Microsoft: Come and play in our Windows SandBox

We've got buckets, spades and isolated apps

Ever felt a bit sick when Windows whinges about a suspicious application, but you really need to run it? Worry no more, because Windows Sandbox is inbound.

Hari Pulapaka of the Windows Kernel team shared the good news last night, trumpeting the arrival of the lightweight desktop environment that would allow whiffy applications to be run in splendid isolation.

The use case is one that we've encountered on occasion, where a downloaded app needs to be run, but we're a little wary of the code's provenance. Paranoia dictates that in those instances we'd spin up a new Windows 10 Virtual Machine using Hyper-V and run the thing in there, but we'd be the first to admit it is inconvenient, and licensing is a pain.

The Windows Sandbox uses the hypervisor to do something similar, but rather than faffing about with Hyper-V, adds a Windows Sandbox app which will spin up a fresh desktop, isolated from the host. The app, or installer, can be pasted into the desktop window and then run without fear of OS borkage.

Windows Sandbox also uses a copy of the Windows 10 Pro or Enterprise already installed, so there is no need to fiddle around with licences. SandBox treats the installed OS as a base image, dispensing with the need to download or create new VHD images, and only occupies around 100mb when installed.

And, of course, nothing is persisted when the thing is closed down.

You'd be forgiven for feeling a strong sense of déjà vu at this point. The likes of Sandboxie have been giving Windows users a sense of isolation for years, and penguistas have the option of Qubes and its ilk to keep things compartmentalised in the Linux world.

Sadly, we cannot yet play with the Windows Sandbox, since it requires build 18305 or later of Windows Pro and Enterprise (and the latest public Insider build is 18298), although at first glance it looks a little clunky. Rather than having to jump into a entirely separate desktop, we'd prefer a more seamless approach, such as that taken with Parallels when running Windows apps on a macOS desktop.

However, it is undeniably a step in the right direction, and we look forward to taking it for a test drive when the next Insider build drops. ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019