Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Windows Microsoft Operating Systems Security Software Technology

Windows 10 Enterprise Getting 'InPrivate Desktop' Sandboxed Execution Feature (bleepingcomputer.com) 99

An anonymous reader quotes a report from Bleeping Computer: A recent Windows 10 Insider Feedback Hub quest revealed that Microsoft is developing a new throwaway sandboxed desktop feature called "InPrivate Desktop." This feature will allow administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system's files. This quest is no longer available in the Feedback Hub, but according to it's description, this feature is being targeted at Windows 10 Enterprise and requires at least 4 GB of RAM, 5 GB of free disk space, 2 CPU cores, and CPU virtualization enabled in the BIOS. It does not indicate if Hyper-V needs to be installed or not, but as the app requires admin privileges to install some features, it could be that Hyper-V will be enabled. "InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software," the Feedback Hub questions explains. "This is basically an in-box, speedy VM that is recycled when you close the app!"
This discussion has been archived. No new comments can be posted.

Windows 10 Enterprise Getting 'InPrivate Desktop' Sandboxed Execution Feature

Comments Filter:
  • This is exactly what bromium have been doing for years now:

    bromium.com [bitly.com]

    regards

    John Jones

    • Re: (Score:3, Interesting)

      by Khyber ( 864651 )

      Bromium is way new to the game.

      Protip: The smart nerds have a Write-locked PE USB made that deploys a RAMFS and essentially ignores anything else inside the computer excepting network card.

      Had an XP one for about 18 years now. Probably about time I made one for 7.

    • This is exactly what every good administrator, and most good power users, have been doing for years now with VirtualBox or something similar. And with significantly less resources required on the computer to do it, I might add.

      Typical Microsoft. Take something everyone already does. Add the ability to do it in Windows automatically, but require more resources than it already takes. Drive the sales of new hardware, computer manufacturers are happy, Microsoft is happy. If adoption isn't high enough, then

  • But it has it up the wazoo.
  • Rowhammer, Spectre, Meltdown and all of their variants didn't just disappear. In fact they will likely get replaced by new versions of themselves in new operating systems. Each one of those can be used by malevolent software to break out of a sandbox.

    Also the Windows API is vast and was not meant to have security in mind. For example usually every application can fill out forms in every other application. That way you can inject code. The timer message, which everyone can send, includes a "callback" field,

  • by Anonymous Coward

    > This feature will allow administrators to run untrusted executables in a secure sandbox without fear [...]

    Windows administrators don't fear anything. That's why they are Windows administrators!

  • If so, then they can hardly be called "private."
  • Cool, but I'm not renting my OS
    • by Anonymous Coward

      Cool, but, this is the year of linux on the desktop, right?

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...