• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Windows Sandbox Securely Runs Suspicious Apps in Isolation

crazyeyesreaper

Not a Moderator
Staff member
Joined
Mar 25, 2009
Messages
9,817 (1.71/day)
Location
04578
System Name Old reliable
Processor Intel 8700K @ 4.8 GHz
Motherboard MSI Z370 Gaming Pro Carbon AC
Cooling Custom Water
Memory 32 GB Crucial Ballistix 3666 MHz
Video Card(s) MSI RTX 3080 10GB Suprim X
Storage 3x SSDs 2x HDDs
Display(s) ASUS VG27AQL1A x2 2560x1440 8bit IPS
Case Thermaltake Core P3 TG
Audio Device(s) Samson Meteor Mic / Generic 2.1 / KRK KNS 6400 headset
Power Supply Zalman EBT-1000
Mouse Mionix NAOS 7000
Keyboard Mionix
In an always-online world having the ability to test unknown programs or .exe files on PC has required the use of extra software which has always come with issues of its own or the more in-depth use of a virtual machine. In order to eliminate the fear of running unknown programs along with the desire to make testing them easier, Microsoft has announced the development of their Windows Sandbox. This new feature will be coming to Windows 10 Pro and Enterprise next year and as you may have guessed it allows for the creation of a temporary desktop environment. This work environment is made to be secure and disposable meaning you can run an app in the sandbox check for compatibility, possible issues, malware, etc and once done just delete the entire sandbox. Thus keeping your real operating system free and clear of any potentially hidden nasty surprises.

The entire system works by using Microsoft's Hypervisor to create an entirely separate kernel isolated from the host PC. Each time its run it creates a pristine installation of Windows as nothing persists between uses. More importantly, the prerequisites for its use are quite low, with systems currently at the minimum needing Windows 10 Pro or Enterprise Insider build 18305 or later, virtualization capabilities enabled in the BIOS, 4 GB of memory, 1 GB free disk space and 2 CPU cores. Recommended specifications include a CPU with four threads, 8 GB memory, and an SSD, which in this day and age is quite minimal all things considered. While this feature is not likely to be a game changer for the average consumer it should make the lives of IT personnel a bit easier.



View at TechPowerUp Main Site
 
Joined
Dec 16, 2017
Messages
2,941 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
YES! I've been hoping for this kind of thing ever since I learned about sandboxes!

And no, I know about other third-party programs that do this, but I wanted something built-in.
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
24,185 (3.74/day)
Location
London,UK
System Name WorkInProgress
Processor AMD 7800X3D
Motherboard MSI X670E GAMING PLUS
Cooling Thermalright AM5 Contact Frame + Phantom Spirit 120SE
Memory 2x32GB G.Skill Trident Z5 NEO DDR5 6000 CL32-38-38-96
Video Card(s) Asus Dual Radeon™ RX 6700 XT OC Edition
Storage WD SN770 1TB (Boot)|1x WD SN850X 8TB (Gaming) | 2x2TB WD SN770| 2x2TB+2x4TB Crucial BX500
Display(s) LG GP850-B
Case Corsair 760T (White) {1xCorsair ML120 Pro|5xML140 Pro}
Audio Device(s) Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150
Power Supply Seasonic Focus GX-850 80+ GOLD
Mouse Logitech G502 X
Keyboard Duckyshine Dead LED(s) III
Software Windows 11 Home
Benchmark Scores ლ(ಠ益ಠ)ლ
Joined
Oct 26, 2008
Messages
2,259 (0.38/day)
System Name Budget AMD System
Processor Threadripper 1900X @ 4.1Ghz (100x41 @ 1.3250V)
Motherboard Gigabyte X399 Aorus Gaming 7
Cooling EKWB X399 Monoblock
Memory 4x8GB GSkill TridentZ RGB 14-14-14-32 CR1 @ 3266
Video Card(s) XFX Radeon RX Vega₆⁴ Liquid @ 1,800Mhz Core, 1025Mhz HBM2
Storage 1x ADATA SX8200 NVMe, 1x Segate 2.5" FireCuda 2TB SATA, 1x 500GB HGST SATA
Display(s) Vizio 22" 1080p 60hz TV (Samsung Panel)
Case Corsair 570X
Audio Device(s) Onboard
Power Supply Seasonic X Series 850W KM3
Software Windows 10 Pro x64
Long overdue and a good play by Microsoft.
They used to have this of a sort...

Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.
 
Joined
Sep 17, 2014
Messages
22,698 (6.05/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
This is pretty neat.
 

silentbogo

Moderator
Staff member
Joined
Nov 20, 2013
Messages
5,568 (1.37/day)
Location
Kyiv, Ukraine
System Name WS#1337
Processor Ryzen 7 5700X3D
Motherboard ASUS X570-PLUS TUF Gaming
Cooling Xigmatek Scylla 240mm AIO
Memory 64GB DDR4-3600(4x16)
Video Card(s) MSI RTX 3070 Gaming X Trio
Storage ADATA Legend 2TB
Display(s) Samsung Viewfinity Ultra S6 (34" UW)
Case ghetto CM Cosmos RC-1000
Audio Device(s) ALC1220
Power Supply SeaSonic SSR-550FX (80+ GOLD)
Mouse Logitech G603
Keyboard Modecom Volcano Blade (Kailh choc LP)
VR HMD Google dreamview headset(aka fancy cardboard)
Software Windows 11, Ubuntu 24.04 LTS
This is awesome. Waiting for public release.

Windows 7 Pro came with a copy of Windows XP Pro x64 for use in a VM. You had to download the package though. Didn't come on the DVD.
That was a VM.
What they do now is an equivalent of Docker containers.
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.

Still decades behind, dumb dumbs. Maybe next century you can have a grown up OS.
 

silentbogo

Moderator
Staff member
Joined
Nov 20, 2013
Messages
5,568 (1.37/day)
Location
Kyiv, Ukraine
System Name WS#1337
Processor Ryzen 7 5700X3D
Motherboard ASUS X570-PLUS TUF Gaming
Cooling Xigmatek Scylla 240mm AIO
Memory 64GB DDR4-3600(4x16)
Video Card(s) MSI RTX 3070 Gaming X Trio
Storage ADATA Legend 2TB
Display(s) Samsung Viewfinity Ultra S6 (34" UW)
Case ghetto CM Cosmos RC-1000
Audio Device(s) ALC1220
Power Supply SeaSonic SSR-550FX (80+ GOLD)
Mouse Logitech G603
Keyboard Modecom Volcano Blade (Kailh choc LP)
VR HMD Google dreamview headset(aka fancy cardboard)
Software Windows 11, Ubuntu 24.04 LTS
It's almost as if every application should be contained within its own memory allocation and denied root by default. Oh, wait, the other OSes have done that since their inception.
Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.
 
Joined
Aug 30, 2006
Messages
7,223 (1.08/day)
System Name ICE-QUAD // ICE-CRUNCH
Processor Q6600 // 2x Xeon 5472
Memory 2GB DDR // 8GB FB-DIMM
Video Card(s) HD3850-AGP // FireGL 3400
Display(s) 2 x Samsung 204Ts = 3200x1200
Audio Device(s) Audigy 2
Software Windows Server 2003 R2 as a Workstation now migrated to W10 with regrets.
Glad this is coming. Perhaps it will also allow me to deal with annoying "we own you software", such as:

skype in a sandbox
office in a sandbox
autoupdating W10 in a non-updating W10 sandbox

;)
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Windows does it since XP.
There is a big difference between "restricted access" and "running inside a container". Containers only gained traction a few years ago. Docker (the most popular multiplatform containerization software), got to its first public release only in 2013, and it's a thrid-party software. So, I'm not sure where this "since their inception" comes from.

Anything in windows can access another process's memory willy nilly (the pop ups granting access are just a joke). The only thing stopping that are good security apps. Gee, I wonder why everything is hackable and infectable. Restricted my ass.

Takes a sandbox to achieve security from any rando malware...laughable.
 
Last edited:
Joined
Aug 14, 2012
Messages
225 (0.05/day)
System Name "Big E"
Processor I5 2400
Motherboard Intel DQ67OW
Cooling Scythe Samurai ZZ
Memory 4 X 2 Gb Kingmax 1333
Video Card(s) MSI RX470 gaming x 4gb
Storage samsung F3 500 GB
Display(s) Acer S271HLBbid
Case "Big E"
Power Supply Gembird 450 W
Mouse Generic
Keyboard Generic
Software W10 LTSC
Benchmark Scores Nothing worthy to mention
Finally, something that makes upgrading to win 10 worth it.I'll definitely switch once this becomes available and the bugs have been worked out.
 
Joined
May 19, 2009
Messages
1,868 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
This makes me happy as someone working in IT.
 
Joined
Sep 15, 2016
Messages
484 (0.16/day)
This makes me happy as someone working in IT.

I've done a lot of debugging and reverse engineering of third party software and having a sandbox to work in is invaluable especially when generating security signatures.
 
Joined
Oct 1, 2018
Messages
134 (0.06/day)
I've been using VMWare Workstation ever since I had hands on one of the keys. You are a decade too late mikey.
 
Joined
Oct 28, 2018
Messages
565 (0.25/day)
Location
Zadar, Croatia
System Name SloMo
Processor G4560
Motherboard MSi H110-PRO-D
Cooling LC-CC-95 @ Arctic Cooling fan
Memory 2X Crucial DDR4 2400 4GB
Video Card(s) Integrated HD 610
Storage WD 500 GB + Seagate 500 GB + Toshiba 3 TB
Display(s) Lenovo D221
Case Corsair Carbide 100R
Audio Device(s) Manhattan Flex BT Headphones, Encore P-801 stereo speakers
Power Supply Corsair CX450M
Mouse microsoft office mouse
Keyboard Modecom mc-800m
Software Windows 10 Pro x64
Benchmark Scores gorstak @ hwbot.org
soo, back to pirated home edition...
 
D

Deleted member 24505

Guest
Just noticed this on my win 10, it's very interesting.
 
Top