Skip to main content

Sandbox pairs well with a VPN to secure your PC.

One of my favorite Windows features, Windows Sandbox, is finally testing some new features that I’d characterize as something like an improved airlock.

I think of Windows Sandbox in the same vein that I do a VPN: While a VPN encrypts and hides your connection from prying eyes, it does so in a way that creates an encrypted tunnel from your PC to the server. Protecting your data is the paramount goal of a VPN, and it’s also what underlies Windows Sandbox, too.

Windows Sandbox creates a Windows within Windows, a separate, isolated operating system designed to self-contain any files within it. While a virtual machine can be used to run any operating system, Sandbox is optimized for Windows.

Think of it as a test bed for sort-of untrusted software and data. If you’ve ever downloaded any dodgy piece of software or accessed a shady website and wanted to run it without risk to your system, Sandbox is the app for you. (At least it’s designed to be.) I usually load Sandbox, then install a VPN on top of it. That’s pretty secure.

GET WINDOWS 11 PRO FOR CHEAP

Windows 11 Pro

Windows 11 Pro

But Sandbox has one inherent “flaw”: The Sandbox is designed to obliterate any and all data when you shut it down. That’s what it’s designed to do, after all, and that’s a good thing if potential malware is involved — if you close Sandbox, everything inside the virtual OS is deleted. If any malware attacks and takes over Sandbox, the idea is that only the Sandbox is affected. Your PC is not. And when you close Sandbox — poof! It all disappears.

On the other hand, it’s a little tricky to transfer trusted files from Sandbox to your “real” OS. If you’re convinced that a file you’ve tested within Sandbox is trusted, your normal course of action is to save it to the version of File Explorer within Sandbox, and then access it with the “real” File Explorer from your main Windows installation.

Windows 11 Build 27686 of the Windows Insider Canary Channel adds a couple more conveniences: runtime clipboard redirection and the ability to share folders with the host at runtime. Though Microsoft doesn’t explicitly spell out what these mean, I’m assuming that if you copy a file (CTRL+C) from the Sandbox, move your cursor into the trusted Windows environment, and then paste (CTRL+V), Windows will copy the file outside of Sandbox, without the need to go through File Explorer. Likewise, you should be able to share a folder and files between Sandbox and your main, trusted OS. It’s certainly more convenient, though possibly less secure.

What Microsoft is calling the Windows Sandbox Client Preview will now be updated via the Microsoft Store, freeing it from its dependence on the operating system, too. This will allow Sandbox to be updated on its own independent schedule, which is a good thing. Sandbox is also getting an early version of command-line support as well as its own audio/video input controls.

What Microsoft isn’t saying, however, is whether you’ll still need Windows 10 Pro or Windows 11 Pro to use this updated version of Sandbox. There aren’t many reasons to use Windows Pro any more, but Sandbox has, in the past, definitely been one of them.

Additional features

Microsoft is also testing an increase in the FAT32 file limit from 32GB to 2TB, allowing significantly larger disk partitions using the Windows format command. Virtually all Windows partitions are used in conjunction with NTFS, but FAT32 (the oldest format, with roots going back to Windows 98) is typically used with external storage. This will give newer, larger drives the option to use the older FAT32 formatting option.

Microsoft said it’s also making optimizations to improve battery life for this and future builds, but isn’t saying how and how much battery life you should expect.

Windows Insider Channels (specifically Dev and Canary) aren’t guarantees that the new features will be shipped into mainstream PCs. But these new additions begin testing some features which might have some real impact on your PC.