Insiders! The good news: Windows 10 Sandbox is here for testing. Bad news: Microsoft has already broken it No, Windows Insiders, that isn't your New Year's hangover kicking in. After unveiling Windows Sandbox to much fanfare, Microsoft promptly broke it with a cheeky cumulative update. We noted the imminent arrival of Windows Sandbox just before Christmas. Microsoft dropped a fresh fast ring build in the form of 18305 shortly after …
I'm not sure if the cat pic is because the cat is out of the bag, or the reg is just being a bit catty in the new year, or because the cat as always, doesn't quite fit the box... and we all know MS has never quite fit in the box either. Happy new year. And may your sand stay in the the boxes this year.
The whole point to a sandbox is that nothing else should be able to break it, it should live in glorious isolation as much as possible. And then an update to the ancient Internet Explorer breaks it. Which could only mean that the brand new sandbox is dependent upon IE code in some way. This is not a good basis on which to create modern reliable software.
If there's some other explanation, it is probably even more concerning.
What could be concerning is that if it is reliant on a web browsers code, it's soon to be reliant on Google's Chromium. I wouldn't be surprised if you'd have to eventually login to Outlook and eventually Facebook to use it. Of course in the end, it's going to run regardless in contrast to your interest and gather data on you. But don't worry about your data... its "sandboxed".
Ok... first of all, Sandbox is an insider feature which means that things will and DO go wrong. It's not meant to be reliable software, it's meant to be bleeding edge. Think of it as the alpha and beta versions of times past.
Second of all, security fixes from release builds generally come into sandbox builds. The security fixes are tested against release and if they're tested against insider as well, it's a bonus.
Internet Explorer is an application built on top of many Windows APIs including for example the URL engine for things like fetching and caching web media. It's like libcurl. Just like libcurl, wget, etc... there are always updates and security patches being made to it. So, when making updates and security fixes to the web browser, if fixes need to be made to the underlying operating system as well, they are.
That said, I've had fixes to IE break my code many times. This is ok. I get a more secure and often higher performance platform to run my code on. It's worth a patch or two if it keeps my users safe.
As for what the sandbox does, I'd imagine that the same APIs which IE uses to sandbox the file system from web apps requesting access to system resources (probably via Javascript) are used to provide file system access for example. If I had to guess, it probably is tied to the file linking mechanism.
"Which could only mean that the brand new sandbox is dependent upon IE code in some way" - that's just how I read it too; and if we're correct, or even only vaguely correct, then Windows is way more rotten than an old log in a warm bog. Deeply worrying (if you have to run the horror - luckily I don't).
When the article said "Microsoft dropped a fresh..." my early-morning mind was expecting to read "grogan." But from the rest of the article, it looks like my morning-addled subconscious was right.
And yes, MS, certainly one round of crowd-sourced "testing" is all you need with Win X, given it's recent stellar record. One wonders what they're smoking (or, given its location, probably vaping) these days.
I'm on the Slow Ring and for the last two flights, I only start getting preview builds less than two months before release... There used to be an initial build two months after release of the previous version, one pre Bug Bash, one post Bug Bash, and one near release.
If a "lone" application like IE can break the sandbox, it's not a sandbox at all. If the idea is to run applications in an isolation environment that basically mimics the external environment, IE should have broken windows too, not just the sandbox. Clearly IE is doing some so low-level that the virtualized environment couldn't handle it. That tells me it's low enough that it will probably expose the primary system to the sand boxed environment somehow.
Otherwise, why can't I just use the sandbox without trying to launch IE?
Until Microsoft kills IE and permanently divorces it from the underlying OS, Windows will NEVER be secure.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
