back to article Microsoft: Come and play in our Windows SandBox

Ever felt a bit sick when Windows whinges about a suspicious application, but you really need to run it? Worry no more, because Windows Sandbox is inbound. Hari Pulapaka of the Windows Kernel team shared the good news last night, trumpeting the arrival of the lightweight desktop environment that would allow whiffy applications …

  1. Martijn Otto

    Windows ensures your privacy

    I have heard a rumor that upcoming builds will re-enable the "remove user files" option, thereby ensuring no private data can leak by preemptively deleting it.

    This feature was present shortly in a previous build, but it didn't work consistent enough yet and was therefore removed. Don't worry, though, Redmond is on the job!

    1. ivan5

      Re: Windows ensures your privacy

      Oh, so they have removed all the slurping code - thought not

  2. This post has been deleted by its author

    1. ivan5

      Re: Microsoft is a dog

      I thought it was cats that did that sort of thing in sandboxes.

  3. Alan Mackenzie


    "Nothing is persisted".


    Persist is an INTRANSITIVE verb. How about "Nothing persists"? Shorter and much, much better!

    1. Random Handle

      Re: Erkk!!!

      > "Nothing is persisted".

      > Persist is an INTRANSITIVE verb. How about "Nothing persists"?

      How would we know if nothing persists simply because there wasn't anything persistable?

    2. Steve Knox

      Re: Erkk!!!

      See definition 4 (computing, transitive).

      As this is an IT rag, and the technical usage is more precise in describing the actual process, I think the transitive use is justified.

    3. diodesign (Written by Reg staff) Silver badge

      Re: Erkk!!!

      It's a technical term (see Steve Knox's comment)


  4. karlkarl Bronze badge

    So Microsoft has basically come up with Chroot, Jails, LPAR, Zones many many years late...

    Nice job. I am sure that they will be worshipped by consumers everywhere!

    1. Jack of Shadows Silver badge

      I rather suspect it's based on containers. Not the first time I've said this about the upcoming sandbox mode for Windows 10. The reason I like Server instead is that all of this is built in and tested (for whatever you expect for any value of tested you'll believe).

      1. Jack of Shadows Silver badge
        Thumb Down

        Serious mea culpa. It's Hyper-V, and particularly brain-dead implementations along the way. I'll just stick to having a Golden Master copied in as a throwaway here.

    2. TReko


      Sandboxie has been around for around a decade, giving you a decent, but non-VM sandbox in Windows.

      1. Jack of Shadows Silver badge

        Re: Sandboxie

        I know, I used it regularly right after it appeared on the scene. I use different approaches these days.

  5. John 110

    sure, it might be late...

    ...but would you rather they didn't do anything?

  6. K Silver badge

    "which will spin up a fresh desktop"

    So basically, its Hyper-V...

    1. phuzz Silver badge

      Re: "which will spin up a fresh desktop"

      It's closer to a container. All the OS files are just read-only symlinks to the ones in the main OS (on disk and/or in memory).

  7. Anonymous Coward
    Anonymous Coward

    Much prefer the Android Sandbox. More secure, and less faff.

    1. Anonymous Coward
      Anonymous Coward

      4 thumbs down because???

      Android was designed for sandboxes from the outset, every installed user application has its own user account that is isolated from everything else.

      Perhaps the 4 people should read this:

      However I suspect they are simply too thick to understand it.

      1. Teiwaz Silver badge

        Android was designed for sandboxes from the outset, every installed user application has its own user account that is isolated from everything else.

        Perhaps the 4 people should read this:

        However I suspect they are simply too thick to understand it.

        Maybe, but how come Android apps demanding too many permissions is still a thing.

    2. bombastic bob Silver badge

      in the POSIX world...

      I just create a new user with a separate home directory, and 'guest' level group permissions.

      if X11 desktop access is needed, for a different user alongside the logged-in user, you can use DISPLAY and xhost and whatnot to configure it. Yeah I do that _ALL_ of the time. Literally.

      1. phuzz Silver badge

        Re: in the POSIX world...

        Sandboxes are there for when a program requires root access (or at least more than a standard guest user), and one can't be bothered to spin up an entire VM.

        After all, Windows does have multiple users as well.

  8. Boris the Cockroach Silver badge

    And how

    long before the news headline "You know that m$ sandbox you thought was safe... well guess who has all the data from it... thats right... everyone!"

  9. Phil O'Sophical Silver badge

    Excellent news

    I'm sure this will keep our PCs 100% safe, because we all know how well Microsoft tests the security of its products before release.

  10. Anonymous Coward
    Anonymous Coward


    All you MS haters, you should welcome their ongoing improvements. Yeah, I'm suffering from Stockholm Syndrome.

    1. OrneryRedGuy

      Re: Swedish?

      Some days the list of reasons why I dislike Microsoft shrinks. Some days it grows. It's always been a very long list.

  11. Anonymous Coward
    Anonymous Coward

    Re: Windows ensures your privacy

    Oh please don't make me throw up, windows is malware, the free software foundation preaches as much every-time you listen to one of it's hackers. It comes pre-loaded with out of date security certificates for god sake, further-more that Microsoft doesn't appear to want to do anything about. "Click" Start - Run - Certmgr & Hit return. Why does it happily present a security certificate that expired in 1997 with the wording "NO LIABILITY ACCEPTED!" all in CAPS!?! If you think Edge was some huge attempt by Microsoft to swap out Internet Explorer, think again, it's still Internet Explorer under the hood with all it's API's and Hooks taking you to "BING" and I wont even go into what LIVE does and how that's all hooked into Microsoft servers that are nothing more than spy servers with backdoored encryption snaffu using SSLv3 congratulation's should go out to the guys and girls who have pushed these features as SECURE upgrade's, it makes you even less secure and Microsoft bloody well know's it!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019