made to be secure and disposable meaning you can run an app in the sandbox check for compatibility, possible issues, malware, etc and once done just delete the entire sandbox. Thus keeping your real operating system free and clear of any potentially hidden nasty surprises.

The entire system works by using Microsoft's Hypervisor to create an entirely separate kernel isolated from the host PC. Each time its run it creates a pristine installation of Windows as nothing persists between uses. More importantly, the prerequisites for its use are quite low, with systems currently at the minimum needing Windows 10 Pro or Enterprise Insider build 18305 or later, virtualization capabilities enabled in the BIOS, 4 GB of memory, 1 GB free disk space and 2 CPU cores. Recommended specifications include a CPU with four threads, 8 GB memory, and an SSD, which in this day and age is quite minimal all things considered. While this feature is not likely to be a game changer for the average consumer it should make the lives of IT personnel a bit easier.

View at TechPowerUp Main Site

windwhirl · Dec 19, 2018

YES! I've been hoping for this kind of thing ever since I learned about sandboxes!

And no, I know about other third-party programs that do this, but I wanted something built-in.

FreedomEclipse · Dec 19, 2018

Blueberries · Dec 20, 2018

Long overdue and a good play by Microsoft.

Flyordie · Dec 20, 2018

Blueberries said:
Long overdue and a good play by Microsoft.

They used to have this of a sort...

Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.

Vayra86 · Dec 20, 2018

This is pretty neat.

silentbogo · Dec 20, 2018

This is awesome. Waiting for public release.

Flyordie said:
Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.

That was a VM.
What they do now is an equivalent of Docker containers.

TheGuruStud · Dec 20, 2018

It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.

Still decades behind, dumb dumbs. Maybe next century you can have a grown up OS.

silentbogo · Dec 20, 2018

TheGuruStud said:
It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.

Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.

lemonadesoda · Dec 20, 2018

Glad this is coming. Perhaps it will also allow me to deal with annoying "we own you software", such as:

skype in a sandbox
office in a sandbox
autoupdating W10 in a non-updating W10 sandbox

TheGuruStud · Dec 20, 2018

silentbogo said:
Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.

Anything in windows can access another process's memory willy nilly (the pop ups granting access are just a joke). The only thing stopping that are good security apps. Gee, I wonder why everything is hackable and infectable. Restricted my ass.

Takes a sandbox to achieve security from any rando malware...laughable.

MyTechAddiction · Dec 20, 2018

Finally, something that makes upgrading to win 10 worth it.I'll definitely switch once this becomes available and the bugs have been worked out.

Easo · Dec 20, 2018

This makes me happy as someone working in IT.

Blueberries · Dec 22, 2018

Easo said:
This makes me happy as someone working in IT.

I've done a lot of debugging and reverse engineering of third party software and having a sandbox to work in is invaluable especially when generating security signatures.

XXL_AI · Dec 23, 2018

I've been using VMWare Workstation ever since I had hands on one of the keys. You are a decade too late mikey.

Gorstak · Dec 23, 2018

soo, back to pirated home edition...

Deleted member 24505 · May 6, 2019

Just noticed this on my win 10, it's very interesting.

System Name	Old reliable
Processor	Intel 8700K @ 4.8 GHz
Motherboard	MSI Z370 Gaming Pro Carbon AC
Cooling	Custom Water
Memory	32 GB Crucial Ballistix 3666 MHz
Video Card(s)	MSI RTX 3080 10GB Suprim X
Storage	3x SSDs 2x HDDs
Display(s)	ASUS VG27AQL1A x2 2560x1440 8bit IPS
Case	Thermaltake Core P3 TG
Audio Device(s)	Samson Meteor Mic / Generic 2.1 / KRK KNS 6400 headset
Power Supply	Zalman EBT-1000
Mouse	Mionix NAOS 7000
Keyboard	Mionix

System Name	System V
Processor	AMD Ryzen 7 9700X
Motherboard	ASRock X670E Pro Rs
Cooling	Deepcool AK620 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory	2x16GB Kingston 6400MT CL32
Video Card(s)	Gigabyte AORUS Radeon RX 580 8 GB
Storage	SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s)	LG 22MP55 IPS Display
Case	NZXT Source 210
Audio Device(s)	Logitech G430 Headset
Power Supply	XPG Core Reactor 750 W
Software	Whatever build of Windows 11 is being served in Canary channel at the time.

System Name	WorkInProgress
Processor	AMD 7800X3D
Motherboard	MSI X670E GAMING PLUS
Cooling	Thermalright AM5 Contact Frame + Phantom Spirit 120SE
Memory	2x32GB G.Skill Trident Z5 NEO DDR5 6000 CL32
Video Card(s)	Gainward RTX 4070Ti Phantom Reunion (The54thvoid Edition)
Storage	WD SN770 1TB (Boot)\|1x WD SN850X 8TB (Gaming)\| 2x2TB WD SN770\| 2x2TB+2x4TB Crucial BX500
Display(s)	LG GP850-B
Case	Corsair 760T (White) {1xCorsair ML120 Pro\|5xML140 Pro}
Audio Device(s)	Yamaha RX-V573\|Speakers: JBL Control One\|Auna 300-CN\|Wharfedale Diamond SW150
Power Supply	Seasonic Focus GX-850 80+ GOLD
Mouse	Logitech G502 X
Keyboard	Cherry G80-3000N (TKL)
Software	Windows 11 Home
Benchmark Scores	ლ(ಠ益ಠ)ლ

System Name	Budget AMD System
Processor	Threadripper 2950X Stock, undervolted, 1.235V max
Motherboard	Gigabyte X399 Aorus Gaming 7
Cooling	EKWB X399 Monoblock
Memory	4x8GB GSkill TridentZ RGB 14-14-14-28 CR1 @ 3266
Video Card(s)	XFX Radeon RX Vega₆⁴ Liquid @ 1,800Mhz Core, 1025Mhz HBM2
Storage	1x ADATA SX8200 NVMe, 1x Segate 2.5" FireCuda 2TB SATA, 1x 500GB HGST SATA
Display(s)	Vizio 22" 1080p 60hz TV (Samsung Panel)
Case	Corsair 570X
Audio Device(s)	Onboard
Power Supply	Seasonic X Series 850W KM3
Software	Windows 10 Pro x64

System Name	Tiny the White Yeti
Processor	7800X3D
Motherboard	MSI MAG Mortar b650m wifi
Cooling	CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory	32GB Corsair Vengeance 30CL6000
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Lian Li A3 mATX White
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	Steelseries Aerox 5
Keyboard	Lenovo Thinkpad Trackpoint II
VR HMD	HD 420 - Green Edition ;)
Software	W11 IoT Enterprise LTSC
Benchmark Scores	Over 9000

Microsoft Windows Sandbox Securely Runs Suspicious Apps in Isolation

crazyeyesreaper

Not a Moderator

windwhirl

FreedomEclipse

~Technological Technocrat~

Blueberries

Flyordie

Vayra86

silentbogo

Moderator

TheGuruStud

silentbogo

Moderator

lemonadesoda

TheGuruStud

MyTechAddiction

Easo

Blueberries

XXL_AI

Gorstak

Deleted member 24505

Guest

System Name	WS#1337
Processor	Ryzen 7 5700X3D
Motherboard	ASUS X570-PLUS TUF Gaming
Cooling	Xigmatek Scylla 240mm AIO
Memory	64GB DDR4-3600(4x16)
Video Card(s)	MSI RTX 3070 Gaming X Trio
Storage	ADATA Legend 2TB
Display(s)	Samsung Viewfinity Ultra S6 (34" UW)
Case	ghetto CM Cosmos RC-1000
Audio Device(s)	ALC1220
Power Supply	SeaSonic SSR-550FX (80+ GOLD)
Mouse	Logitech G603
Keyboard	Modecom Volcano Blade (Kailh choc LP)
VR HMD	Google dreamview headset(aka fancy cardboard)
Software	Windows 11, Ubuntu 24.04 LTS

Processor	OCed 5800X3D
Motherboard	Asucks C6H
Cooling	Air
Memory	32GB
Video Card(s)	OCed 9070XT red devil
Storage	NVMees
Display(s)	32" Dull curved 1440
Case	Freebie glass idk
Audio Device(s)	Sennheiser, Custom 5.1
Power Supply	Don't even remember

System Name	ICE-QUAD // ICE-CRUNCH
Processor	Q6600 // 2x Xeon 5472
Memory	2GB DDR // 8GB FB-DIMM
Video Card(s)	HD3850-AGP // FireGL 3400
Display(s)	2 x Samsung 204Ts = 3200x1200
Audio Device(s)	Audigy 2
Software	Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.

System Name	"Big E"
Processor	I5 2400
Motherboard	Intel DQ67OW
Cooling	Scythe Samurai ZZ
Memory	4 X 2 Gb Kingmax 1333
Video Card(s)	MSI RX470 gaming x 4gb
Storage	samsung F3 500 GB
Display(s)	Acer S271HLBbid
Case	"Big E"
Power Supply	Gembird 450 W
Mouse	Generic
Keyboard	Generic
Software	W10 LTSC
Benchmark Scores	Nothing worthy to mention

System Name	Personal \\ Work - HP EliteBook 840 G6
Processor	7700X \\ i7-8565U
Motherboard	Asrock X670E PG Lightning
Cooling	Noctua DH-15
Memory	G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s)	ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage	2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s)	BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case	Fractal Design Define Arc Midi R2 with window
Audio Device(s)	Realtek ALC1150 with Logitech Z533
Power Supply	Corsair AX860i
Mouse	Logitech G502
Keyboard	Corsair K55 RGB PRO
Software	Windows 11 \\ Windows 10

System Name	SloMo
Processor	G4560
Motherboard	MSi H110-PRO-D
Cooling	LC-CC-95 @ Arctic Cooling fan
Memory	2X Crucial DDR4 2400 4GB
Video Card(s)	Integrated HD 610
Storage	WD 500 GB + Seagate 500 GB + Toshiba 3 TB
Display(s)	Lenovo D221
Case	Corsair Carbide 100R
Audio Device(s)	Manhattan Flex BT Headphones, Encore P-801 stereo speakers
Power Supply	Corsair CX450M
Mouse	microsoft office mouse
Keyboard	Modecom mc-800m
Software	Windows 10 Pro x64
Benchmark Scores	gorstak @ hwbot.org