Sandboxing is an isolation method whereby all data relating to an online surfing session or installation of software is encapsulated within a special container (or Sandbox), completely separate from the system. Emptying the container (Sandbox) at the end of the session means that zero data is recorded or retained, everything is gone, including any malware or nasties picked up along the way.
I’ve been using third-party software called Sandboxie for many years, not only to test dubious software but also when researching articles for DCT. My research can take me anywhere on the web and surfing within the sandbox assures that I am not running the risk of inadvertently infecting my system. On a side note: Sandboxie used to be a freemium model with both free and premium editions available but was recently acquired by Sophos and is now completely free including all premium features.
Windows 10 Sandbox
Windows 10 Sandbox is a strange animal– it’s not really a sandbox in the true sense but more of a basic VM (virtual machine) running as an app. The principle, however, is very similar. Whatever you do within Windows Sandbox, as soon as you close out the VM, all associated data is immediately expunged, without ever getting anywhere near your actual system. What makes Windows Sandbox appealing, over something like Hyper-V for example, is its comparative simplicity and ease-of-use. Anyone, regardless of their level of computer proficiency, should be able to easily work with Windows Sandbox.
Unfortunately, Windows Sandbox is not available for Windows 10 Home users. Here are the full system requirements:
- Windows 10 Pro, Enterprise, or Server
- A 64-bit processor capable of virtualization, with at least two CPU cores
- Virtualization enabled in BIOS, if not already
- At least 4GB of RAM (8GB recommended)
- At least 1GB of free disk space (SSD recommended)
You can quickly check via Task Manager to see if virtualization is already enabled. Open Task Manager, go to the Performance tab and look for Virtualization on the right:
Enabling Windows Sandbox
Windows Sandbox is not enabled by default and you’ll need to go to Control Panel > Programs and Features and click Turn Windows features on or off in the left-hand panel:
In the Windows Features window, scroll down to Windows Sandbox and enable it:
Click OK and a new window will open with a progress bar and you’ll receive a couple of messages; Searching for required files followed by Making changes. When the process has completed, took about 30 seconds on my machine, you’ll be required to Restart the system in order to apply the changes.
Working With Windows Sandbox
Once enabled, to start Windows Sandbox, open the Start Menu and type Windows Sandbox:
If it’s something you think you might use regularly, you can select the options to either Pin to Start or Pin to taskbar.
The Windows Sandbox window will take a little time to open on the first run and you will see right away that it resembles a very basic version of Windows 10:
You cannot access any apps or third party programs and browsing online is restricted to using Edge only. The VM creates the usual user directories — documents, downloads, pictures, Music, Videos — but these are pristine (empty folders) created specifically by and for the VM and not your normal system user folders.
Surf Safely In Windows Sandbox
To surf safely, simply run Edge within Windows Sandbox and surf around until your heart’s content. When you’ve finished your session, close out by clicking the X in the top right corner of the Windows Sandbox window and you’ll receive the following message:
Click OK and everything is gone.
Test Software In Windows Sandbox
You can install software within Windows Sandbox to check out dubious software, test the installation process for added potentially unwanted programs, or just to check out software before installing it in the system proper. Use Edge to navigate to and download the software, then simply run the downloaded executable as per normal, either via the options in Edge or from the virtual Download folder. Again, when you’ve finished testing the software, close out Windows Sandbox and everything will be gone.
- For obvious reasons, you cannot install software which requires a Restart within a sandbox, including Windows Sandbox
- Windows Sandbox is a fairly primitive VM and there is no persistence or other features one would normally associate with a full-blown VM. That said, for its purpose, Windows Sandbox is a very simple and user-friendly mechanism
- During the initial run of Windows Sandbox, I received a warning message that Windows Defender was not enabled. You can safely ignore this warning, there is no need for Windows Defender to be running or any other antivirus software. During my online research I came across an editorial article where, in response to this message, the author had actually installed a third-party antivirus within Windows Sandbox. This, in my opinion, would be an extreme and unnecessary precaution. By its very nature, Windows Sandbox is designed to keep malware isolated away from the main system and any malware inadvertently picked up along the way is automatically expunged whenever Windows Sandbox is closed out
- While no browser history will be saved locally, your ISP will still be able to see what sites you’ve visited
- Windows Sandbox is currently utilizing the old Edge and, hopefully, Microsoft will update it soon to include the new Chromium Edge
There may be better sandboxing options available with more features and options. However, the one huge advantage with Windows Sandbox is that it is already there. Plus, as I have said earlier, its very simplicity contributes largely to its appeal.