How to Run Programs in a Sandbox

Category: Windows

Any time you install or run new software, there is a risk of damage to your computer. Even if the software is not designed to make mischief, there's still a chance that it has flaws or is vulnerable to exploits that could wreak havoc. Here's how to insulate your computer from software that may pose potential privacy or security threats...

Run Your Sketchy Software in a Sandbox

When kids play in a sandbox, they can create their own worlds, complete with roads, castles, and armies. But, like a visit to Las Vegas, what happens in the sandbox, stays in the sandbox. Sandboxes are useful in the computing world as well, though.

In the digital world, a sandbox is a "walled-off" controlled environment where running software cannot access most of your system resources. Software sandboxes have been used for decades by software developers to test unfinished programs safely. You may already be using sandbox technology without knowing it. Javascript, for example, is a popular tool used to add functionality to web pages. When your browser loads a page that contains Javascript, that code runs in a virtualized environment (a sandbox) that allows it to add, delete or change items on that page, but blocks it from accessing other resources.

Sandboxie Plus is a free, open-source sandbox environment designed for testing software that one may download from the Internet. It creates an isolated environment that prevents software running within it from making permanent changes to other programs or files on your system. Any instructions to change files issued by the suspect program are redirected to a specified area of the hard drive - the sandbox - where they can easily be deleted when the program is terminated.

Software Sandbox

How Does a Sandbox Protect Me?

You can run your Web browser, email client, or other newly-downloaded programs inside of Sandboxie, erecting a "wall" around these common sources of malware infections. If you happen to get infected with a virus while running in a sandbox, just delete the sandbox, and the problem is gone. Even the Windows registry is safe from rogue software, while operating inside a sandbox environment.

You needn't fear getting a nasty virus from a newly-downloaded program if your computer security tool uses a whitelist approach. Whitelisting ensures that only "known good" programs are allowed to run on your computer. See my article What’s New in PC Matic 4.0? for my review of PC Matic, a security suite that implements whitelisting.

Changes that a sandboxed program wants to make to your system are, instead, stored in the sandbox cache. The user can allow all cached changes to be deleted when the sandbox session is ended, or you can review the changes in the cache and select those you would like to make permanent. Changes you might want to save include emails or documents you have created or received from trusted sources during a session.

Sandbox technology is not intended to replace traditional anti-malware protection. Loading and unloading a sandbox application like Sandboxie is inconvenient compared to the silent, real-time malware scanning of a typical antivirus program. Sandboxes are not entirely leak-proof, either. If there's a way for the user to save changes stored in the cache, then a bad guy may find a way to exploit this hole in the sandbox wall.

Other Virtualized Environments

Windows 10 and 11 (Pro and Enterprise editions) have a sandbox feature included, but it's not turned on by default. To enable Windows Sandbox, click the Start button, type Windows Features and press Enter. The list of Windows Features will appear. Scroll down until you find Windows Sandbox, place a check next to that item, and press OK. Windows will install the Sandbox feature and prompt you to restart your computer.

After restarting, to start the Sandbox environment, click Start, type Sandbox, and press Enter. A pristine Windows environment will appear inside a new window on your desktop. Copy and paste the program file you want to run into the Windows Sandbox and run it like you normally would. Every time you use the Windows Sandbox, it's effectively running your program in a brand-new installation of Windows. When you close the application, everything in the sandbox (software, files, settings) goes poof! Here's a video of Windows Sandbox in action, along with an interesting use case.

NOTE: If you have the Home Edition of Windows 10 or 11, there's an unofficial workaround to install Windows Sandbox. See Install and use Windows 11 and 10 Home Windows Sandbox.

A Virtual Machine is another option. Think of it as a sandbox on steroids. Instead of creating a wall around one specific program, a virtual machine is a complete computing environment that exists on a temporary basis. You can, for example, start up a virtual copy of another version of Windows, Linux or other guest operating systems. Virtual machines are outside the scope of this article, but you can learn more at the VirtualBox website and download the free VirtualBox software to try out your own virtual machine.

If you have an occasional need to test-drive suspect software, or if you often surf where angels fear to tread, a sandbox or virtual machine can be an additional layer of protection. Your thoughts on this topic are welcome! Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 7 Apr 2022

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 06 April 2022

The Top Twenty
Next Article:
Your Email Inbox Overfloweth?

Most recent comments on "How to Run Programs in a Sandbox"

Posted by:

Bob K
07 Apr 2022

Can someone use a sandbox for OS updates? Then, after the user is confident an update doesn't destroy their system, let the update install normally. I guess that can easily be done with a virtual machine.

EDITOR'S NOTE: That wouldn't work, I presume, because the sandbox environment would not have all of the same Windows updates as your computer.

Posted by:

Sarah L
07 Apr 2022

I know that term from editing on Wikipedia. A person can write a draft of all or part of an article in their sandbox. Other editors can be given the link but that draft will not show up in a search engine. I believe the more sophisticated users of Wikipedia (more sophisticated than I am) test out new features or changes to existing templates in a sandbox as well. It is handy. Now to consider that notion for my home computer…

Posted by:

07 Apr 2022

Where I work we have 3 steps,servers, to get to production.
1 Development, where the developers first test their code off of their local machine.
2 Sandbox, where a few power users are invited to test.
3 Production where it is still monitored closely while being opened to the balance of the users.

Posted by:

07 Apr 2022

Same question as Bob K. Those OS updates scare me.

Posted by:

07 Apr 2022

I guess the Windows Sandbox would be useful if you were to download a program from a unknown or sketchy source.Another reason would be if you knew of issues with a program causing errors or not acting right.

Too bad Microsoft didn't come with such a scheme with the earlier OSs.

Posted by:

Ernest N. Wilcox Jr.
07 Apr 2022

I keep a VM that runs the same version of Windows I use on my desktop machine (a guest OS) to test new software. Before I install an app that I want to try in the VM, I take a snapshot of the VMs state, just in case. If anything goes wrong, I restore the VM with the snapshot and forget about installing the new app on my host system. If all goes well after a few weeks of testing, I decide if I really want the new app on my host system.

Using a VM to test drive a new app gives me three advantages. First, I get to discover if there is anything nefarious hidden in the app. Second, I get to see if the app is buggy. Third, and perhaps my best reason for using the VM first, I get to test drive the app before installing it on my host system and decide if it is as useful as I originally thought it would be.

I use Virtual Box here, although Windows has inbuilt virtualization capabilities in Hyper-V. VMWare also has a free virtualization offering that is limited to personal, non-commercial use. I stick with Virtual Box mostly because I have used it for many, many years (several decades), I am very familiar with it, and it is Open-Source Software, so anyone, even in the enterprise can use it as they wish. The first paragraph on the Virtual Box entry page says:

"VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See "About VirtualBox" for an introduction."

I think it tells the whole story. In my experience, every word is true, but you can determine that for yourself if you want to.



Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- How to Run Programs in a Sandbox (Posted: 7 Apr 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved