Windows Sandbox is an interesting security feature added in the Pro, Education and Enterprise versions of Windows 10, which allows run applications in an isolated and secure desktop environment.
Although advanced users are able to configure their own virtual machines to verify the origin or danger of unknown applications, Microsoft has developed a simpler way for any user to start this type of software in a protected desktop environment.
To do this, Windows Sandbox creates a temporary desktop environment through a reduced installation of Windows of approximately 100 Mbytes and with a kernel separated and isolated from the PC where it runs. Another of its advantages is that it is designed to be not only safe, but disposable so once we have finished running the applications and close this tool, the entire generated environment will be deleted.
What we use Windows Sandbox for
The tool has varied uses, mainly to browse potentially dangerous websites and test unknown applications. Some examples:
– Verify applications. It is not difficult to run into unknown and unreliable applications. They can be useful, but they can also be dangerous or even contain malware. Windows Sandbox allows you to do almost anything that a standard PC including the execution of an antivirus to check those applications.
– Web navegation. The global Internet is plagued by nasty sites including those that distribute malware, spam or have phishing schemes. If you want to access a suspicious website without putting your computer at risk, this isolated environment allows it. In almost infection or risk it is simply a matter of closing the session.
– Test software. It is also possible to try any type of software that although it is not dangerous, we do not know it or we are not sure of wanting to keep it in the future. This environment offers an ideal test environment, since you can install and run an application without leaving any trace on the main operating system or use of resources, memory, storage or in the Windows registry.
– File Check. One of the most used ways of malware distribution comes from the attached files. For example in the email. If you want to check emails and these types of files, this can help. The same with a document with macros or any type of file that you want to execute. Even if it contains malware, once the environment is closed the computer will be completely clean of it.
How to activate Windows Sandbox
The tool requires minimum prerequisites for software and hardware such as the following:
- Windows 10 May 2019 Update or higher, Pro, Enterprise or Education editions.
- Processor with 64-bit architecture.
- At least 4 GB of RAM (8 GB recommended).
- At least 1 GB of free disk space (SSD recommended).
- At least 2 CPU cores (4 cores with hyperthreading are recommended).
Like any tool of its kind, it also requires having activated the processor virtualization capability of the machine In AMD processors, the virtualization feature is called ‘AMD-V’ and is enabled by default in compatible models. With Intel processors it is different and its virtualization technology called ‘Intel VT’ is not enabled by default, requiring user activation. This is done in the BIOS / UEFI as we saw in this practical article.
From there the installation process occurs as follows:
- Access the system control panel> Programs and features> Activate or deactivate Windows features.
- Alternatively, you can access directly by typing "Activate or deactivate Windows features" in the system browser.
- Activate the Windows Sandbox.
Once enabled, you will find Windows Sandbox as an application in the Start menu and you can also pin it to the taskbar for quick access. You will see it exactly like a real desk. It has a Start menu, the Settings application, and can also interact with the software as you normally would.
Windows Sandbox uses the installation of Windows 10 as a base, without downloading virtual images and without having to pay additional licenses for dedicated software. Very useful to test any dangerous application or visit suspicious websites without risks. Once you finish using it, the entire generated environment and its consequences will be eliminated.