Worried about what that “.exe.” file is going to do to your Windows-based system? Here’s some good news. Microsoft has now officially announced the arrival of Windows Sandbox: an isolated desktop testing environment for running untrusted software. Built into the Pro and Enterprise flavours of Windows 10, it’s available right now for Windows Insider users in the Fast ring, with a general rollout scheduled for April.
Here’s a closer look at what Windows Sandbox does – and at how to access it…
InPrivate Desktop: Renamed – and it’s not just for Enterprise users…
Back in August last year, a feature dubbed InPrivate Desktop was accidentally leaked as part of the Windows 10 Insider programme. (Basically, it looked as if Microsoft was toying with the idea of releasing it in beta at that stage – then decided against it – but “forgot” to take out references to it from the Insider release).
From the leaked user guide, you could see that InPrivate Desktop was essentially a virtual machine (VM): a handy throwaway Windows environment that would let you run and check the piece of software you wanted to test – but without accessing the files or features of the main system.
All of this sounded promising apart from one major limitation: it seemed that you needed Windows 10 Enterprise to run it.
The company didn’t comment on the leak at the time. But fast forward to December and it’s now official, courtesy of a community post from Microsoft’s Hari Pulapaka. It’s described as “an isolated, temporary desktop environment where you can run untrusted software without fear of lasting impact to your PC”.
The ‘InPrivate Desktop’ moniker has gone in favour of the much more say-what-you-see description, ‘Windows Sandbox’. Crucially, it’s available to both Enterprise and Pro users.
What’s good about Windows Sandbox?
There are some very good reasons to put it to work…
It’s part of Windows
You want to check out a piece of software before letting it loose on your system. So you go away and source some decent Virtual Machine software to test it. This means extra cost – and you also discover that this VM slows down performance, while eating up a fair chunk of storage space.
Windows Sandbox offers an alternative. Everything you need for a software quarantine & check is now accessible via the Windows 10 Pro or Enterprise dashboard – with no extra VM tools to juggle.
It’s a true sandbox
Windows Sandbox runs in a kernel created using virtualization at hardware level. This gives you the power to run a completely accurate snapshot OS environment – but one that’s entirely isolated from the rest of your system. All of this is done without the need to create or download a virtual hard disk (VHD).
It’s brand new every time
On closing the Windows Sandbox application after using it, everything on it is discarded. Each time you run it, you get pristine usage.
Run requirements are actually refreshingly modest:
- Windows 10 Pro or Enterprise build 18301 or later (see below)
- X64 architecture
- A processor that supports virtualization
- 4GB of RAM (8GB is recommended)
- 1 GB of available disk space (SSD is recommended)
- 2 CPU cores (4 cores with hyperthreading are recommended)
Can I Run Windows Sandbox Right Now?
Yes – but only if you’re a Windows Insider enrolled in the Fast ring – and if you’re running build 18305…
- First off, check your motherboard manufacturer instructions to ensure virtualization is enabled
- Open Start.
- Search for Turn Windows features on or off – and click the first result.
- Check the Windows Sandbox box. Click OK and then Restart now.
- You should now be able to start Windows Sandbox via the Start menu.
If you’re not signed up to the Windows Insider programme (Microsoft’s army of unpaid testers), you can expect to have access to Windows Sandbox once the next full update (19H1) is rolled out. This is scheduled for April 2019. (Note: this is for Pro and Enterprise users only. No announcement for Home and Education users unfortunately!).
Does Windows Sandbox solve my cybersecurity problems?
Windows Sandbox gives you a clean slate: a safe, fast and reliable means of putting software to the test – without having to purchase additional tools.
It’s a valuable thing to have – but just remember one thing: it counts for little if you or other system users routinely bypass it! Tempted to click on that ‘interesting’ looking link in an email? Tempted by that ‘too-good-to-be-true’ software download? It’s no good having sandboxing capabilities at your fingertips if you’re not going to remember to use them – every time.