Microsoft is introducing a new Windows 10 feature that could make it a little safer to run random programs you download from the internet. It’s called Windows Sandbox, and basically a virtual machine that lets you run applications without worrying that they’ll make changes to your core operating system files.

It’s expected to be included in the next major release of Windows 10, coming in the first half of 2019. But it won’t be available to everyone — Microsoft is only promising that Windows Sandbox will work with Windows 10 Pro and Windows 10 Enterprise. Windows 10 Home users may be out of luck.

Update: Windows Sandbox is included in Windows Insider Preview Build 18305, which is rolling out starting today.

Windows Sandbox

Theoretically you could already set up a Windows virtual machine on your computer in order to run software in a safe, sandboxed environment. But it requires jumping through some hoops and maybe even paying for an extra Windows license.

Incorporating a sandbox at the operating system level streamlines the process and makes it easier to create a clean environment every time you run it. In fact, that’s one of the key features — every time you run Windows Sandbox it’ll be like you’re running a brand new Windows installation, an every time you end the session it’ll be like it never happened — no data will be saved and no files or settings will be changed on your computer.

That means that you probably wouldn’t want to use Windows Sandbox for software you use on a regular basis because it won’t save your application’s preferences, history, or other important data. But it provides a safe way to test a new application before deciding whether to install it for real. I suppose it could also be a sort of supercharged incognito/private mode for web browsing or other activities where you’d rather not save your history and preferences between sessions.

Windows Sandbox

Microsoft says Windows Sandbox is streamlined so that it doesn’t require a ton of system resources. It also uses the copy of Windows 10 already installed on your computer as its source for the virtual machine, so there’s no need to download or install a new disc image.

But there are some minimum requirements your computer will need to meet:

  • Windows 10 Pro or Enterprise build 18305 or later
  • AMD64 architecture (I know the name’s confusing, but that includes 64-bit Intel chips).
  • Virtualization support enabled in the BIOS
  • 4GB of RAM required (8GB recommended)
  • 1GB or free disk space or more (SSD recommended)
  • At least 2 CPU cores (4 cores recommended)

The virtual machine makes use of hardware-accelerated graphics, recognizes a computer’s battery state for power consumption optimization, and it’s optimized to share system memory with the host operating system.

You can read more about Windows Sandbox in a post on Microsoft’s Tech Community website.

via ZDNet

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

3 replies on “Windows Sandbox will make running untrusted apps safer”

  1. Wish you could run as many sandboxes as you wanted with as much permanence as you want. I prefer to do most web browsing in a sandbox, not for privacy, but for another barrier against malvertising and other cross-site injection vulnerabilities. Used to be if you just browsed mainstream sites, there was some safety, but in the world of cross site injection where dozens of domains get injected to each site, only one weak link need be compromised for hundreds of millions of web users around the world to susceptible to attack, and sites like the NYTs and BBC have delivered malware via ads to their customers. Stunned there hasn’t been a class action suit against major publishers and ad networks/trackers etc.

    Irony of ironies, the easiest to secure era of web browsing may well end up being the era of the much maligned flash. For 99.9% security you could easily flashblock and not even really lose access to any content or break anything. Want to watch hulu? Selectively enable the main viewing element with one click. Now scripting is so pervasive in every element, any effort to block anything breaks lots of things if not everything. Blocking via adblocker antimalware blacklists is cat and mouse where bad guys attack from different ips as each gets blacklisted. Hospitals are getting their medical records taken for ransom, police stations are affected, and probably a LOT more companies than admit to it are getting taken to the cleaners despite more spending on security infrastructure and training than ever.

    Every time some smug blog posts a celebration of the end of flash I want to punch them. Not because flash was good, but because it was so containable. The world after flash is like opening pandora’s box. Utter chaos, no accountability, and AFAIC, the only way to protect oneself is more aggressive sandboxing. I hope this feature matures in time.

  2. This is a good move from MS. I always go with windows pro, but in the lower power devices like celerons and pentiums, it is a pain to run a virtual machine as the whole system almost completely freezes. A sandbox will be a lot lighter on the resources.

Comments are closed.