Windows Sandbox is a new virtual machine environment coming to Windows 10 Pro and Enterprise versions in 2019, which will be available as an optional component within Windows. Microsoft details the upcoming feature in a blog post published yesterday, describing it as "a new lightweight desktop environment tailored for safely running applications in isolation".
"How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation of Windows, but didn’t want to set up a virtual machine?
At Microsoft we regularly encounter these situations, so we developed Windows Sandbox: an isolated, temporary, desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect your host. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted."
Microsoft lists these features for Windows Sandbox, outlining the secure and non-persistent "disposable" nature of the environment:
- Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
- Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
- Disposable – nothing persists on the device; everything is discarded after you close the application
- Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
- Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU
The environment requires a sytem with an AMD64 architecture running Windows 10 Pro or Enterprise build 18305 or later, with the rather slim minimum requirements of just 4GB of memory, 2 CPU cores, and 1 GB of free space (with 8GB RAM, 4 cores, and SSD storage recommended).
The full blog post goes into further detail with a full "under the hood" look at Windows Sandbox, which among other things offers graphics hardware acceleration "with Windows dynamically allocating graphics resources where they are needed across the host and guest".
As to availability, ZDNet's Mary Jo Foley had reported that while the feature was originally "expected to come to Windows 10 19H1 early next year" it could be available to Insider tester as early as this week with Build 18301 of Windows 10 – but this 18301 and earlier 18292 build referenced in Foley's post have apparently been removed from the Microsoft blog post, which now exclusively lists Build 18305.
What about Consumer Nvidia
What about Consumer Nvidia GPU SKUs as Nvidia’s Consumer GPU Drivers may not support any PCIe passthrough or Virtualizied GPU usage on its consumer GPU variants
Will Windows revert to CPU rendering if the GPU’s Driver does not play nice with being in a virtualizied environment? And what about using any Integreted Graphics while in the sandbox, can the user set the GPU/Graphics to use also if Integrated Graphics is available.
For AMD there is no problems on consumer GPU SKUs and any sorts of Virtualizied usage but Nvidia’s drivers can detect if their environment is being Virtualizied and on consumer Nvidia GPUs the driver will not play nice. Nvidia’s consumer GPU drivers require some hacks to get working in virtualizied environments and who knows if the hack will work for the long term.
In addition to that I’d like to see a non updatable Internet browser Image that could be spun up qucikly into this sandbox and used and then thrown away without any traces remaining.