Running unknown apps are risky:
- Not immediately obvious what a program does.
- Unintended side effects (change the file system, send emails, etc.)
- Resource intensive, slow startup, blocking I/O, …
But if you are like me, you frequently try downloading and running a lot of stuff you see on the internet. How do you run these apps safely? Of course, I can set up and maintain VMs for this, but it turns out there’s a much easier way: Windows Sandbox.
According to the official documentation, Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Any apps installs, files creates or modified, settings changes do not affect the host machine – all such changes are automatically undone the moment you close the Windows Sandbox. Effectively, it’s a VM maintained by Windows but you can’t have the VM-state saved.
Setting up the Windows Sandbox
Windows Sandbox requires hardware virtualization and Windows 10 Pro or Enterprise build 18305 or newer. Turn on virtualization in BIOS, or if you are on a VM, then enable nested virtualization using PowerShell:
Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Now, open Windows Features by typing ‘Turn Windows features on or off” in Start:
Enable Windows Sandbox:
That’s it. Your Windows Sandbox is set up and ready.
Testing an app in the Windows Sandbox
I found an interesting application ‘Butterfly On Desktop’ here: http://freedesktopsoft.com/
The app didn’t have a valid security certificate – but thanks to Windows Sandbox we can safely run it. Disable the network as an extra safety step, install the app, and launch it.