Whether it's a program you found on the Internet or what was in your email, running executables was always risky. Testing software in clean systems requires Virtual Machine (VM) software and a separate Windows license to run in the VM. Microsoft is about to solve this problem with Windows Sandbox.
VMs: Great for Safe Testing but Difficult to Use
We all received an email that apparently came from a friend or family member and has an attachment. Maybe we even expected it, but somehow it does not look quite right. Or you may have found a great app on the internet, but it comes from a developer you've never heard of.
What are you doing? Download it, run it and just take the risk? With ransomware it is almost impossible to be too careful.
In software development, a developer sometimes needs most of a clean system ̵
The best solution for both situations is to boot a virtual machine. This gives you a clean, isolated operating system. If it turns out that this attachment is malware, it will affect only the virtual machine. Restore a previous snapshot and you're ready to go. If you're a developer, you can run your tests as if you were setting up a brand new machine.
RELATED: Beginner Geek: Creating and Using Virtual Machines
However, there are some problems with VM software.
First, it can be expensive. Even if you use a free alternative such as VirtualBox, you still need a valid Windows license to run on the virtualized operating system. Certainly, you can not enable Windows 10, but that limits what you can test.
Second, running a VM with decent performance levels requires relatively high-performance hardware and lots of disk space. If you use snapshots, you can quickly populate a smaller SSD. If you use a large hard drive, the performance can be slow. You probably do not want to use these energy-intensive resources on a laptop.
And finally, VMs are complicated. Not necessarily something you want to set up to test a questionable executable file.
Fortunately, Microsoft has announced a new solution that solves all these problems at once.
 In a post on the Microsoft Tech community blog, Hari Pulapaka describes the new Windows sandbox. Formerly referred to as InPrivate Desktop, this feature creates an "isolated, temporary desktop environment" in which you can run software without fear of damaging your computer.
Similar to a standard VM, each software installed in the sandbox remains isolated and can not affect the host computer. Closing the sandbox deletes all programs you have installed, files added, and any settings changes made. The next time you run Sandbox, the status will be "clean." Microsoft uses hardware-based hypervisor virtualization to run a separate kernel to isolate sandbox from the host.
This means that you can safely download an executable file from a risky source and install it in Sandbox without compromising your host system. Or you could quickly test a development scenario in a new version of Windows. Impressive are the requirements quite low:
- Windows 10 Pro or Enterprise Build 18301 or higher (currently not available but should be released soon) Insider Preview Build)
- AMD64 Architecture
- Enabled in the BIOS Virtualization Features
- At least 4 GB of RAM (8 GB recommended)
- At least 1 GB of available hard disk space (SSD recommended)
- At least 2 CPU cores (4 cores recommended with hyperthreading)
One of Sandbox's better ingredients in that you do not need to download or create a virtual hard disk (VHD). Instead, Windows dynamically generates a clean snapshot operating system based on the host operating system on your computer. It creates links to files that do not change on the system and common files that change.
This results in an incredibly bright image – only 100 MB. If you do not use the sandbox, the image is compressed to a tiny 25 MB. And since it's essentially a copy of your operating system, you do not need a separate license key. If you have Windows 10 Pro or Windows 10 Enterprise, you have everything you need to run Sandbox.
For security, Microsoft uses the previously introduced container concept. The sandbox operating system is isolated from the host, so it looks like a VM can run like an app.
Despite these levels of separation, the host computer and sandbox work together. If necessary, the host restores memory from the sandbox to prevent your computer from slowing down. The Sandbox knows the battery level of your host computer to optimize power consumption. It is possible to run the sandbox on the go on a laptop.
All these and other improvements make for an extremely secure, fast and inexpensive virtual system. It provides a fast and secure VM-like solution with far less effort than a traditional solution. You can quickly access, test and destroy snapshots – and repeat them as needed. Like everything intensively, better hardware makes this run even smoother. As shown above, less powerful hardware should also be able to run the sandbox.
The only downside is that not all computers are equipped with Windows 10 Pro or Enterprise. If you are using Windows 10 Home, you can not use Sandbox.
How do I get it?
Unfortunately, you can not fully preserve Windows Sandbox yet. It requires Windows 10 build 18301 or later that has not been released by Microsoft. Once this version is available, this is a straightforward matter. You want to make sure that your virtualization features are enabled in your BIOS. Then you just have to turn on Windows Sandbox in the Windows Feature dialog:
Once the Windows Sandbox is installed, it's almost the same as any other app or program. Simply locate it in the Start menu, run it, and accept the User Account Control (UAC) prompt, which gives it administrator privileges. You can drag and drop files and programs into the sandbox to test them as needed. Just close the program when you're done, and Sandbox discards any changes you've made.
RELATED: What features of Windows 10 "Optional features" and how to turn them on or off