Windows Sandbox coming to Windows Insiders in Windows 10 build 18305 Insider
Windows Sandbox coming to Windows Insiders in Windows 10 build 18305
Category: Insider
Last Updated: 19 Dec 2018 at 15:45
Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.
How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?
At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.
Windows Sandbox has the following properties:
Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
Disposable – nothing persists on the device; everything is discarded after you close the application
Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
Disposable – nothing persists on the device; everything is discarded after you close the application
Leave it to me to ask the obvious; does this mean that I don't get to keep the resulting data? Is it discarded too?
Secondly, I noticed that Sandbox requires AMD64 architecture. Nothing is mentioned about Intel, so does that mean it doesn't work on Intel's architecture?
Leave it to me to ask the obvious; does this mean that I don't get to keep the resulting data? Is it discarded too?
Secondly, I noticed that Sandbox requires AMD64 architecture. Nothing is mentioned about Intel, so does that mean it doesn't work on Intel's architecture?
I am not an expert but I will try:
For what I read about it , that is! Everything is trash after your are done.
The Sandbox I use I have the choice of keeping all or part of it or even the program installation.
As for AMD64, you just need to have a x64 bit Processor/OS, doesn't matter if it is AMD or Intel.
Leave it to me to ask the obvious; does this mean that I don't get to keep the resulting data? Is it discarded too?
Secondly, I noticed that Sandbox requires AMD64 architecture. Nothing is mentioned about Intel, so does that mean it doesn't work on Intel's architecture?
It's called AMD64 because AMD hold the patents. It doesn't matter who the manufacturer is.
Computer Type: Laptop System Manufacturer/Model Number: HP - Pavilion Notebook 15-cc076sa OS: Windows 10 Home 64bit 21H1 and insider builds CPU: Intel Core i7 7500U @ 2.70GHz Motherboard: HP Memory: 8GB DDR4 Graphics Card: NVIDIA GeForce 940MX (HP) Monitor(s) Displays: Built in Screen Resolution: 1920x1080 Mouse: Logitec M705 Hard Drives: 238GB SAMSUNG MZNLN256HMHQ-000H1 (SSD)
3725GB Western Digital WD Elements 107C USB Device (USB (SATA))
2794GB Western Digital WD Elements 107C USB Device (USB (SATA))
1397GB SAMSUNG HD154UI USB Device (USB (SATA)) Internet Speed: 200 Mb/sec Browser: Chrome,FF,Opera Antivirus: Defender, Malwarebytes
AMD64 reference doesn't mean AMD only -- It's generic x-64 CPU architecture as opposed to those specialized chips like ARM and RISC etc.
In principle I like the idea of "Sandboxing" but can anyone point me to a link that can explain the advantages of a Sandbox over using a Virtual Machine (which I've been using for years) or "Containerisation". It looks like a decent feature but is it a significant improvement over using a Virtual Machine.
The issue I see with a Sandbox is that it's still part of the same OS so if you get any problems on the main OS you are hosed up anyway.
With VM's - especially if you use snapshots it's easy to revert to any part of the process if things go wonky. I know that at least with a sandbox you are on real hardware but for the applications I use a VM is more than good enough on modern hardware.
I'm sure some gurus here can at least point me to some links to further study this. I know often at some client sites when they are using SAP systems they have a Sandbox for testing - but if that's a real machine or a VM I haven't a clue.
In principle I like the idea of "Sandboxing" but can anyone point me to a link that can explain the advantages of a Sandbox over using a Virtual Machine (which I've been using for years) or "Containerisation". It looks like a decent feature but is it a significant improvement over using a Virtual Machine.
Hi Jimbo, I give you a quick comparison based on my experience and what I know. In the comparison, Sandboxie, the sandbox program I have been using for 10 years is the one I ll be comparing to the VM. Like you here, when someone ask me, whats the advantage of using a Sandbox program like Sandboxie over a VM? two words come to mind, "lightweigh and convenient". While Sandboxie gives you pretty much same kind of isolation as the one you get with a VM, with Sandboxie, you dont have to install a second copy of an operating system, and since you dont have to install it, you don't have to maintain it. When you use a VM, you have to maintain your primary system and the VM. With Sandboxie, you use one system and one set of applications/programs. In the VM, as with the second copy of an operating system, you also have to install a different set of programs and maintain it. You dont do this with Sandboxie. For example, you install Firefox once, you install it in the real system and then you run it isolated in the sandbox/disposable space.
Sandboxie works pretty similar to the description of the Windows sandbox, but Sandboxie is designed not only to be very secure but also convenient. So,still using Firefox for this example, when you run Firefox sandboxed, Sandboxie gives you settings to save bookmarks, downloads, etc. And even more, you have settings to open the sandbox as much as you want, to save password, and many of the changes that take place in the sandbox. On the other hand, you also have settings to tighten up the sandbox where nothing gets saved, like in the Windows sandbox. With Sandboxie, is up to the user what gets out of the sandbox. Personally, what I do is strike a balance between usability and security in all my sandboxes. When I create them, I set them up as restricted and secure as possible without losing any usability. And I achieve this. I run all programs and files I run everyday in a sandbox, done automatically. The feel when I run my programs is the same as if I was not using a sandbox. No difference.
Another difference between the VM and sandbox programs is having to commit memory from your primary system to the VM. Two gigs, 4 gigs, go to the VM, this is RAM you cant use in your main system. You commit no RAM with SBIE. Also, in the particular case of Sandboxie, the program uses almost no resources. Another thing, to discard contents of the container, you close the sandboxed application, programs running in the sandbox get terminated and contents get deleted. With the VM, you have to reboot.
Thanks for the reply -- very useful and informative
Can't rep you as this is in a News thread unfortunately.
I'd rather like the idea of using the Linux subsystem in a sandbox -- I managed to actually get it working with a GUI for UBUNTU but that was a while ago. Might give it another go when I can get my hands on this new release.
To get Windows Sandbox working, the user must make sure that Virtualization is enabled in the BIOS and that Windows Sandbox is added in the Control Panel "Programs and Features" as a Windows "Feature". I've done all that and found "Windows Sandbox"...