More of a litter box than a sandbox —

Windows 10 to get disposable sandboxes for dodgy apps

Apps will be run in a virtual machine that's discarded after use.

Windows 10 to get disposable sandboxes for dodgy apps

Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running.

The new feature was revealed in a bug-hunting quest for members of the Insider program and will carry the name "InPrivate Desktop." While the quest has now been removed, the instructions outlined the basic system requirements—a Windows 10 Enterprise system with virtualization enabled and adequate disk and memory—and briefly described how it would be used. There will be an InPrivate Desktop app in the store; running it will present a virtualized desktop environment that can be used to run questionable programs and will be destroyed when the window is closed.

While it would, of course, be possible to manually create a virtual machine to run software of dubious merit, InPrivate Desktop will streamline and automate that process, making it painless to run things in a safe environment. There's some level of integration with the host operating system—the clipboard can be used to transfer data, for example—but one assumes that user data is off limits, preventing data theft, ransomware, and similar nastiness.

Virtualization is used to power an increasing number of Windows 10 security features. Certain sensitive information is housed within a virtual machine offering some protection from malicious software even if the operating system is compromised. More recently, Windows Defender Application Guard enables hostile Edge tabs to be run in a virtual machine. Both of these features originally required Windows 10 Enterprise before later being expanded to Windows 10 Professional, too.

The quest also discloses the codename for the feature—"Madrid." Microsoft has used Spanish cities for certain other security-related features: the virtualized Edge tabs were codenamed "Barcelona," and Windows Defender Advanced Threat Protection, the endpoint security and threat analytics system, was "Seville." It also appears that the quest was intended only for Microsoft employees, as it contained certain links that are only accessible to Microsoft staff.

While the quest says that it should work in current preview builds (it needs only build 17718 or newer; the latest public preview is build 17733), the fact that InPrivate Desktop isn't actually available outside Redmond suggests that it's relatively early in development so might not be a part of this autumn's Windows 10 release. Windows Defender Application Guard proved that it's difficult to get the capabilities of this kind of feature right: if the virtual machine is too isolated and restricted it becomes difficult to do any useful work in it, but if the integration is too tight then the security is eroded. The initial release of Application Guard, for example, made it impossible to download files to the host machine. This provided maximal security but meant that there was no way of saving data or otherwise permanently retaining information from the virtualized websites. The latest release now optionally allows this kind of download. InPrivate Desktop likely requires a similar balancing act. It needs to protect the host system but not to such an extent that it's too inconvenient to bother using.

Channel Ars Technica