Microsoft has introduced an isolated desktop environment, called Windows Sandbox, whereby you can temporarily run untrusted software without the fear of having impact on your PC, and once done, the software with all its files will be permanently deleted.
The Windows Sandbox builds on the technologies used within Windows Containers, which are designed to run in the cloud, with added Windows 10 integration, and features that make it more suitable to run on devices and laptops without requiring the full power of Windows Server.
It offers a lightweight virtual machine, so if you've ever been in a situation in which you wanted a clean installation of Windows, but didn’t want to set up a virtual machine, this feature is meant for you.
Since Windows Sandbox is basically running the same operating system image as the host, the same physical memory pages are used as the host for operating system binaries via a technology referred to as “direct map”.
And the key enhancements to Windows Sandbox is the ability to use a copy of the Windows 10 installed on your PC, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine.
The same executable pages of ntdll, are mapped into the sandbox as that on the host, to ensure this is done in a secure manner and no secrets are shared.
The Windows Sandbox feature is set to debut in 19H1(1903), the next version of Windows 10 expected in spring of 2019, and will come as part of Windows 10 Pro and Enterprise Editions.
No comments