Microsoft Unveils Windows Sandbox For Safely Running Untrusted Apps In Quarantined Space

The web is a potentially dangerous place, we've known that for years and are reminded every time a family member brings over a laptop that needs 'fixing' (i.e., clean out the malware). Even savvy users have to be careful, though. To help watch your step, Microsoft is developing an application called Windows Sandbox, which is exactly like it sounds.

Windows Sandbox
Click to Enlarge

To be more clear, Windows Sandbox is a lightweight desktop environment for safely running applications in isolation. In other words, it's a sandbox for Windows, hence the name.

"Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted," Microsoft explains.

The concept of a sandbox is not a new one. Far from it—browsers like Chrome employ a type of sandbox technology to help keep malware at bay, and there are third-party programs out there like Sandboxie and BufferZone. Windows Sandbox is similar to those types of applications.

When it ships, Windows Sandbox will allow users to run potentially dangerous executables and other files in an isolated environment. If a program turns out to be malicious, it will be contained, and not become a permanent fixture of your PC—there won't be a need to manually remove any traces of the foul program, or even worse, having to resort to reinstalling Windows.

Windows Sandbox is designed to load fast, too.

"Windows Sandbox uses Microsoft’s hypervisor. We're essentially running another copy of Windows which needs to be booted and this can take some time. So rather than paying the full cost of booting the sandbox operating system every time we start Windows Sandbox, we use two other technologies; 'snapshot' and 'clone'," Microsoft explains.

"Snapshot allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in the memory rather than booting it, when we need a new instance of Windows Sandbox. This significantly improves the start time of Windows Sandbox," Microsoft says.

Windows Sandbox is not yet available to the public at large. When it does ship, it will be available to Windows 10 Pro and Enterprise customers
Show comments blog comments powered by Disqus