Microsoft announces Windows Sandbox, a desktop environment for running applications in isolation
Microsoft has announced an upcoming security feature which it hopes will take the fear and risk out of running unknown software. Windows Sandbox is an isolated desktop environment which functions much like a virtual machine; any software installed to it is completely sandboxed from the host operating system.
Aimed at businesses, enterprises and security-conscious home users, Windows Sandbox will be part of Windows 10 Pro and Windows 10 Enterprise. It is not clear exactly when the feature will debut, but it could make an appearance in Windows 10 19H1 next year.
See also:
- Microsoft may have sent you an email with a hidden gift certificate worth $10
- Microsoft says Windows 10 October 2018 Update now fully available for 'advanced users'
- Windows 10 sends activity history to Microsoft even when told not to
- Microsoft confirms you will be able to use Chrome extensions in Edge
Microsoft says that in order to use Windows Sandbox, you need to be running Windows 10 Pro or Enterprise build 18305 or later -- which is not yet available. Once you have access to this build, however, you will find that the security feature is built into the operating system, and can be enabled through Windows Features. You will also need to enable virtualization in your BIOS.
The company touts the following features of Windows Sandbox in a detailed blog post introducing the new feature:
- Part of Windows -- everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
- Pristine -- every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows
- Disposable -- nothing persists on the device; everything is discarded after you close the application
- Secure -- uses hardware-based virtualization for kernel isolation, which relies on the Microsoft's hypervisor to run a separate kernel which isolates Windows Sandbox from the host
- Efficient -- uses integrated kernel scheduler, smart memory management, and virtual GPU
Microsoft explains that Windows Sandbox is built on Windows Containers technology, bringing cloud-based features to desktop machines without the need to run Windows Server.
For more details, take a look at the post on the Windows Kernel site.