- Get link
- X
- Other Apps
How to use Microsoft's simple virtual Windows PC to secure your digital life
safe. At any time, you can close Windows Sandbox, and when you do, anything left there is totally obliterated. If that dodgy website rains malware down on your Sandbox, all it takes is one click to shut it down, without harm to your actual Windows installation. Next time you launch a new version of Sandbox, it will launch a pristine version of Windows 10 to start anew. You won’t need to buy a second copy of Windows to use the feature either—though you will need Windows 10 Pro or Enterprise. The Home version doesn’t support it. Here’s everything you need to know to start using Windows Sandbox.
Get started with Windows Sandbox
- A 64-bit processor capable of virtualization, with at least two CPU cores; Microsoft recommends a quad-core chip. (Virtually all Intel processors sold since 2016 support virtualization, though this Intel guide explains how to check. Otherwise, the Performance tab within the Task Manager will tell you whether virtualization is enabled—credit to Shailesh Jha for the reminder.)
- Virtualization enabled in your motherboard BIOS, if it’s not already
- Windows Pro, Enterprise, or Server
- At least 4GB of RAM (8GB recommended)
- At least 1GB of free disk space (SSD recommended)
When the installation process is completed, there won’t be any bells or whistles. To enable Sandbox, you can simply type Windows Sandbox into the Windows search box. It may take a minute or two to load, if only because Windows needs to establish the virtual machine. Microsoft has said previously that it will “freeze” the state of the virtual machine, archive it, and bring it up when you launch Windows Sandbox again—basically, everything should launch faster next time around.
How to use Windows Sandbox
Sandbox appears as a small window on your desktop. Within it, there’s another Windows desktop, like what you might see if you installed Windows 10 and decided to use a local account. The Sandbox virtual PC isn’t quite like your own. For one thing, none of the personalization options you’ve installed will carry over, such as favorites and themes. And that’s good! One of the ideas behind Sandbox is not to put your personal information out into the wild, so don’t be tempted to log in with your personal account. None of your third-party software will appear either. You still have access to File Explorer, but it’s restricted to the Sandbox, with a subset of your PC’s resources available. Note, too, that only one instance of Windows Sandbox is allowed at a time. You’ll probably be immediately tempted to open Windows Sandbox as a full-screen app. That’s fine, especially as Microsoft has helpfully placed a large, Windows XP-style header at the top of the window, reminding you that you’re working within Sandbox. Pay attention to it—the last thing you want to do is carelessly switch back to your “real” PC and open that dodgy website that you meant to launch in Sandbox. Edge browser and File Explorer windows opened within Sandbox won’t identify themselves as the Sandbox versions. Feel free to play around with the Windows Settings within Sandbox, if you’d like, and see how it differs from your main Windows installation. Because Windows Sandbox isn’t run as a virtual machine, but as an app, there’s not as much of a performance hit on your PC as a true virtual machine. (If you’d like to know more about the technical underpinnings of Sandbox, check out Microsoft’s support page.) But be aware that Sandbox is going to take a chunk of your PC’s resources for its own use, including a portion of the CPU, memory, and disk space. If your PC is already pokey, both it and the Sandbox virtual PC will run even more slowly. Sandbox’s app status also benefits you if you ever want to interact with any files you may have downloaded. A Hyper-V virtual machine isolates the file system so that malware can’t escape. Any files you want to copy out of a Hyper-V VM requires a Remote Desktop connection or Enhanced Session Mode. Normal people don’t want to deal with any of that! Sandbox simply allows you to cut and paste (or copy) any file on it right to your “real” desktop. That’s very handy if the utility you were testing turns out to be useful after all. I didn’t notice any bugs or crashes associated with Sandbox, with one exception. If you’re having trouble accessing the Internet from within Windows Sandbox, as I did, you may want to tweak your firewall settings to allow access to the Sandbox apps, or simply adjust your global protection settings. Windows Sandbox won’t tell you if a dodgy program is secretly sending information back to a third-party server, or whether some other pernicious activity is taking place without your knowledge. (Advanced users could monitor network traffic if they desired, however.) But if that file a “friend” sent you turns out to be ransomware, it won’t do any harm in Sandbox. Remember, you can close down Windows Sandbox at any time. When you do, you’ll receive a message that whatever is stored within it is gone for good. The protections Sandbox offers go away if you copy a hazardous file from within the virtual machine out to your main Windows installation, of course.Adapting Windows Sandbox for everyday use
What you may quickly realize, however, is that Sandbox is more than just a testbed for apps you’re not sure about. It’s also a bonus layer of security when you’re poking about the web. We liked Windows 10’s hidden secure browser, Windows Device Application Guard, but it allowed you to download files only to its own secure environment. With Sandbox, you can copy files between Sandbox to your PC. Both Microsoft Edge and Google Chrome include their own sandboxing elements to protect your PC. But if you really don’t trust a particular site, you can always open Edge within your Sandbox (creating a sort of “sandbox within a Sandbox”) and open that untrusted site. Are you a bit skeptical that Chrome’s Incognito mode doesn’t track your browsing? Download Chrome within Sandbox, surf away without logging into your Google account, then destroy your whole session by closing Sandbox. Windows Sandbox doesn’t anonymize your viewing—your Internet provider will still theoretically have a record of what sites you’ve visited, unless you also use a VPN—but when you destroy the Sandbox, that browsing record totally disappears. And if you download something you’re not sure about, you can always test it within Sandbox to help determine whether it’s actually malicious.
Comments
Post a Comment