Virtual Environment with the built-in Windows Sandbox

1. What is the Sandbox Environment

A sandbox environment is a virtual space in which computer code is executed in isolation, without effect on the surrounding network or its applications.

Sandbox environments let software developers simulate a virtual computer to run and test their software application, without worrying about tests affecting programs or network components. 

In development, developers can also test specific features without worrying about compatibility issues caused by other programs running in the background, or about the huge price to build an actual hardware and OS that match the requirements.

2. Quick Enable this feature on Windows

Luckily, Windows provides a lightweight feature to achieve this safely, called Windows Sandbox.

✅ Pre-Requirement
– Windows 11, version 22H2 and later
– Virtualization capabilities enabled in BIOS
– At least 4 GB of RAM
– At least 1 GB of free disk space
– At least two CPU cores (hyper-threading recommended)

✅ Installation
1. Enable virtualization on the machine:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Update-VMVersion -VMName <VMName>

2. Open PowerShell as Administrator and type the below command to  turn the Windows Sandbox’s Features on:

Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online

3. Locate and select Windows Sandbox on the Start menu to run it for the first time.

✅ Create and manage Sandbox environments
Each Sandbox environment is presented with a separate .wsb file, to start the new environment, just simply click on the wsb file and the new Sandbox window will appear. 

We can create as much of this as we want, the default .wsb template could be used here.

We also can customize the configuration by modifying this .wsb file using some code editor such as VSCode or Notepad.

3. How this Virtual Environment works

Software installed inside the Windows Sandbox environment remains “sandboxed” and runs separately from the host machine.

Dynamically Generated Image: rather than requiring a separate copy of Windows to boot the sandbox, this technology uses the copy of Windows already installed on the host.

Memory Management / Sharing: because Windows Sandbox runs the same operating system image as the host, it’s enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as “direct map”.

GPU virtualization: this feature allows programs running inside the sandbox to compete for GPU resources with applications that are running on the host.

4. Compared with other Sandboxes

Unlike third-party sandboxing tools, Windows Sandbox is built directly into the operating system, requiring no additional installations or complicated configurations.

Windows Sandbox has the following properties and tells us that it must be the best choice if we want to use the Virtual Environment on Windows

• There’s no need to download a Virtual Hard Disk (VHD).
• Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
• Nothing persists on the device. Everything is discarded when the user closes the application.

Besides, this Sandbox technology relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host, so users could experience the environment that integrated kernel scheduler, smart memory management, and virtual GPU.

5. Example use cases

Sandboxes are primarily used in two contexts: Software Development and Cybersecurity testing
Testing Untrusted Software: Before installing potentially malicious software on your main system, you can safely test it in the Sandbox.
Secure Browsing: Use the Sandbox to visit websites you’re unsure about, ensuring that any malware or tracking software is contained.
Experimenting with Settings: If you want to tweak system settings or test scripts without risking your main installation, the Sandbox is a safe environment for trial and error.
Development: Developers can use the Sandbox to test applications in a clean Windows environment without the influence of other installed software.

After all, by utilizing the Windows Sandbox, we can maintain a high level of security and system integrity while exploring new software or engaging in risky activities.