MS announces Windows Sandbox to run bad software without screwing with your system.

[RejZoR]

30 minutes ago, Taf the Ghost said:

We're headed towards fairly hard program isolation on all platforms, just as a security measure, but a Sandbox approach is still valuable for the average user. Especially for users you know aren't very good with computers. It just cuts down on a lot of problems.

It is and it isn't. Like I've said, if it's data collecting trojan, sandboxing it won't do jack manure if you don't restrict it access and networking wise (which is a common misconception that Sandbox just magically prevents everything). Because if it has unrestricted access to your documents and also network connectivity it can steal your documents or passwords from within sandbox.

[Taf the Ghost]

10 minutes ago, RejZoR said:

It is and it isn't. Like I've said, if it's data collecting trojan, sandboxing it won't do jack manure if you don't restrict it access and networking wise (which is a common misconception that Sandbox just magically prevents everything). Because if it has unrestricted access to your documents and also network connectivity it can steal your documents or passwords from within sandbox.

Not sure there is a "common misconception" since so few, sadly, know about sandboxes. Mass-scale sandboxing would shift attack vectors, however, so it's always a constantly moving target. But, at a baseline and for actually normal users, it's a good practice in general.

[Doobeedoo]

Nice. Having sandbox environment is neat. 

[kuddlesworth9419]

I've wanted this for years. 

[captain_to_fire]

Great. Now I can test out these phishing email attachments just out of curiosity. 

Spoiler

btw I have to manually flag this email as spam. Outlook's spam filters seems shoddy at best.

 

[GoodBytes]

Depending on how it is implemented and works (didn't read the detail yet, will do during the week-end)

This can be an interesting playground for many people on this forum. I mean it can give you a playground to test software if you have an issue with under your current install and maybe help you diagnose things by ruling things out, or experiment with things under Windows 10 (say, registry edits) without affecting your setup environment.

So in other words, a playground that can be used easily for educational purpose.

[dtaflorida]

Aww man... looks like I made the wrong choice when installing windows... I got Home screwed.... and I even have an extra key for Pro... I was a big fan of XPmode, but since they weren't supporting that in 10 I figured I'd downgrade OS. FML

[GoodBytes]

4 minutes ago, dtaflorida said:

Aww man... looks like I made the wrong choice when installing windows... I got Home screwed.... and I even have an extra key for Pro... I was a big fan of XPmode, but since they weren't supporting that in 10 I figured I'd downgrade OS. FML

Well, perhaps some better news, you can upgrade from Home to Pro. Of course you'll pay more than if you just got Pro the first time, but is an option.

If you have an old Windows 7/8 Pro license, not in used, and not part of a OEM license, or was used on the same system (motherboard), then you license has been most likely been reserved for your Windows 10 free upgrade offer, and you can re-install Windows 10, with that Windows 7/8 key (which you enter after Windows 10 is installed, not on the setup screen, as that screen only takes Windows 10 product keys, when asked. Yes you have a button called "I don't have a key" to install Windows 10 as trial mode), and you get Windows 10 Pro activated.

[dtaflorida]

16 minutes ago, GoodBytes said:

Well, perhaps some better news, you can upgrade from Home to Pro. Of course you'll pay more than if you just got Pro the first time, but is an option.

If you have an old Windows 7/8 Pro license, not in used, and not part of a OEM license, or was used on the same system (motherboard), then you license has been most likely been reserved for your Windows 10 free upgrade offer, and you can re-install Windows 10, with that Windows 7/8 key (which you enter after Windows 10 is installed, not on the setup screen, as that screen only takes Windows 10 product keys, when asked. Yes you have a button called "I don't have a key" to install Windows 10 as trial mode), and you get Windows 10 Pro activated.

 

Well I dunno what's up with my install/licenses, when I tried to use the Pro key I had windows refused it with an error about needing a Home key. I'd thought the installation itself was generic but... it didn't play nice so I went and got a Home key. 

 

I'll just resort to some other VM software. 

[GoodBytes]

23 minutes ago, dtaflorida said:

 

Well I dunno what's up with my install/licenses, when I tried to use the Pro key I had windows refused it with an error about needing a Home key. I'd thought the installation itself was generic but... it didn't play nice so I went and got a Home key. 

 

I'll just resort to some other VM software. 

Yea, you need to clean install Windows 10 Pro. In the setup, if you don't put a key, it gives you the edition selection screen.

So yes, you'll be doing a clean install, and hope that the key works (if it doesn't work, you can try your luck with "Get Help" app in Windows 10 to talk to a support person who may give you an override code, if you are very nice)

[Nineshadow]

Is it more like a virtual machine or a container?

[vorticalbox]

9 hours ago, mr moose said:

 

I think the people who are running pro or higher are generally less likely to be running unknown 3rd party software for the first time, so it really is home users and home enthusiasts who need this facility the most.   Once you get to enterprise there is a good chance your IT department is already running several VM's for other things and so it really isn't hat hard to create one for testing new software (if they don't already).

As a developer, I see this as a way to run complied code without it effecting your host system.

 

It also lets you test with a clean slate with your changes to the os such as path, no effecting your tests

[GoodBytes]

For those interested in trying it out and can't wait until May/April, you can join the Insider Fast Ring program of Windows 10 and you can give it a spin.

Please note that, if you do, you must be aware that Insider builds of Windows 10 are versions/builds of Windows 10 that is in development, beta code, and may contains bugs and issues. You must be prepared for any data loss, and system clean install that may need to be done. Not recommended for your main system.

 

[AlwaysFSX]

9 hours ago, mr moose said:

I think the people who are running pro or higher are generally less likely to be running unknown 3rd party software for the first time, so it really is home users and home enthusiasts who need this facility the most.   Once you get to enterprise there is a good chance your IT department is already running several VM's for other things and so it really isn't hat hard to create one for testing new software (if they don't already).

You don't know me or the unknown programs I run on a daily basis.

 

That being said, while this would be useful for "normal" users, I doubt most of them would fully grasp how they're supposed to utilize a feature like this.

[Guest]

7 hours ago, RejZoR said:

It is and it isn't. Like I've said, if it's data collecting trojan, sandboxing it won't do jack manure if you don't restrict it access and networking wise (which is a common misconception that Sandbox just magically prevents everything). Because if it has unrestricted access to your documents and also network connectivity it can steal your documents or passwords from within sandbox.

Well..I hope that sandboxed environment is logically separated from the lan network at least to prevent that 

[Jito463]

12 hours ago, AlwaysFSX said:

That being said, while this would be useful for "normal" users, I doubt most of them would fully grasp how they're supposed to utilize a feature like this.

That was my thoughts, too.  Just because a feature would be useful to your average user, doesn't mean they'd have the first clue how to actually use it (or that they would bother to, even if someone showed them how).

[Ashleyyyy]

23 hours ago, GoodBytes said:

Depending on how it is implemented and works (didn't read the detail yet, will do during the week-end)

This can be an interesting playground for many people on this forum. I mean it can give you a playground to test software if you have an issue with under your current install and maybe help you diagnose things by ruling things out, or experiment with things under Windows 10 (say, registry edits) without affecting your setup environment.

So in other words, a playground that can be used easily for educational purpose.

so a playground that doesn't affect your main install... that's called a virtual machine. we've had that for YEARS. what's new?

[Drak3]

3 minutes ago, firelighter487 said:

so a playground that doesn't affect your main install... that's called a virtual machine

A virtual machine is running an instance of an OS within another OS by emulating the hardware and firmware of a bare machine.

 

This is just running a second virtual desktop instance with some permissions disabled completely.

[Jito463]

15 hours ago, firelighter487 said:

we've had that for YEARS. what's new?

15 hours ago, Drak3 said:

This is just running a second virtual desktop instance with some permissions disabled completely.

Also, this is integrated into the OS, so no need for third-party software.  Of course, I wouldn't rely on it too heavily until it's been thoroughly tested by someone who hasn't fired their entire testing team.

 

[Drak3]

3 hours ago, Jito463 said:

Also, this is integrated into the OS, so no need for third-party software. 

Every version of Windows getting this already has HyperV, so there really wasn't a need for 3rd party software anyways.

[LAwLz]

26 minutes ago, Drak3 said:

Every version of Windows getting this already has HyperV, so there really wasn't a need for 3rd party software anyways.

I am 99% sure this is based on HyperV. It's just that they have made it simpler and faster to use.

Instead of

1) Creating a VM,

2) Pay and put in another Windows license

3) Set permissions for the VM such as restrict access to the network

4) Create a snapshot

5) Transfer the program you want to run

6) run it

7) Restore from snapshot manually

 

You just press "run in sandbox" (or however the menu will look).

Quite a lot simpler.

 

 

 

I thought of another use-case for this as well. Now in corporate environments it may be possible to loosen up on the restrictions for what programs are allowed to run on corporate computers, if sketchy or outdated programs are only run in the sandbox function (assuming it does not need network access). This was obviously possible with VMs before, but you would have to pay double the licenses for each user and it would require some manual configuration.

[Nineshadow]

On 12/20/2018 at 7:10 PM, Drak3 said:

A virtual machine is running an instance of an OS within another OS by emulating the hardware and firmware of a bare machine.

 

This is just running a second virtual desktop instance with some permissions disabled completely.

Actually it doesn't really emulate hardware. That's what an emulator does. A virtual machine "virtualizes" hardware, if you will. For example, there are specific instructions that split a CPU into more vCPUs. That means that you can't run a virtual machine that runs on a different architecture, eg. ARM guest on x86 host, you'd need an emulator for that.

[Drak3]

1 hour ago, Nineshadow said:

Actually it doesn't really emulate hardware. That's what an emulator does. A virtual machine "virtualizes" hardware, if you will. For example, there are specific instructions that split a CPU into more vCPUs. That means that you can't run a virtual machine that runs on a different architecture, eg. ARM guest on x86 host, you'd need an emulator for that.

Emulation and virtualization are the same thing.

[Salv8 (sam)]

yea this is cool and all but, if i want to virtualise a clean sandboxes windows environment i'll just use sandboxie

[HappyPoison]

Just as an update, Microsoft is shutting down the downloaded VM's on 3/6/2019.

Source: https://develop er.microsoft.com/en-us/windows/downloads/virtual-machines