Microsoft puts desktop apps in containers with Windows Sandbox Credit: Microsoft
Virtualization

Microsoft puts desktop apps in containers with Windows Sandbox

Microsoft has shipped a new feature in Windows 10 Pro and Enterprise builds 18305 and up that let users create throwaway desktop environments for testing and developing software.

Normally, developers have to spin up a virtual machine or use a separate system specifically for running new or untrusted apps. But the new feature, called Windows Sandbox, uses the container technologies recently added to Windows to provide a high degree of isolation for individual programs, Microsoft says.

When launched, Windows Sandbox presents a Windows desktop running in a window, similar to a VM. Files and applications can simply be dragged and dropped, or copied and pasted, into the sandbox process, then run as is. Nothing running in the sandbox process affects the host. When the sandbox is closed, all its content is erased.

Right now, the feature set for Sandbox is very limited. There doesn’t seem to be any way to save and restore the state of multiple sandboxes. Windows Sandbox’s APIs, if any will be available, aren’t documented yet.

Much of how Windows Sandbox works comes from the work Microsoft has been doing with virtualization and containers. When a new sandbox process boots, the operating system files inside the image are just immutable links to the files for the OS on the host, similar to a Docker file system image layer. Any changes to the file system, such as the apps launched in sandbox and any data generated by them, are saved separately.

Sandbox processes also have more flexible memory management. They can return unused memory to the host, where VMs have to use a preallocated slab of memory that can’t be altered.

Third-party programs for Windows have provided functionality like Windows Sandbox in the past. In addition to full-blown VMs through VirtualBox, Parallels, or VMware Desktop, an app named Sandboxie, available since 2004, has provided a way to run Windows apps in insolation with a great many options available. However, Sandboxie didn’t work with some applications, such as Windows 10 UWP applications, many antivirus programs, or programs that use copy-protection shells such as games distributed through Steam.

PREVIOUS ARTICLE

« Microsoft's latest Windows 10 build kills passwords, simplifies Start, and adds fun 'kaomoji'

NEXT ARTICLE

What is ransomware? How these attacks work and how to recover from them »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?