Does Your Computer Need a Sandbox?

Category: Software

Any time you install software, you run the risk of damage to your computer system. Even if the software is not designed to make mischief, there's still a chance that it has flaws or is vulnerable to exploits that could wreak havoc. Here's how to insulate your computer from software that may pose potential security threats...

Run Your Software in a Sandbox

When kids play in a sandbox, they can create their own worlds, complete with roads, castles, and armies. But, like a visit to Las Vegas, what happens in the sandbox, stays in the sandbox. Sandboxes are useful in the computing world as well, though.

In the digital world, a sandbox is a "walled-off" controlled environment where running software cannot access most of your system resources. Software sandboxes have been used for decades by software developers to test unfinished programs safely. You may already be using sandbox technology without knowing it. Javascript, for example, is a popular tool used to add functionality to web pages. When your browser loads a page that contains Javascript, that code runs in a virtualized environment (a sandbox) that allows it to add, delete or change items on that page, but blocks it from accessing other resources.

Sandboxie is a consumer-oriented sandbox environment designed for testing software that one may download from the Internet. It creates an isolated environment that prevents software running within it from making permanent changes to other programs or files on your system. Any instructions to change files issued by the suspect program are redirected to a specified area of the hard drive - the sandbox - where they can easily be deleted when the program is terminated.

Software Sandbox

How Does a Sandbox Protect Me?

You can run your Web browser, email client, or other newly-downloaded programs inside of Sandboxie, erecting a "wall" around these common sources of malware infections. If you happen to get infected with a virus while running in a sandbox, just delete the sandbox, and the problem is gone. Even the Windows registry is safe from rogue software, while operating inside a sandbox environment.

You needn't fear getting a nasty virus from a newly-downloaded program if your computer security tool uses a whitelist approach. Whitelisting ensures that only "known good" programs are allowed to run on your computer. See my article PC Matic Gets a Zero! for my review of PC Matic, a security suite that implements whitelisting.

Changes that a sandboxed program wants to make to your system are, instead, stored in the sandbox cache. The user can allow all cached changes to be deleted when the sandbox session is ended, or you can review the changes in the cache and select those you would like to make permanent. Changes you might want to save include emails or documents you have created or received from trusted sources during a session.

Sandbox technology is not intended to replace traditional anti-malware protection. Loading and unloading a sandbox application like Sandboxie is inconvenient compared to the silent, real-time malware scanning of a typical antivirus program. Sandboxes are not entirely leak-proof, either. If there's a way for the user to save changes stored in the cache, then a bad guy may find a way to exploit this hole in the sandbox wall.

Other Virtualized Environments

Windows 10 Pro and Windows 10 Enterprise systems have a sandbox feature included, but it's not turned on default. To enable Windows Sandbox, click the Start button, type Windows Features and press Enter. The a list of Windows Features will appear. Scroll down until you find Windows Sandbox, place a check next to that item, and press OK. Windows will install the Sandbox feature and prompt you to restart your computer. After restarting, to start the Sandbox environment, click Start, type Sandbox, and press Enter. Copy the program file you want to run into the Windows Sandbox and run it like you normally would.

A Virtual Machine is another option. Think of it as a sandbox on steroids. Instead of creating a wall around one specific program, a virtual machine is a complete computing environment that exists on a temporary basis. You can, for example, start up a virtual copy of another version of Windows, Linux or other guest operating systems. Virtual machines are outside the scope of this article, but you can learn more at the VirtualBox website and download the free VirtualBox software to try out your own virtual machine.

If you have an occasional need to test-drive suspect software, or if you often surf where angels fear to tread, a sandbox or virtual machine can be an additional layer of protection. Your thoughts on this topic are welcome! Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 24 Feb 2020

For Fun: Buy Bob a Snickers.

Prev Article:
Beyond the Internet: Explore the Universe

The Top Twenty
Next Article:
Do You Know the Signs of Identity Theft?

Most recent comments on "Does Your Computer Need a Sandbox?"

Posted by:

24 Feb 2020

I've used Sandboxie for years. Well, I've *run* it for years, and I occasionally remember to actually use it. :(

I also use VirtualBox. Its great to be able to keep several different operating systems around for older software that won't work on newer Windows versions. Or to experiment with various Linux 'flavors', or strange ones line SugarOS.

I didn't know that Windows had it built in now.

Several antivirus programs have built-in sandboxes as well.

Posted by:

24 Feb 2020

Tried to turn this in in windows 10. It's greyed out with, Windows Sandbox cannot be installed: Virtualization support is disabled in the firmware.

Posted by:

24 Feb 2020

Hi Bob, tried PC Matic since my Sophos Home Premium had exprired but PC Matic messed with not only the new Edge browser but Dells PC tools as well. Went back to Sophos and purchased a year subscription for $42. It locks down your system as well as PC Matic and protects you online as well. I have a big 0 for it as well. O viruses or malware for the several years I have used it. Made in the UK but close enough. PC Matic was great on there refund so kudos to them. Also have been using the Windows Sandbox and works great.

Posted by:

24 Feb 2020

Hi again. Had 2 computers that said the sandbox would not work and disabled in firmware. Simply get into your bios and you should be able to enable virtualization. Was in different places in the bios of the 2 computers but found it easily.

Posted by:

Renaud Olgiati
24 Feb 2020

Another use of the sandbox is to run another operating system in in a window; for instance I unfrequently need MS Windows to run a CD printer, that has no Linux driver.
Running Windows XP in an emulation under Linux allows me to use the printer without the hassle of dual-booting the machine, and rebooting XP when I need to print a CD.

Posted by:

25 Feb 2020

My 64 bit Win10 Pro does not give the option to enable Windows Sandbox as it's greyed out and the check box cannot be checked.

Posted by:

25 Feb 2020

I am running Win10 pro version 1903 and when I enter Windows Features I don't even get a list of features let alone an option to turn on Sandbox

Posted by:

25 Feb 2020

Doh, clicked on the wrong link. I am able to see all the features. Howver, as stated in a previous post, the "sandbox" option is grayed out.

Posted by:

26 Feb 2020

Disabled (grayed-out) Sandbox in Win10Pro may be due to Hyper-V also being disabled (but NOT grayed-out)in the same Programs and Features panel. Enabling it also requires a reboot, yet if you had another virtualization/VM program previously installed; sandbox may still be grayed-grayed out, upon reboot. YMMV

Posted by:

26 Feb 2020

Ooooops, I forgot:
Thank you for ALL that you do for us BobRankin.

Posted by:

26 Feb 2020

I like to use Mud Puddle instead of sandbox...

Posted by:

Dennis Wolfe
03 Mar 2020

I have used Sandboxie for over 10 years, with and without the invasive and obnoxious Avast antivirus. I once used a test computer with only Sandboxie (no anti-virus) installed for six months. I visited sites that should require a computer condom just to click on the address. Sandboxie never once let me down.
The program is free but it’s worth its weight in bit coins. Once installed, the hardest part is the first few times of use when you learn to click on the Sandboxie symbol instead of your home page.

Posted by:

04 Mar 2020

I used to use Sandboxie and was satisfied with it. However, after it turned to "a free and potentially open source product, [and] Sandboxie support will become community based" I dropped it. Support currently is at a standstill in so far as I can see from the Sophos website.

In my opinion the Windows sandbox is not very flexible.

I have started using ReHIPS which provides a sandbox in the form of an isolated environment per program. It's quite effective as it's rules based and support from the developers is very good, which is just as well as the software manual is not all that user friendly.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Does Your Computer Need a Sandbox? (Posted: 24 Feb 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved