Unquestionably useful: review of the tools for the stand-alone application launch in Windows

Unquestionably useful: review of the tools for the stand-alone application launch in Windows

There is little information security, especially in the current realities, when cybercriminals seek to be one step ahead of the latest tools to detect malicious software and use increasingly sophisticated hacker attack techniques. Under such circumstances, a PC-based antivirus alone is clearly not enough. There is a need for an integrated approach to counter modern digital threats, which can be realized through so-called sandwich programmes.

The key advantage of Sandbox applications is a high level of reliability and safety, as well as ease of use. They allow literally two or three clicks to deploy isolated environments in which you can run any software without risk of harming the computer operating system or affecting the stability of its operation. By doing so, sandboxes can be used to launch untrustworthy or potentially dangerous software, to view documents and files of questionable origin, as well as secure web surfing on the Internet, including checking suspicious e-mails, links and network resources.

There are many ways to use Sandbox technology. The most important thing is to find a suitable toolbox, the selection of which will be facilitated by our collection of sandboxes for a widely used Windows platform worldwide.

== sync, corrected by elderman == @elder_man

Developer: Microsoft. Product site: Microsoft.com/Windows. Cost: Free.

Let's start with the simplest and most accessible version, the built-in Windows 10/11 sandbox, which is supplied with the Pro and Enterprise operating system.

Windows Sandbox is based on Hyper-V hypervision and containerization technology. As a result, a PC based on a processor supported by hardware virtualization and an operational memory capacity of at least 4 Gbytes is required to launch the sandbox. By default, the Sandbox function is disabled in the system. To activate it, you have to open the Windows Commanders menu on the control panel, display a tick in front of the Windows Sandbox, wait for the necessary system files to be installed and reboot the OS.

Windows Sandbox is a virtual machine with an easy copy of an OS, all of which is automatically rebounded when an isolated environment is closed, and at each launch, the sandbox is launched "from scratch" in pure form. This approach eliminates the need to remove programs installed in the virtual environment and saves a lot of time.

Unlike the classic virtual machine, the sandbox does not need to be self-inspired, set up, and licensed with a separate version of Windows. The second important point is that Sandbox uses the dynamic image of an OS that is generated from files and the DLL library of the computer system. As a result, a virtual machine with a sandbox takes less space on a disk and consumes much less resources.

Windows Sandbox can only be run in one copy. To manage sandbox settings and the protected environment, configuration files with the extension of .wsb may be used. You can find their features on this Microsoft page.

#MicrosoftDefender Application Guard

Developer: Microsoft. Product site: Microsoft.com/Windows. Cost: Free.

If the sandbox is intended to be used only for a secure web surfing, instead of setting up Windows Sandbox, it can be limited to the Application Guard module, which is linked to Microsoft Defender's antivirus.

In order to use the Application Guard, it is necessary to activate the appropriate menu item in Windows, wait for system files to be installed, and restart the OS.

Once the computer is rebooted with a Windows browser, Edge will be able to launch an Internet viewer in an isolated environment that uses Hyper-V virtualization technology. With the application Guard mode on, you can safely open any site and not fear that the harmful code will go beyond the sandbox and harm the system.

The fact that the browser is in fact launched in an isolated environment is illustrated by the Application Guard icon on Microsoft Edge's tool panel.

In addition to Edge, the sandbox can be used in Google Chrome and Mozilla Firefox, which requires an extension of the Application Guard, available for download at the Chrome Web Store and Firefox Browser Add-ons.

Application Guard also supports integration with Microsoft 365 and allows for the opening of office documents in a safe environment. The function is extremely useful but, unfortunately, available only in software solutions for the corporate segment of the market. For this reason, we leave it outside the scope of our review.


Developer: David Xanatos.

Another solution available to a wide audience to work with applications in an isolated environment. Sandboxie features open source code, support for Windows 7/81/10/11 and an unlimited number of sandboxes, as well as a vast array of different settings that allow for flexible configuration of protected environments. The availability of hardware virtualization on a computer is not required, which is a clear advantage of the program. In addition, Sandboxie can be installed as a portable application and launched from a flash drive on any computer.

Through Sandboxie, you can create a list of automatically run sandbox files, set up an application access policy for Windows system components and computer resources, configuration built-in firewall rules for each process, and perform a rigorous monitoring of all program actions and changes. For each sandbox, Sandboxie allows you to secure an individual set of settings. Integration is maintained with the Windows working environment and rapid launch of applications in the sandbox via the conductor's context menu. The yellow frame is used to illustrate the "insulated" software window.

Unlike other sandboxi apps on the market, Sandboxie requires an intelligent approach to the configuration of isolated environments, and the latter ' s incorrect settings can seriously weaken the protection against harmful software. For this reason, we recommend this tool to those who are well versed in IT and are fully aware of the fineness of Windows operating systems. The errors can be very expensive.

♪ SHADE Sandbox

Developer: SHADE Sandbox LLC. Product site: Shadesandbox.com. Cost: $30.

The songmaker our compatriot, a graduate of Dubna State University, founded SHADE Sandbox LLC by Evgeny Balabanov.

SHADE Sandbox has an ascetic interface, and the program management itself is built on the Drag-and-drop principle to include an application in a protected environment, it is sufficient to move its label into the sandbox ' s startup window. The settings as such are virtually non-existent: only virtual directors are available as a link between host OS and isolated environments, as well as tools for the quick removal of sandboxes from file debris. Simultaneous work with several protected environments and integration with Windows conductor is maintained. The availability of hardware virtualization for working with SHADE Sandbox does not necessarily allow the use of the software on old PCs.

Comodo Free Antivirus

Developer: Comodo Security Solutions, Product site: antivirus.comodo.com. Cost: free of charge.

An antiviral solution, an important component of which is a built-in sandbox, usually offered only in commercial products, is the American development company Comodo Security Solutions has made a pleasant exception.

Comodo Free Antivirus supports simultaneous work with multiple sandboxes and allows control of the level of protection they provide. In particular, for isolated environments, it is possible to access certain files and folders on a computer, as well as the exchange buffer, the keys and the values of the Windows register. It is also possible to adjust the automatic launch in the sandbox of applications requiring increased privileges in the system or with low ratings according to the estimated antivirus scale and cloud analytical services it uses.

A built-in task manager is available to understand the "internal kitchens" of the isolated environments and to view their processes. It can analyse the behaviour of the programmes, review the ratings of the processes they launch, block the performance of individual files and perform other administrative tasks.

In general, Comodo Free Antivirus gives the impression of a high-quality product. It is free of charge and does not annoy the user with obsessive advertising banners as other free antivirals. The only observation is that during the installation process, the program does not want to install a brand browser, Comodo Dragon Web Brower, which needs to be considered.

Avast Premium Security

Developer: Avast Software. Product site: avast.com/premium-security. Cost: $40/year.

A commercial antivirus with multiple protective functions, which also include the possibility of creating a safe environment, but it is not necessary to install the entire set of Avast Premium Security modules, but only the sandbox, which the software installs allows.

The range of functions offered by the Avast Premium Security sandbox is rather modest: you can block access to virtualized applications on the Internet, allow data to be transferred outside an isolated environment, and make a list of automatically launched programs in a protected environment.

A simple task manager is required to monitor the sandbox processes.

♪#360 Total Security

Developer: Beijing Qihu Keji. Product site: 360totalsecurity.com. Cost: free of charge.

Another antivirus that supports working with Sandbox encircles, developed in China and in a free version of banners as a New Year's tree, is a typical phenomenon for almost all software products from the Underwear Empire.

Unlike the Comodo Free Antivirus and Avast Premium Security software complex 360 Total Security requires support for virtualization at the hardware level, without which the sandbox will not work. This important point is somehow not noted in the documentation annexed to the program, but should be addressed.

===Total Security===In terms of the set of functions, the 360 Total Security sandbox repeats many competing solutions. You can block access to the Network for isolated applications and control the storage settings of sandbox files. The selection of software for automatic launch in the protected environment and the simplest task manager is available.

In addition to the sandbox and the antivirus of 360 Total Security itself, there are software components of questionable value, such as a disk storage analyser and an OS optimist. It is not possible to abandon this ballast, and if you don't see it as an unnecessary software, it's a rather questionable idea, in our view. Apparently, Chinese developers think otherwise.

♪ Conclusion

The Sandbox apps for Windows and individual users are not extensive; they have to choose what they have from what they have. From the sandbox survey, they can safely recommend Windows Sandbox, Microsoft Defender Application Guard and Comodo Free Antivirus. Avast Premium Security is also good, but it is paid, and it is difficult to purchase it. It is good in all respects, Sandboxie, but it is a product of a professional level that may be of interest to IT gigs rather than to ordinary users used to working "out of a box".