Can someone explain Sandboxie/Virtualization in depth?

1)You aren't denying all access, depending on the settings, but most of what is written stays in the sandbox. Take for example Ransonware. It opens all data files, encrypts them and rewrites them. Then they demand money for the key. With Sandboxie the files are still written, but they are written in the sandbox, and don't overwrite your original data. The software doing this doesn't know the difference.

Same way you download a file to your desktop, but then if you look on your desktop it isn't there. it is still in the sandbox and stays there until you either remove it or delete it.

2 The limit you speak of is the maximum size of a file that can be copied into the sandbox. The default is 49mb, which is adequate for most tasks. I just installed Microsoft Mappoint and use it in conjunction with Outlook which I run sandboxed. So if I call Mappoint, it's data file has to be copied into the sandbox and it's around 420 MB. So I simply changed the setting.

The only difference in I/O is the copy of the file. Once in the sandbox it's just accessed the same way it is outside of the sandbox.

Hope this helps.

Pete