Whether it’s a program you found online or something that came in your email, running executables has always been risky. Testing software on clean systems requires virtual machine (VM) software and a separate Windows license to run inside the virtual machine. Microsoft is going to solve this problem with Windows Sandbox.
VM: great for secure testing, but hard to use
We’ve all received an email from a friend or family member with an attachment. Maybe we even expected it, but somehow it doesn’t look quite right. Or maybe you found a great app online, but it’s from a developer you’ve never heard of.
What are you doing? Download and run it and just take a chance? With things like ransomware running rampant, it’s almost impossible to be too careful.
In software development, sometimes what a developer needs most is a clean system—a fast, easy-to-use operating system that doesn’t have any other programs, files, scripts, or other baggage installed. Anything extra can distort the test results.
The best solution to both situations is to spin up a virtual machine. This gives you a clean, isolated OS. If this attachment turns out to be malicious, then the only thing it affects is the virtual machine. Restore it to an earlier snapshot and you’re done. If you are a developer, you can test as if you were just setting up a new computer.
RELATED:Beginner Geek: How to Create and Use Virtual Machines
However, there are some issues with the VM software.
First, it can be expensive. Even if you use a free alternative like VirtualBox, you still need a valid Windows license to run on a virtualized OS. And, of course, you can avoid Windows 10 activation, but this limits testing.
Secondly, to run a virtual machine at a decent level of performance, you need sufficiently powerful hardware and a lot of storage space. If you’re using snapshots, you can quickly fill up a smaller SSD. If you are using a large hard drive, performance may be slow. You probably don’t want to use these energy intensive resources on a laptop.
And finally, virtual machines are complex. Not exactly what you want to set up, just to test a dubious executable.
Luckily, Microsoft has announced a new solution that solves all of these problems at the same time.
Sandbox for Windows
Hari Pulapaka writes about the new Windows Sandbox in his Microsoft Tech Community Blog. Formerly called InPrivate Desktop, this feature creates an «isolated temporary desktop environment» where you can run software without fear of harming your machine.
Like a standard virtual machine, any software you install in a sandbox remains isolated and cannot affect the host machine. When you close the Sandbox, all programs you have installed, files you have added, and settings changes you have made are removed. The next time you run Sandbox, it will revert to a clean list. Microsoft uses hardware virtualization through the hypervisor to run a separate kernel to isolate Sandbox from the host.
This means that you can safely download an executable from a dangerous source and install it in Sandbox without risk to your host system. Or you can quickly test your development scenario on a new copy of Windows.
Impressive, the requirements are quite low:
Windows 10 Pro or Enterprise Build 18301 or later (Currently not available, but should be released as an Insider Preview build soon)
x64 architecture
Virtualization features enabled in BIOS
At least 4 GB of RAM (8 GB recommended)
At least 1 GB of free disk space (SSD recommended)
At least 2 CPU cores (4 hyper-threaded cores recommended)
One of the best things about Sandbox is that you don’t have to download or create a virtual hard disk (VHD). Instead, Windows dynamically generates a clean OS snapshot based on the host OS on your computer. In doing so, it refers to files that do not change in the system, and refers to shared files that do.
This makes the image incredibly light — only 100 MB. If you’re not using a sandbox, the image is compressed to a tiny 25MB. And since it’s essentially a copy of your OS, you don’t need a separate license key. If you have Windows 10 Pro or Windows 10 Enterprise, you have everything you need to run Sandbox.
For security, Microsoft is using the container concept it introduced earlier. The Sandbox OS is isolated from the host, allowing the virtual machine to run like an application.
Despite these degrees of separation, the host machine and the sandbox work together. If necessary, the host will reclaim memory from the sandbox to prevent the computer from slowing down. And the sandbox is aware of your host computer’s battery levels to optimize power consumption. You can run the Sandbox on your laptop on the go.
All this and other improvements make for an extremely secure, fast and inexpensive virtual system. It provides a fast and secure VM-like solution with much less overhead than a traditional solution. You can quickly recall, test, and destroy snapshots—then repeat as needed. As in all other cases, the best equipment will make the job even smoother. But as shown above, even less powerful hardware should be able to run the Sandbox.
The only downside is that not all machines ship with Windows 10 Pro or Enterprise. If you are using Windows 10 Home, you will not be able to use Sandbox.
How can I get it?
Update: Microsoft just released Insiders on the Fast Ring Windows 10 build 18305, which means if you want to live on the edge, you can upgrade to the latest preview by joining the Insiders program and updating. We definitely do not recommend doing this on your primary PC.
Unfortunately, you can’t get Windows Sandbox yet. Requires Windows 10 build 18301 or higher, which Microsoft hasn’t released yet. But once this version becomes available, it will become a simple matter. You must ensure that virtualization capabilities are enabled in your BIOS. Then you just need to enable Windows Sandbox in the Windows Features dialog:
Once the Windows Sandbox is installed, launching it is pretty much the same as running any other application or program. Just find it in the start menu, launch it and accept the UAC prompt with administrator rights. You can then drag and drop files and programs into the sandbox for testing as needed. Just close the program and Sandbox will undo all your changes.
RELATED:What «additional features» do in Windows 10 and how to turn them on or off
