Microsoft may position its new, concise Windows sandbox as a secure zone for testing untrusted applications as part of the May 10, 2019, Windows Update, but it's much more. Windows Sandbox and Sandboxing PC apps in general offer you a solution to test a "utility" that may be malware or a website that you are not sure about. You could leave those potentially dangerous elements alone, but with Sandbox you can be a little more adventurous.
Windows Sandbox creates a secure virtual Windows environment from scratch and separates it from your "real" PC. You can open a browser and surf safely, download apps, and even visit websites you probably should not visit. Sandbox also offers a unique level of convenience: you can copy files to the virtual PC and quarantine them from there, if you are absolutely sure.
You can close Windows Sandbox at any time, and when you do that, everything that's left is completely wiped out. If malware on your sandbox fails on this dodgy site, it only takes one click to shut it down without harming the actual Windows installation. The next time you start a new version of Sandbox, an untouched version of Windows 1
0 starts to reboot.
You do not need to buy a second copy of Windows to use the feature. However, you need Windows 10 Pro or Enterprise. The home version does not support this. And right now, Windows Sandbox is a preview feature reserved for Windows Insiders only. It was introduced in build 18305, but it should be part of the Windows 10 version "19H1", which should be released in late May.
Find everything you need to know to use Windows Sandbox.
Windows Sandbox Getting Started
Mark Hachman / iDG
Windows Sandbox looks like Windows in a window – because it is. It's just another Windows desktop that has been firewalled from your primary installation.
Technically, Windows Sandbox is a lean virtual machine, a tool that allows developers and researchers to frequently test new software in a controlled environment. Virtualization creates a complete virtual machine with operating system, memory, and memory on your existing Windows PC.
Granted, Windows already offers Hyper-V to accomplish similar tasks. What makes Sandbox so attractive is that Sandbox for Hyper-V is like the Windows 10 Mail app for Outlook: a simplified, easy-to-use version of a much more complex application.
Mark Hachman / IDG
When you open Windows Sandbox as a full-screen window, some additional icons appear. If you click the mobile-style signal bar, you will see this message, partly because the "remote" Windows you are connecting to is not at all remote.
Apart from the Windows 10 Pro requirements, Windows Sandbox requires a modern, fair performance powerful machine with virtualization capabilities. Here are the minimum requirements for the feature:
At least 1 GB free space (SSD recommended) [19659021] Windows Sandbox is an alternate feature of Windows and is not installed by default, even if it is available to you. To enable it, you need to go to the Control Panel for Windows functions that you will find when you search for Windows Features Enable and Disable . To enable Sandbox, you need to scroll down and select the corresponding check box. Windows installs the necessary files and may need to restart your PC.
Mark Hachman / IDG
To enable Windows Sandbox, you must first install it.
When When the installation process is complete, no frills are heard. To enable Sandbox, simply enter Windows Sandbox in the Windows search box. Loading may take a minute or two, if only because Windows needs to set up the virtual machine. Microsoft has previously announced that the status of the virtual machine will be "frozen", archived and reopened the next time Windows Sandbox is started. Basically everything should run faster at the next start.
Using Windows Sandbox [19659027] Sandbox appears as a small window on your desktop. This is another Windows desktop, as you may see it, if you have Windows 10 installed and you have decided to use a local account.
The virtual sandbox PC is not quite your own. First, none of the personalization options you've installed, such as Favorites and Themes, are inherited. And that's good! One of the ideas behind Sandbox is not exposing your personal information to the wild. So you should not be tempted to sign in with your personal account. Also, your third-party software will not be displayed. You still have access to File Explorer, but it is restricted to the sandbox and a subset of your PC's resources are available. Also note that only one instance of Windows Sandbox is allowed at a time.
You'll probably be tempted to immediately open Windows Sandbox as a full-screen app. This is fine, especially as Microsoft placed a large Windows XP header at the top of the window reminding you that you are working in Sandbox. Be sure – the last thing you want to do is go back to your "real" PC carelessly and open the dubious website you wanted to launch in Sandbox. Sandbox-opened Edge Browser and File Explorer windows do not identify themselves as sandboxed versions. You're welcome to play around with the Windows settings in Sandbox and see how they differ from your main Windows installation.
Windows Sandbox runs as an app rather than a virtual machine. Your PC does not experience as much performance as it does on a real virtual machine. (If you would like to learn more about Sandbox technical basics, see the Microsoft support page.) Note, however, that Sandbox claims some of the resources of your PC for its own use, including part of the CPU. Memory and storage space. If your PC is already full, both it and the virtual sandbox PC will run even slower.
The status of the Sandbox app will also benefit you if you ever want to interact with files that you may have downloaded. A Hyper-V virtual machine isolates the file system so that malware can not escape. Any files that you want to copy from a Hyper-V VM will require a Remote Desktop connection or extended session mode. Normal people do not want to do anything with it! With Sandbox, you can easily cut out all the files on it and paste (or copy) them on your "real" desktop. This is very handy if the utility you are testing turns out to be useful.
With one exception, I have not noticed any errors or crashes related to Sandbox. If you are having trouble, as I have, accessing the Internet through Windows Sandbox, you can tweak the firewall settings to allow access to the sandbox apps, or simply customize the global protection settings.
<img src = "https://images.idsg.net/images/article/2019/02/windows-sandbox-storage-100787579-large.jpg" border = "0" alt = "Windows Sandbox" Memory [19659037] Mark Hachman / IDG
The amount of memory allocated to Windows Sandbox is 132 GB available on our Surface Laptop review unit.
Windows Sandbox does not tell you if it's a dodgy program secretly sends information back to a third-party server or checks for other harmful activity without your knowledge (advanced users can monitor network traffic at will). Sandbox will do no harm to you.
Remember that you can close Windows Sandbox at any time, and when you do, you will receive a message stating that everything in it is complete has disappeared. The protections that Sandbox provides are lost when you copy a malicious file from the virtual machine to your main Windows installation.
Customizing the Windows Sandbox for Everyday Use
However, what you can quickly discover is that this sandbox is more than just a test environment for apps that you're not sure about. This is also an extra level of security when browsing the Internet. We liked Windows 10's hidden secure browser, Windows Device Application Guard, but you could only download files to your own secure environment. Sandbox lets you copy files between sandboxes to your PC.
Both Microsoft Edge and Google Chrome include their own sandbox elements to protect your PC. However, if you do not really trust a particular site, you can always open Edge (create a sandbox in a sandbox) in your sandbox and open that untrusted site. Are you a bit skeptical that Chrome's incognito mode does not track your browsing? Download Chrome in Sandbox, surf away without logging in to your Google Account, and then end your entire session by closing Sandbox.
Windows Sandbox does not anonymize your ad – theoretically your ISP still keeps track of what sites you've visited, unless you also use a VPN – but if you destroy the sandbox, that browser record disappears completely. If you download something that you're not sure about, you can test it in Sandbox at any time to see if it's actually malicious.
Mark Hachman / IDG
BitTorrent has worked flawlessly. However, you never know exactly what you are downloading, which is why sandboxing might be a good idea. Strangely, Windows Defender does not seem to work in Sandbox, but I downloaded a free third-party anti-virus program from BitDefender and was able to scan individual files for malware.
As previously mentioned, Sandbox charges a price for performance. Using a first-generation Surface laptop (with a Core i5-7200U Kaby Lake chip), only three media-rich edge tabs in Sandbox devoured enough resources to keep overall CPU utilization well above 90 percent. I occasionally saw a stutter as I shut down a website. With a more robust Surface Pro (2017) and some later code revisions, Windows Sandbox ran much smoother.
You do not think you will play games in sandbox. But open an email through Outlook.com? For sure. Download what I thought was a Linux distribution through uTorrent? That worked well. (However, attempting to mount the ISO file in Sandbox failed.)
Mark Hachman / IDG
By default, no personalization options are displayed. It's probably a good idea to remove your personal information from a sandbox, if not required.
How far Sandbox you put into your everyday life is up to you. We've seen sandbox videos demonstrating the effects of computer viruses. If the sandbox virtual machine is no longer devastated, the sandbox can be shut down. (We still would not recommend this for known threats, as we can not say with certainty that malware will be unable to break out of the virtual sandbox machine.) However, sandbox has the potential for much more than just app testing ,
Note that there are other third-party sandbox applications you can try: Sandboxie (both free and paid versions); BitBox, specially designed for browsing; ShadeSandbox and more. All of them have their own advantages and disadvantages. What Sandbox offers is the convenience of a free, secure sandbox solution built right into Windows. And soon, everyone will have it with Windows 10 Pro.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed .