Windows Sandbox: An Undiscovered Gem for Safe Software Testing

Microsoft's Windows Sandbox feature allows you to quickly and safely run an isolated Windows environment without the need for a VM or OS image. It's ideal for testing suspicious files and websites.

Photo: Lenovo

Microsoft introduced Windows Sandbox back in 2019 as a powerful tool that lets you run a lightweight virtual desktop directly on your computer, without the need for a dedicated virtual machine (VM) or additional operating system images. It has a number of advantages over traditional VM solutions, making it a great addition for developers and power users.

Windows Sandbox is ideal for testing unknown software or running suspicious files (.exe) from third-party sources. If you are unsure about the security of a particular website, it is safer to visit it from within Microsoft Edge in Sandbox than on the main system. The real power of Sandbox lies in its design, as it allows you to run a clean Windows environment almost instantly without complex setup or downloading OS images. It is also very efficient and in most cases uses less memory than a traditional VM. For advanced users, it allows additional configuration via XML files and CSP policies, where you can specify which features are included - for example, audio/video input, clipboard, networking, and folder sharing.

Sandbox sicer ni univerzalna rešitev za vse primere. Poleg ustrezne izdaje sistema Windows zahteva tudi minimalno strojno opremo: vsaj 4 GB RAM, 1 GB prostega prostora ter dvo jedrni in 64-bitni procesor (Arm64 ali AMD64). Čeprav je varnejši od neposrednega zaganjanja sumljivih datotek na primarnem sistemu, obstajajo vrste napredne zlonamerne programske opreme, ki lahko Sandbox prepoznajo kot navidezno okolje, se v njem obnašajo “nedolžno” in nato sprožijo napad v glavnem sistemu.

Sandbox tudi ni najbolj praktičen za dolgotrajna testiranja, saj vse izgine, ko ga zaprete. Ni mogoče zagnati več primerov hkrati, Microsoft Store in aplikacije kot so Kalkulator ali Beležnica niso podprte, prav tako pa ne morete znotraj Sandboxa zagnati druge različice sistema (npr. Windows 7 v Windows 11). Priporočamo, da najprej preizkusite Windows Sandbox – v nekaj minutah boste ugotovili, ali vam ustreza. Če ne, pa se preprosto preklopite na klasičen VM. Škoda je le, da je ta uporabna funkcija še vedno precej nepoznana, saj jo je treba ročno omogočiti. Več informacij pa je na voljo na spletni povezavi https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.