Microsoft has shipped in a new feature in Windows 10 operating system which are for Pro and Enterprise builds 18305 and up that let users create throwaway desktop environments for testing and developing software. A new feature for Windows 10 Pro and Enterprise lets you run untrusted desktop apps in isolated environments more flexible than VMs
Normally, developers have to spin up a virtual machine or use a separate system specifically for running new or untrusted apps. But the new feature, called Windows Sandbox, uses the container technologies recently added to Windows to provide a high degree of isolation for individual programs, Microsoft says.
[ Compare container operating systems: Alpine Linux, CoreOS Container Linux, RancherOS, Red Hat Project Atomic, and VMware Photon OS. | Learn how to get started with Kubernetes. | Keep up with the latest developments in cloud computing with InfoWorld’s Cloud Computing newsletter. ] When launched, Windows Sandbox presents a Windows desktop running in a window, similar to a VM. Files and applications can simply be dragged and dropped, or copied and pasted, into the sandbox process, then run as is. Nothing running in the sandbox process affects the host. When the sandbox is closed, all its content is erased.
Right now, the feature set for Sandbox is very limited. There doesn’t seem to be any way to save and restore the state of multiple sandboxes. Windows Sandbox’s APIs, if any will be available, aren’t documented yet.
Much of how Windows Sandbox works comes from the work Microsoft has been doing with virtualization and containers. When a new sandbox process boots, the operating system files inside the image are just immutable links to the files for the OS on the host, similar to a Docker file system image layer. Any changes to the file system, such as the apps launched in sandbox and any data generated by them, are saved separately.
Sandbox processes also have more flexible memory management. They can return unused memory to the host, where VMs have to use a preallocated slab of memory that can’t be altered.
Third-party programs for Windows have provided functionality like Windows Sandbox in the past. In addition to full-blown VMs through VirtualBox, Parallels, or VMware Desktop, an app named Sandboxie, available since 2004, has provided a way to run Windows apps in insolation with a great many options available. However, Sandboxie didn’t work with some applications, such as Windows 10 UWP applications, many antivirus programs, or programs that use copy-protection shells such as games distributed through Steam.