Microsoft will provide a Sandbox mode to Windows

Andrew3000

Level 11
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?

At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

Windows Sandbox has the following properties:
  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU.
More info: Windows Sandbox - Microsoft Tech Community - 301849
 
D

Deleted member 178

Microsoft saga:

Episode 1 "A WD Menace" aka AVs kicked

Episode 2: "Attack of the EMET Clone" aka anti-exploit kicked

Episode 3: "Revenge of the sandbox " aka sandboxes kicked

Episode 4: " A New Edge" aka Chrome kicked.


Basically they copy from 3rd party vendors..
 
Last edited by a moderator:

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,449
Microsoft saga:

Episode 1 "A WD Menace" aka AVs kicked

Episode 2: "Attack of the EMET Clone" aka anti-exploit kicked

Episode 3: "Revenge of the sandbox " aka sandboxes kicked

Episode 4: " A New Edge" aka Chrome kicked.


Basically they copy from 3rd party vendors..
Sure, who did they steal office from, that's where they made the money to bankrole the whole company, now he's shamefully rich and living the dream, isn't that what so many want to come here and acheive, unless you're young and willing to do anything, no matter how immoral, don't fall for it, it's a pipedream/horseshit.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Microsoft saga:

Episode 1 "A WD Menace" aka AVs kicked

Episode 2: "Attack of the EMET Clone" aka anti-exploit kicked

Episode 3: "Revenge of the sandbox " aka sandboxes kicked

Episode 4: " A New Edge" aka Chrome kicked.


Basically they copy from 3rd party vendors..
They should improve their copying speed and I will be really happy.

Hope it's secure but regardless the no snapshot and auto clear is not what I usually do with vms. I don't see it replacing my virtualbox installation.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
They should improve their copying speed and I will be really happy.

Hope it's secure but regardless the no snapshot and auto clear is not what I usually do with vms. I don't see it replacing my virtualbox installation.
@SHvFl just curious why you prefer VirtualBox over VMWare?
 
  • Like
Reactions: erreale

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
You still need them, because the Windows sandbox does not have persistence. It is a throwaway, to be used for one-time testing.
I believe you can dispense with Shadow Defender and SB given the reasons below especially when you just want to run a software (e.g. browser), shuts the system down and have a fresh reboot

7 Practical Reasons to Start Using a Virtual Machine

However, to test another OS you'll need VB/VMWare
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I believe you can dispense with Shadow Defender and SB given the reasons below especially when you just want to run a software (e.g. browser), shuts the system down and have a fresh reboot

7 Practical Reasons to Start Using a Virtual Machine

However, to test another OS you'll need VB/VMWare
Right. If you just want to run a software to test it out, this Windows feature should be great. But if the software requires reboot, I don't know if it will work. I guess we will have to wait and see how the Microsoft engineers tweak this feature. As presently described, it does not seem to support reboot.
 
  • Like
Reactions: HarborFront

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Right. If you just want to run a software to test it out, this Windows feature should be great. But if the software requires reboot, I don't know if it will work. I guess we will have to wait and see how the Microsoft engineers tweak this feature. As presently described, it does not seem to support reboot.
Does SD and SB support persistence ie can they keep a snapshot before shutting the system down and reload the snapshot upon reboot for a faster start up?

If no then they'll be as good as Windows sandbox
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does SD and SB support persistence ie can they keep a snapshot before shutting the system down and reload the snapshot upon reboot for a faster start up?

If no then they'll be as good as Windows sandbox
Shadow Defender is typically used as a throwaway session, similar to this Windows feature, but it is more sophisticated, because it has all your installed programs and settings, and you can define certain locations that will be persistent, for instance, your AV updates.

Sandboxie is persistent until you manually empty the sandbox contents, but it is not system-wide, it is only for the applications that you choose to sandbox. So it is quite different. It is "light" virtualization.
 

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
I think this is quite interesting. Does anyone know something about the algorithm used to delete applications when the sandbox is closed? In my opinion it should use a secure shredding algorithm because we talk about untrusted EXE files.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I think this is quite interesting. Does anyone know something about the algorithm used to delete applications when the sandbox is closed? In my opinion it should use a secure shredding algorithm because we talk about untrusted EXE files.
You don't need to shred anything, because the whole virtual system is only temporary. It's like nuking the whole building , instead of shredding a few docs.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Shadow Defender is typically used as a throwaway session, similar to this Windows feature, but it is more sophisticated, because it has all your installed programs and settings, and you can define certain locations that will be persistent, for instance, your AV updates.

Sandboxie is persistent until you manually empty the sandbox contents, but it is not system-wide, it is only for the applications that you choose to sandbox. So it is quite different. It is "light" virtualization.
IMO, VB/VMWare is still superior than SB/SD/Windows SB because the latter allows the host machine to be fingerprinted. With a guest OS the host machine cannot be fingerprinted
 
  • Like
Reactions: harlan4096

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
You don't need to shred anything, because the whole virtual system is only temporary. It's like nuking the whole building , instead of shredding a few docs.
Hey shmu, I know I am paranoid, but when I test for example an EXE (application I don't know) in VirtualBox I like to shred it before restore the VM state.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top