- Read on and find out what Windows Sandbox is, how to install it on your machine, and how to use Sandbox to test apps.
- Security threats are becoming more complex, but operating systems are fighting back to keep users secure.
- Running untrusted programs and apps in a secure environment, called a sandbox is one way to make sure your data is safe.
I’m no security expert and had my fair problems with computer viruses in the past. That was a while ago, and thankfully I’ve never lost important data to viruses, malware, or phishing. I’ve lost data to hard drives failing, overwriting important documents, and Google Drive sync issues recently, but that’s pretty much it.
I’m not what you would call very cautious when it comes to what I do and click online, but I generally know what not to do, so this is one reason I didn’t get into trouble.
If you’re not as lucky as I am I’m going to show you a way to test programs you don’t trust in a secure environment in Windows. This article is about an interesting security feature built into some Windows editions, called simply Windows Sandbox.
Let’s see what it does first.
What is Windows Sandbox?
What is a Sandbox? A software sandbox is an isolated environment where you can safely run code that won’t have access to resources and data outside its container. This is a very safe way to test something without affecting the main system.
Windows Sandbox is a very lightweight desktop environment, a Windows Lite if you wish, where you can run software in isolation, or “sandboxed”.
The Windows Sandbox is temporary: you open it, do your thing, and when you close it, the sandbox resets completely. Open it again and it’s like brand new. You can’t continue where you left off. There’s simply no resume.
So, if you’re wondering “Is Windows Sandbox safe?” the answer is yes, due to its simplicity and, of course, isolation from your main Windows install.
Apps installed on your Windows machine are not available in Windows Sandbox. If you need them you have to install them again in the sandboxed environment.
Windows Sandbox is not available in the Home Edition of Windows, but it looks like there are ways to install it there if really needed. That’s because Windows Sandbox uses the virtualization options available in the Pro and Enterprise Editions to create a completely isolated sandbox from the kernel and the physical machine hardware.
It all sounds a bit complicated, I know, but the TLDR is that Windows Sandbox is a lightweight, fast, and secure type of isolated virtual machine for testing programs you don’t trust or apps you don’t want to have access to your local machine hardware and its stored data.
How to Install Windows Sandbox
The Windows Sandbox environment is included in Windows 10/11 Pro, but it’s not active by default. It’s an Optional feature that you must activate separately.
Don’t worry: we have a guide for adding and removing optional features in Windows. Just pick Windows Sandbox from the list.
Make sure first that your system meets the requirements below. Also, go to your BIOS/UEFI and enable virtualization. It won’t work without it. You may need to check your motherboard’s manual to figure out where the option is located and what it’s called.
Windows Sandbox Requirements
You can’t run Windows Sandbox on any machine, so a few requirements need to be met firsthand. These are:
- Windows 10 Pro, Enterprise, Education, Windows 11 Pro
- AMD64 or ARM64 compatible CPUs (this covers almost everything)
- Virtualization enabled in BIOS/UEFI
- Minimum 4 GB RAM (8 GB recommended)
- 1 GB free storage space
- Minimum 2 CPU cores (4 cores with hyperthreading recommended)
A reboot will be required for the installation to complete, so save your work and go ahead.
How to Use Sandbox to Test Untrusted Apps on Windows
Now let’s see how to use the Windows 11 Sandbox as a virtual machine. The guide works just as well on Windows 10, but I did the testing on my own machine, which uses Win 11.
After completing installation you can search for the Windows Sandbox app in the Start menu.
Launch it and you will be greeted in a few seconds with something that looks exactly like Windows.
You will need to copy the app installer you intend to install from your local machine into the sandbox. Just Copy and Paste from Windows Explorer into the Windows Explorer instance you will open inside the sandbox. Then double-click to install. You know the drill.
You could also use the Microsoft Edge browser inside the sandbox to download the app if it’s hosted somewhere on the Internet because Windows Sandbox has access to the Internet automatically through your local connection.
The sandboxed environment works just like the Windows you know and
hate love. It’s also pretty fast for a VM. I was really surprised by how snappy and responsive it felt.
Make no mistake, it’s a very lightweight version of Windows, just for testing purposes. So don’t expect every option to be available. This is what the Start menu looks like.
Right now Windows Sandbox is not even able to reboot. So, if you’re installing an app that requires a system restart, you’re out of luck. Microsoft is working to bring this option starting with build 22509, but for now, it isn’t supported.
When you’re done testing, you can either shut down from the Start menu or close the Windows Sandbox application window. Either way, you’ll get a warning, a reminder that everything will reset.
Virtual Machines as Alternatives
Maybe you’re asking why not use a virtual machine instead as a Windows Sandbox alternative. You could, that’s right, but for something quick and dirty I think Windows Sandbox is a much better alternative.
Virtual Machines will take a bit more time to set up, but they come with extra features and full Windows functionality. If you’re planning to resume work then VMs are definitely the way to go. You can read more about VM’s advantages and disadvantages.
For quick testing, I think Windows Sandbox is a convenient alternative. I hope this how-to-use Windows Sandbox quick guide is enough to get you started.
I’ve tried something cool (I think): running Windows Sandbox into a virtual machine. For double safety, you know. Wink, Wink.
Microsoft says it’s possible, with a few tweaks, but I was not able to make it work. I kept getting the Windows Sandbox failed to initialize error message. Maybe you’ll be luckier and let me know how you did it.
Before we end I think I need to mention that your private data, things like your credit card number and other sensitive personal info is not secure in an isolated sandbox if you’re willing to give it away to a shady website for example.
Providing private info to a website inside a sandbox is no different than doing it in your regular unsandboxed environment. I think it’s common sense, but also worth pointing out.