A first look at Windows Sandbox

cool! and long awaited!

 

And again for Pro version users when it is most needed by Home version users who are those most enclined to run shady/malicious stuff...

 

Introducing Windows Sandbox!

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

At Microsoft, we regularly encounter these situations, so we developed Windows Sandbox: an isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all of its files and state are permanently deleted.

https://blogs.windows.com/windowsex...ider-preview-build-18305/#l9ZSEiFFQDCjAgDQ.97

 

Hopefully it will eventually make it's way to a future home version. Your comments are right on the mark.

 

I can't wait for this to come out. It should work really well with Microsoft's unlimited access to the inner workings of the OS.

 

I disagree . It has some pretty hefty hardware requirements and is likely too advanced for the average home user. I won't be able to test this on my laptop or a VM. I'm also not willing to load this build of Windows onto my desktop.

 

This. He wont even understand what it does.

 

I think surely easier than the failed designed Exploit Guard.
A wizard appearing when the user install an app giving him the choice to run the said app sandboxed wouldn't be so hard to follow.
About hardware, i know tons of security uber-noobs with higher spec machines than me

 

I am worried about this:

I sure that means any tweaks you did to the host system to prohibit tracking and telemetry are being ignored, and the thing has network access so it will happily be radioing anything you do AND probably even accumulated information from your host.

 

Of the bat, Windows Sandboxing requires at a minimum HVCI. As many are finding out on 1809 including yours truly, memory protection can no longer be enabled if you have older hardware. Whereas on 1803, memory protection worked for many again including yours truly.

 

Exploit Guard was truly not for noobs. From the directions that I read for enabling and using the sandbox I don't think there will be any wizards.
Most of the noobs I know are running a $400 Dell. This is not going to be for them. Or me either until I buy a new laptop. I guess Sandboxie will have to do. Fortunately I own a lifetime license.

 

Seriously, M$ is a joke. I asked for such a feature way back in 2008 and 10 years later they come with this, and only in the Win Pro version. But it seems it's a bit more robust sandbox when compared to Sandboxie, because apps run in a full virtual container, but this also means it's only meant for testing software, not for exploit protection.

 

If properly configured an SBIE sandbox can totally contain whatever is inside it, even if it's not a "full virtual container" a la virtual machine.

 

The only thing Sandboxie can't contain are kernel exploits. Quite unclear if kernel exploits can be contained by Windows Sandbox.

 

Ahhh...Good to know. Had been wondering about that lately. A well written something or other slipped by my defenses last month. What it did was interesting. Caught the problem and fixed it. It was hiding well in email.

 

I'm not saying that SBIE is not secure, I'm saying that the Windows Sandbox will be even more robust, pure from a technical point of view. But Sandboxie will also easily contain malware.

 

I also see no comparison to this new Windows sandbox feature and Sandboxie. Whereas Sandboxie is designed to run vulnerable existing apps like browsers, e-mail clients, etc., the Windows sandbox is not. Existing published material by Microsoft has noted this new sandbox feature is for app execution testing only with everything being flushed from the sandbox, when the app terminates.

 

I read the article up there and I was under the impression the Windows sandbox would be a competitor to Sandboxie as it stated the need (previously) for users to have to install third party software. The article is actually a little vague. I wonder, would this coincide with Edge's changing over to a Chromium engine? Nevertheless, personally, I stay with Sandboxie, it's just a staple on here and it's already well-established. Whereas, with Windows, who knows what bugs will emerge, like with anything "new."

 

I also suspect that there will be issues with malware behavior detection within the new sandbox feature if you're using any security software other than Windows Defender. To date on Win 10, Microsoft has consistently "hooked" enhanced OS security features to WD use.

 

No it's not, because Sandboxie can be used for both exploit protection and software testing. The Windows Sandbox is mostly useful for running untrusted software, but they will run inside a full virtual machine without any interaction with the real machine. So I do wonder if you will be able to install security software that need to load drivers, that would be cool I guess.

 

Oh, OK, thanks for the explanation, Rasheed187. Good to know for future reference.

 

Now that 1903 includes Windows Sandbox and it has been rolled out the the general public I thought I would give it a shot. I can't do much with it. I cannot install .NET and why I try it claims it is already installed. Therefore nothing I have tried will run in it. I assume this is just a bare minimal sandbox that is pretty much just for web browsing? That's about all I can get out of it.

 

Is it now also available for the Win 10 Home version? And based on what you described, it seems that it's not interacting with the real system at all, which sounds a bit weird. So yes, it's probably meant for browsing the web, but you will lose all browsing settings once you close the sandbox. Doesn't sound like it's ready for prime time.

 

Windows Pro or higher is needed.
Everything is discarded after a sandboxed program has been terminated and this is intended: