Want to run an untrusted software or need a clean computer environment to execute suspicious file?
Windows Sandbox is a solution for your problem.
When do we need Sandbox?
Case 1: Running a suspicious file
Suppose you have received an email attachment from unsolicited sender but looks genuine. You are curious to check what’s inside it but at the same time skeptical and scared of ransomware it may bring.
In this case, you need isolated environment to run the file so that it doesn’t affect other files on the system.
Case 2: Testing the Software
Software testing requires a clean computer which is free of any customization and additional software installation. Anything extra could not result in desirable outcome.
In both scenarios, the best solution is Virtual Machine.
Problems with Virtual Machine
- Expensive: License of virtual machine software are costly. Even if you use free alternatives like VirtualBox, you might have to purchase another Windows License to install on machine.
- Powerful Hardware Configuration: VM demands its own storage space and RAM so you need a computer with decent configuration for virtual machine snapshots.
- Complex and Time Consuming: Virtual machine is not easy and quick to setup. It is definitely not a feasible option to turn on VM every time just to run a questionable file.
Solution: Windows 10 Sandbox
Microsoft has been working on a project called ‘InPrivate Desktop’ for a long time which will now be included as “Windows Sandbox” in future releases. As per the blog published by Hari Pulapaka, this feature creates an “isolated, temporary desktop environment”.
It is similar to any standard VM software, but it deletes everything once you close the machine. Windows Sandbox will run a machine in clean state every time to start it.
You know that it is possible to run a file as different user but sandbox makes it possible to run a program or file as if it is inside a different computer.
What makes Windows Sandbox different?
Low System Requirements:
- Windows 10 Pro or Enterprise build 18301 or later
- x64 architecture
- Virtualization capabilities enabled in BIOS
- 4GB of RAM (8GB recommended)
- 1 GB of free disk space (SSD recommended)
- 2 CPU cores (4 cores with hyperthreading recommended)
No need of Virtual Hard Disk
Everything required ships with Windows 10 PRO and Enterprise. It is a part of the operating system. Instead of creating VHD, it uses a copy of the Windows 10 installed on your computer.
In the process, it links to files that don’t change on the system and refers to common files that do change. The majority of the files are links (immutable files) and that’s why the small size (~100MB) for a full operating system.
Secure and Efficient
Windows Sandbox uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel.
It is designed in such a way that host machine can reclaim memory from the Sandbox if needed. Also, sandbox is aware of your host machine’s battery levels so that it can optimize power consumption.
Fast and Inexpensive
As the feature is integrates into the operating system, there is zero additional cost.
Sandbox executes faster because there is no overhead. You can quickly build and destroy virtual environment just by exiting the window.
Only downside of the feature is that it is not available to Windows 10 Home users.
How to Install and Use Windows Sandbox Feature
You must be on Windows 10 build 18305 or higher to enable Sandbox feature.
Enable Virtualization feature from BIOS to take advantage of Sandbox.
Once upgraded to the required build, you should enable Sandbox from Windows Features options.
Select Windows Sandbox and click OK to install Windows Sandbox. Restart the computer to complete the installation.
To run the feature, find it in Start menu or search for the feature. It will ask for administrator privilege, so you will have to accept the UAC prompt.
When you open the Sandbox feature window, just drag any file inside it to test and run.
To discard any changes made, just close the window and virtual machine created will be destroyed automatically.