Windows Sandbox will enable safe isolation and testing of suspicious programs in Windows 10 19H1
The upcoming version of Windows 10 codenamed 19H1 will offer a new optional feature called Windows Sandbox. Windows Sandbox will allow you to run programs and test them in an isolated temporary desktop environment. This is great for those who are who are cautious about trying new or suspicious programs lest they cause issues with the main OS installation. Windows Sandbox is native and users do not need to download any additional software or virtual hard disks (VHDs) to get going.
Sandboxing is not new to Windows and many users will know of the program Sandboxie that offers a way to run EXEs in isolation. Windows Sandbox is similar in purpose to Sandboxie, but is much more advanced. Essentially, Windows Sandbox offers the full functionality of Windows 10 in a virtual desktop environment that is totally isolated from the main OS. Every instance of Windows Sandbox presents a fresh brand-new desktop and applications that run within this neither persist their states nor can affect the host. This means, you can safely execute any suspicious program, get the job done, and close the Sandbox instance to permanently discard every data of the session. When you restart Windows Sandbox, you will be presented with a new desktop instance once again.
Microsoft says that Windows Sandbox uses Hyper-V for hardware-based virtualization and the Sandbox instance uses its own integrated kernel scheduler, memory management, and virtual GPU. Giving the Sandbox its own scheduler enables the host OS to treat the Sandbox as a normal process or an app instead of a virtual machine, which Microsoft says will make it more responsive. And since it's a process, the host OS can decide whether to reclaim memory allocated to the Sandbox and also optimize battery usage on laptops.
Windows Sandbox will also support graphics virtualization if the GPU and drivers are compatible with WDDM 2.5 or higher. This enables the host OS to dynamically allocate GPU resources depending on the load. Just like a virtual machine, you can also save snapshots of the Sandbox instance to disk so that it can resume faster without having to perform a clean boot every time.
Microsoft lists the following requirements for enabling Windows Sandbox, which is slated debut in Windows 10 Build 18305 —
- Windows 10 Pro or Enterprise build 18305 or later
- AMD64 architecture
- Virtualization capabilities enabled in BIOS
- At least 4GB of RAM (8GB recommended)
- At least 1 GB of free disk space (SSD recommended)
- At least 2 CPU cores (4 cores with hyperthreading recommended)
It remains to be seen how well Windows Sandbox can be integrated into regular workflows and whether app data from the Sandbox can be saved to the host drive or not. Nevertheless, this feature will be highly welcomed by enterprise customers and also provides a way for Microsoft to remove the burden of legacy components from consumer versions of the OS in effort to further streamline it for all device types.
For a more in-depth look into the underpinnings of this technology, check out the Windows Kernel Internals Blog linked below.