Microsoft Announces Windows Sandbox, a Desktop Environment For Running Applications in Isolation

Microsoft has officially unveiled "Windows Sandbox," a feature that was expected to be unveiled next year. Windows Sandbox, the company says, creates "an isolated, temporary desktop environment" where users can run potentially suspicious software. From a report: Windows Sandbox is an isolated desktop environment which functions much like a virtual machine; any software installed to it is completely sandboxed from the host operating system. Aimed at businesses, enterprises and security-conscious home users, Windows Sandbox will be part of Windows 10 Pro and Windows 10 Enterprise. It is not clear exactly when the feature will debut, but it could make an appearance in Windows 10 19H1 next year.

The company touts the following features of Windows Sandbox in a detailed blog post introducing the new feature:
Part of Windows -- everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
Pristine -- every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
Disposable -- nothing persists on the device; everything is discarded after you close the application.
Secure -- uses hardware-based virtualization for kernel isolation, which relies on the Microsoft's hypervisor to run a separate kernel which isolates Windows Sandbox from the host.
Efficient -- uses integrated kernel scheduler, smart memory management, and virtual GPU.

Sandboxie

[Anonymous Coward]

Or use Sandboxie, which has been out for over a decade.

https://www.sandboxie.com/

Re: Sandboxie

[TJHook3r]

Good shout AC, Sandboxie is the same product, with almost the same name.

The expected work-around....

[Anonymous Coward]

Of course "bad guys" will figure out some way to detect that they are running inside a pristine sand-box and behave differently, ie, non-malicious. The user/tester runs that application, nothing bad happens, certifies that it is safe and releases it to the rest of the business population. Once it's out in the open the application acts maliciously and does it's dirty work.

Re:The expected work-around....

[ctilsie242]

This is already done. A lot of malware checks for drivers and won't run if it sees a VMWare driver, 3 CPU cores, or an oddball amount of RAM. This is a good thing, in a way, if one uses VMs for partitioning tasks (for example QuickBooks goes into its own virtual machine, so it is isolated and protected from malware for the most part. You can also add encryption, either in the VM via BitLocker or store the VM files somewhere secure (VeraCrypt volume), to ensure better protection when the machine isn't in use.

I'm hoping Microsoft starts moving more towards a QubesOS model.

Re:The expected work-around....

[Seven Spirals]

Your solution is a good one, but it's a lot of hassle. QubesOS has it all streamlined, but using paravirt with Xen is a bit of a misfit when I've used it. I'd rather see a solution built around LXC or OpenVZ. However, I guess there already are some efforts in this direction that have made progress. I suppose it's mostly a matter of preference in terms of what method to implement the key is making sure no trace is left for the bad guys to follow.

Re:

[bill_mcgonigle]

using paravirt with Xen is a bit of a misfit when I've used it

Xen pvh2 is almost done, and should remove the last technical reasons to use paravirt.

Re:

[Seven Spirals]

Sweet, that made me go refresh my Xen news buffer. Lots of cool developments and the near-arrival of pvh2 is definitely one of them.

Re: The expected work-around....

[zaphirplane]

There will be ways to detect gmtge sandbox, the ms sandbox isnâ(TM)t a pristine installation, itâ(TM)s on top of your current system

True browser sandboxing yet with this feature?

[Seven Spirals]

I want every single tab I open to be like a baby finding itself in a brand new world every time. I want no cookies to cross reference (yes, I am willing to login every time). I wish for no resources available for Javascript trying to find clever ways to spy and screw with things outside of that "sandbox". I want that tab to feel like it's running on a computer that was just whisked into existence for that one task only. When I close that tab I want (at least on the local system) for it to be like that never happened. Don't leave cache files, ghost cookies, cookies, or alter the system in one single goddamn binary bit that can be tracked later on. I know "private browsing" claims to do a lot of these things, but then you find out later that it really doesn't or that there is some tracking. However, I gotta say, my current method works pretty well. I just keep a bookmarks file that I occasionally import/export when needed. Then I use 'srm' (secure rm) to wipe every file and directory that the browser altered when it was running (inside of a jail, usually). It's not that I have all kinds of stuff to hide, I just hate being spied on by automated "eyes".

Re:

[sg_oneill]

I want every single tab I open to be like a baby finding itself in a brand new world every time. I want no cookies to cross reference (yes, I am willing to login every time). I wish for no resources available for Javascript trying to find clever ways to spy and screw with things outside of that "sandbox". I want that tab to feel like it's running on a computer that was just whisked into existence for that one task only. When I close that tab I want (at least on the local system) for it to be like that never

Re:

[Seven Spirals]

Yeah, I'm sure low-level file and cross-tab Javascript security in all browsers are just a matter of learning hotkeys. Garsh, why didn't we all just ask you to fix the issue for us?

Re:

[Seven Spirals]

The only wife I need to hide from is yours... but hey, just kidding, haha. It's hilarious right?

Re:

[Seven Spirals]

Years of watching various "sandboxing" fails has convinced me that you are probably right.

Re:

[Provocateur]

Years of watching Jurassic Park and I almost forgot the name Ian Malcolm, who is quite astute.

Re:

[Seven Spirals]

Years of watching Jurassic Park and I still love Silicon Graphics [baltimoresun.com] (it's a Crimson they have there - I have a Tezro and 3 other SGIs), the Mac Quadra 700 [youtube.com] (I have two of them), and Thinking Machines [thedailywtf.com] supercomputers (hehe, I don't own one of these!). I love that freakin' movie.

Re:True browser sandboxing yet with this feature?

[Opportunist]

Have you tried epic browser [epicbrowser.com]?

Re:

[Seven Spirals]

No, but it looks like they have the right idea. I'm just not on Windows very often but I will give it a shot sometime when I am. Thanks for the pointer. After years of just using NoScript and 'rm -rf ~/.mozilla' there has to be some kinda better way. However, my ability to trust a browser at this point will have to be after several test browsing sessions to see what turdlets it leaves afterwards when I examine the filesystem (and registry if it's Windows).

Re:

[Blue Stone]

Installed and tried it.

Tested one website to try it out and it broke the website quite comprehensively, with no way to get it to work (no plugins I could disable, no scripts or permissions I could grant to get it to work (as I do when using firefox with ublock and umatrix).

It also inserts 'epicupdater' into my startup without permission, which I DO NOT like.

That's just my first impression. Not *that* great.

Re:

[Blue Stone]

Well shit. Google altered the deal, eh? Damn.

Re:Getting Close

[Seven Spirals]

The thing that stands out as being most effective in that bevy of countermeasures is NoScript. It's amazing how willing folks are to run un-trusted code from people with strong motivation to track and monetize you. You've just described what I do already, now. The only difference is that, in addition to the measures you describe, I have a script that removes the entire ~/.mozilla directory and then re-creates it from a minimal backup that just restores my bookmarks and the aforementioned security plugins. I had to go that far because I was still finding turdlets even after all that. It's frustrating that even the efforts at sandboxing I've seen so far aren't as complete as this psuedo-manual "browsing rig" we are doing now.

Re:

[thegarbz]

It's amazing how willing folks are to run un-trusted code from people with strong motivation to track and monetize you.

Why is it amazing given the level of actual personal risk people face on common websites as a result of tracking? The direct impact to people's lives by corporations hoovering up their data can be likened to dying in a terrorist attack. There are literally billions of people whose data has been harvested and who are being tracked yet the vast majority don't care precisely because nearly everyone has been completely unaffected by it.

Now breaking the web by micromanaging scripts on the other hand *that* affec

Re:

[Seven Spirals]

Hey, if you or others want to be involuntary Bitcoin miners, unwitting DDoS zombies, or a test-bed for CPU flaws, go ahead. Your right about one thing though: that won't be amazing, it'll just be normal behavior. People do it all the time. Your comment on breaking the web also makes you sound like Jquery/Angular/Axios developer. As if nobody has the "right" to view a website with Javascript turned off.

Re:

[iMadeGhostzilla]

I only run NoScript browsers outside of Sandbox (with a handful of urls whitelisted). Email, banking etc. Everything else that would be OK if hacked I browse inside Sandboxie. Bit of a hassle sometimes (copy link from email in no-sandbox browser), paste into sandboxed browser, but worth the additional peace of mind.

Re:

[fahrbot-bot]

I want every single tab I open to be like a baby finding itself in a brand new world every time.

So... crying, covered in blood and mucus... What freakin' browser are you running?

Re:

[Seven Spirals]

If the sandboxed processes scream and thrash while covered in goo, that'll just add to my satisfaction that they've been shown their proper place in the world. :-)

Re:

[dargaud]

Browser fingerprinting techniques can still identify you this way.

Re:

[Seven Spirals]

You're right. However, doing something feels better than just laying down and letting the big-brother corporate feudal lords just monetize my existence at every opportunity. IMO, "Defense-in-Depth" still applies to an individual trying to be left alone, even if their countermeasures aren't 100% effective and they aren't sitting in a missile control silo.

Re:

[jimbo]

Firefox with Temporary Containers add-on takes you quite far in that direction. Each tab is a new container and all data, except bookmarks, is wiped after closing the tab.

Re:

[Seven Spirals]

I haven't tried that one. Just NoScript, Ghostery, and a few others. It sounds promising. I'll give it a shot.

Jailbreak

[Scutter]

I'm putting money on "under 24 hours" before the first proof-of-concept malware is written that can escape the sandbox, followed by years of bug-fixing whack-a-mole before this is anywhere close to secure.

Re:

[pgmrdlm]

This type of technology has been around for a long time. I use to use sandboxie. Where we are working, we are using a solution like this to isolate all Java applications. This is not anything new other than Microsoft is finally offering it.

Re:

[bobbied]

I'm putting money on "under 24 hours" before the first proof-of-concept malware is written that can escape the sandbox, followed by years of bug-fixing whack-a-mole before this is anywhere close to secure.

But... Edge is faster! Just ask us, or read all the popup ads we send you with every OS update..

Seriously, ANY operating system software plays whack-a-mole with security holes. MS isn't any exception.

Re:

[ctilsie242]

Even if someone does break it, I applaud Microsoft for having this in the first place. Running a Web browser in a VM, sandbox, or isolated environment, where it has no access to documents is a step forward.

Re: Jailbreak

[eneville]

Been ctrl-alt-f2'ing to another user to browse for a while. Nothing new in multiuser os, just a lot less of an issue in one.

telemetry

[Sperbels]

nothing persists

Except the telemetry sent back to MS.

Pristine

[blavallee]

Clean as a brand-new installation of Windows.
I'm sure it will include all the annoying notifications!

Re:Pristine

[MagicM]

And Candy Crush!

Re:

[Opportunist]

With all telemetry turned back on that you painstakingly ripped out, using various third party tools and registry hacks.

great in theory

[fred6666]

but in practice, let say you need to open a file, how does it work? And then save it? Will they allow SMB file transfers between the host and the sandbox? Couldn't viruses spread this way?

Re:

[thepigwanker]

If this is based on Hyper-V, then probably something like enabling the Guest Service so you can use PS Direct (i.e. not SMB).

Re:

[fred6666]

But how good is the sandbox if the application can access all your files?
It can still mine bitcoins and waste your CPU/GPU.
It can still send all your files to some scamers and then encrypt your local copy.
The only thing is that it won't have admin rights so it won't be able to delete the OS or mess with other users' files. Just like any non-sandboxed application, isn't it?

Re:

[Seven Spirals]

Exactly. Put in a "backdoor" (ala VMware tools, memory balloon drivers, or other such stuff that can talk to the host-side) and sooner or later someone will find a way to escape. Virtual machines can be cool and useful but there can be situations where they complicate the security threats you face versus bare metal. Spectre, Meltdown, and lots of side-channel low level CPU flaws have shown us that it's at least possible. If it's possible, then there is always the threat of really nasty exploit giving folks

Virtual machines with live migration very often

[Joe_Dragon]

Virtual machines with live migration very often may help cut that down.

Re:

[Seven Spirals]

Well, I know VMware guests which are going to use "Vmotion" will need to migrate between machines with similar CPUs often will "dumb down" the instruction set to whatever they have in common. Are you saying that process or something like it is mitigating things like Spectre? I haven't heard that before, but I suppose it's possible. Since VMware virtualization is a layer between the OS and the CPU, I suppose it's possible to use that to your advantage.

Obligatory xkcd

[aitikin]

https://xkcd.com/2044/ [xkcd.com]

Re:

[jfdavis668]

Yes! All our problems started when we let computers communicate with each other.

Re:

[aitikin]

It's relatively new. Latest is 2087 and this one is 2044.

Truth in advertizing

[gtall]

If this were really a Windows Sandbox, we could stick Windows in it and be so much more safer. I don't think they are shooting high enough here.

How much overhead and virtual GPU?

[Joe_Dragon]

On the virtual GPU is it based on your card? or is it some low end basic card?

Re:

[dissy]

On the virtual GPU is it based on your card? or is it some low end basic card?

The Windows Kernel Internals descriptions say that 'windows sandbox' is put on top of the previous 'windows containers' software, which basically uses Hyper-V.
With virtualization options enabled in the CPU, it uses "RemoteFX vGPU"

I didn't know what RemoteFX was but there was a reference link to here:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-remotefx-vgpu [microsoft.com]

From the description this is the same virtual GPU sharing used in the remote application part of remote desktop.

I'm

Re:

[dissy]

It's interesting you say that as from everything I've read, vPC is part of Nvidia GRID which is specifically different hardware than consumer GTX cards. Do you have anything point to some examples of consumer GTX cards actually have vPC support?

Actually no, and now quite the opposite. I stand corrected.

I misread the Nvidia page listing of cards with vGPU support. What it actually says is:
"NVIDIA Virtual GPU software runs on NVIDIA Tesla GPU based on the NVIDIA Volta, NVIDIA Pascal and NVIDIA Maxwell GPU architectures."

I read that as a list of 4 separate architectures, instead of Tesla GPUs specifically on one of those 3.
That combined with knowing the GTX 1080 uses the Pascal arch, presumed it was included.

Sorry about that.

I used to do this on Abandonware sites

[rsilvergun]

with dodgy adverts on them. I'd run a Linux VM to browse them. Most of my fav abandonware sites started hosting warez though and got shut down (snesorama, I miss you, you're beloved community found me a full version of X-Tom 3D, which I wasn't even convinced existed).

Can I run windows in the sandbox?

[AmazingRuss]

I'd feel a lot safer...

Re:

[thegarbz]

Don't you already run it in a sandbox known as your computer? Or are you playing in the cloud?

They just invented chroot and containers!

[aglider]

Cool!

Re:

[thegarbz]

Nice modpoint whoring and playing the crowd, but no. They haven't done that even remotely. Try again but this time make a reference to KVM.

My cat

[PPH]

... thanks you.

How this is different than a regular VM

[darkwing_bmf]

From Microsoft:

Integrated kernel scheduler - With ordinary virtual machines, Microsoft's hypervisor controls the scheduling of the virtual processors running in the VMs. However, for Windows Sandbox we use a new technology called "integrated scheduler" which allows the host to decide when the sandbox runs. For Windows Sandbox we employ a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority

VMWare

[darkain]

"uses hardware-based virtualization for kernel isolation, which relies on the Microsoft's hypervisor" Hyper-V and VMWare Workstation cannot operate on the same Windows box. This is another case of Microsoft bundling software that forces out competition. As someone in a full VMWare environment, features like this scare me. I don't want to have to hack my windows just to keep my current tool set operational.

"Pristine"

[ilsaloving]

every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.

So it's going to preinstall a whole bunch of crap (Candy Crush Saga, Solitaire Collection, Photoshop elements, etc) I didn't asked for or want?

A brand new install of Windows 10 is about as pristine as a snow pile in a dog park.

default

[sad_]

they should use this as the defaut option to run any windows application, and make it a special option to NOT run in a sandbox.