When I was a little boy we had a sandbox in our back yard. Whenever I built sculptures in it, by the time I came back the next day, the sculpture was gone. The wind, rain, or more likely the dog, had destroyed it. That is the principle behind the new Windows Sandbox.
Most computer users today have anti-virus software on their computers. (If they don’t, they probably should!) The software checks websites, applications, and stored data for code snippets or even actions that are potentially undesirable or destructive.
Sometimes undesirable activity is difficult to detect before it happens. Enter Windows Sandbox. The idea behind this tool is that programs can be run in the sandbox without risking the configuration or data on the host computer.
In order for this to be useful, you’d need exact copies of the machine on which the software is being tested, the copies should be easy to create, and when copies are no longer needed, all their data should be destroyed.
The way the tool does its work is clever. First, a very “lightweight” (minimal) virtual machine (VM) is created to duplicate the host. (A VM looks and acts like a normal computer, but special software makes it run as a program on a normal computer called the host.) One “trick” to make starting the VM rapid is that some parts of the host that are immutable (don’t change) are not copied to the virtual machine, but rather linked to the VM. This significantly reduces startup time.
The VM has protected access to the host’s resources including the network. With network access, software can be loaded into the VM and tested without risking resources on the host. The VM also has a virtual disk to which it can write data.
When the user has finished using the Sandbox, ending the program destroys all the data created in memory or on the virtual disk.
The Windows Sandbox likely has many use cases. Two that are directly cyber security-related come immediately to mind. The first is in software development. Software developers generally test their programs on virtual machines already. What is different about Windows Sandbox is that the VM can be a true representative of the target environment, it is quick to create and quick to destroy.
In the second case, system updates can be tested on a copy of a typical user workstation with company applications and tools installed. This allows testing in a safe environment.
Since Windows Sandbox is slated for April release (it is currently in Insider Preview), I’m not sure what actual use cases will be. If you decide to deploy the Windows Sandbox, please tweet your use case to @jjmcdermott.
Windows Sandbox is not the same as Learning Tree’s Computing Sandbox but the ideas are related. In the Computing Sandbox, we create a virtual machine identical to the ones used in the classrooms. After a specified period, the VM and all its data are destroyed.