In August the first signs that Microsoft was preparing a sandbox feature for Windows 10 emerged. An official page in the Microsoft Feedback Hub briefly appeared to describe such a security feature, but it was hastily removed after a few sites reported upon its existence. At the time the sandbox functionality came under the feature name of InPrivate Desktop and would require Windows 10 Enterprise, and various minimal hardware specs.
A few hours ago Microsoft published a blog post, in the Windows Kernel Internals section, detailing "a new lightweight desktop environment tailored for safely running applications in isolation". Now, almost ready for prime time, it has been renamed succinctly and descriptively Windows Sandbox.
click to zoom
The Microsoft blog post covers everything you would need to know, in a brief summary and then in more depth. The purpose of the new Sandbox is, as you might expect, to provide "an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC". Once you close the sandbox down all files and its state are permanently deleted, adds Microsoft.
The following key qualities of Windows Sandbox are highlighted:
- Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
- Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
- Disposable – nothing persists on the device; everything is discarded after you close the application
- Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
- Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU
In some technical details it provides, Microsoft says that Windows Sandbox is based upon the same technologies as Windows Containers, designed to enable its cloud portfolio. Important changes to Windows Sandbox since it was known as InPrivate Desktop are; that it is now indicated to be available for both Enterprise and Pro customers, and that resource demands now seem to have been reduced. Users still need a PC capable of virtualisation.
ZDNet's Mary J Foley notes that Windows Sandbox is available to users of Windows 10 Pro or Enterprise running Insider Build 18301 or later – a version not available at the time of writing but expected later in the week. When it WIndows Sandbox is available it is selectable within the Windows Features control panel, see directly above. Foley thinks the feature could reach a finished release of Windows 10 in the first half of 2019.
