Microsoft is introducing a new feature called Windows Sandbox that will allow you to safely run executables in a throw-away virtualized sandbox without fear of your regular Windows install becoming infected.
Let's face it, the Internet is a scary place and we know that malicious actors commonly release programs or compromise existing ones to perform malicious behavior when the program is installed. This causes downloading and installing that latest game mod or utility a risky process in many cases.
Earlier this year, we broke the story that Microsoft was releasing a new feature called inPrivate Desktop for its enterprise users. Microsoft has now rebranded this feature as Windows Sandbox and made it available to Windows 10 Pro users as well. This feature will be available starting in the upcoming Windows 10 Pro and Enterprise Insider build 18305.
When using Windows Sandbox, the operating system will launch a virtual machine that runs a copy of Windows built from your installed Windows operating system. Anything running in this sandboxed desktop environment is isolated from your normal Windows 10 operating system and cannot affect it.
Windows SandboxRunning a file in the sandbox is easy. You would simply launch Windows Sandbox and when the desktop appears, copy the file you wish to test to the Sandbox desktop. You can then execute it. When done, simply close the Sandbox
As the Sandbox is a full-featured version of Windows, it's first run will boot Windows as normal. As booting Windows can be slow for each time you wish to use this feature, Windows Sandbox will create a snapshot of the virtual machine's state after its first boot. This snapshot will then be used for all subsequent launches in order to avoid the boot process and substantially decrease the time it takes for the Sandbox to become available.
It is not known if your installed applications on the host OS will also be available in the Windows Sandbox. If not, then you won't be able to use the sandbox to test files such as attachments you receive via email or applications that require other applications to be installed, such as game mods.
When Windows insider build 18305 becomes available, we will put the Windows Sandbox feature through the ringer and let you know how it works in more detail.
BleepingComputer has reached out to Microsoft with numerous questions regarding whether installed apps will be included in the sandbox, but had not heard back at the time of this article.
Windows Sandbox OS Image built from installed OSAs Windows Sandbox is ultimately a virtual machine, it needs an image to boot.
This base image is created by including actual "clean" copies of required files that could be changed by malicious actors or other tools and links to files on the host operating system that cannot be changed. As the majority of the image consists of links, which are very small in size, it allowed Microsoft to create a very small base image that is 25MB when compressed and 100MB when being used.
Base Image Creation click to enlargeBy using mostly links to existing unchangeable files on the host it also allows future Windows updates to automatically upgrade the base image used by Windows Sandbox.
How to install and run Windows SandboxWhen Windows 10 Pro and Enterprise insider build 18305 is released you will be able to install Windows Sandbox through the Windows Features screen. In order to use this feature, your system must support the following requirements:
• Windows 10 Pro or Enterprise build 18305 or later
• AMD64 architecture
• Virtualization capabilities enabled in BIOS
• At least 4GB of RAM (8GB recommended)
• At least 1 GB of free disk space (SSD recommended)
• At least 2 CPU cores (4 cores with hyperthreading recommended)
To install Windows Sandbox, please follow these steps:
1. Make sure you are using Windows 10 Pro or Enterprise build 18305 or later.
2. Make sure
virtualization is enabled in the computer's BIOS. If you are using a
virtual machine, make sure virtualization is enabled in the guest's settings.
3. Click the Start button and search for
Windows Features. When it appears,
click on the T
urn Windows features on or off control panel result.
4. When the Windows Features control panel opens, scroll download and put a check
next to
Windows Sandbox and then press the
OK button.
Add Windows Sandbox Feature 5. After it has finished installing, click on the Start button and search for
Windows
Sandbox and click on it when it appears.
6. When Windows Sandbox has finished loading and you see the desktop, simply
copy an executable from the host operating system and paste it onto the desktop
of Windows Sandbox.
7. You can then run the program in Windows Sandbox without fear of it affecting
your normal Windows install.
8. When done, simply close the Sandbox.
source
