Published: Thu, December 20, 2018
Tech | By Constance Martin

Microsoft Promises Sandboxed Apps With the Security of VMs

Microsoft Promises Sandboxed Apps With the Security of VMs

When using Windows Sandbox, the operating system will launch a virtual machine that runs a copy of Windows built from your installed Windows operating system. The result is that 100 MB of disk space is all that's required for the Sandbox, and the necessary RAM is significantly reduced compared to a fully virtualized environment. Once it's shipped, the Sandbox will be available in the Windows Features applet.

Microsoft says that Windows Sandbox uses Hyper-V for hardware-based virtualization and the Sandbox instance uses its own integrated kernel scheduler, memory management, and virtual GPU.

Windows Sandbox is similar to the Edge virtual machine but designed for arbitrary applications. Instead, it uses the files of the host OS to dynamically generate pristine files each time you open the Sandbox.

With those boxes checked, the machine will be able to create a small 100MB Windows 10 installation that is completely isolated from your real operating system via Microsoft's Hypervisor to run a separate kernel. Windows Sandbox will be a part of the 19H1 update, expected to land in the first half of next year.

While Microsoft didn't comment on the leak at the time, it has now made the feature official - though it's now known as Windows Sandbox.

New Russian Barracks on Disputed Islands Draws Protest From Japan
Soviet forces seized the four islands at the end of World War 2 - but Moscow and Tokyo both claim sovereignty over them. A US F-35B fighter jet lands aboard amphibious assault ship Wasp during an exercise in the western Pacific.

Microsoft has rolled out an out-of-band security update to Windows 10 October 2018 Update, April 2018 Update, Fall Creators Update, Creators Update, Anniversary Update, and the original version of Windows 10.

Due to Microsoft's legacy browser, Internet Explorer, you may need to reboot your PC soon.

Lastly, Long-Term Servicing Channel users are still on the original version of Windows 10 will get KB4483228, taking them to build number 10240.18064. The host system will be allowed to reclaim unused memory from the sandboxed applications, something that could one day also be exploited. The company said that the goal here is to make the sandbox act more like an app rather than another virtual machine, but still have the same (or close to the same) security guarantees as a virtual machine.

SANDBOXES are useful things.

After the sandbox environment is created once, a snapshot is taken of the device state, CPU and memory so that it can be started much more quickly later on. Older cards use software-emulated graphics.

Like this: