Hacker News new | past | comments | ask | show | jobs | submit login
Windows Sandbox (microsoft.com)
597 points by prostoalex 4 months ago | hide | past | web | favorite | 319 comments

Seems like a really nice feature. I've been thinking about something like this for a while.

I see some people are really annoyed that it isn't available for the Home version and I too am somewhat annoyed but in this case it is somewhat understandable since it depends on a feature that is (somewhat more reasonable) limited to Pro versions.

The thing that annoys me more (hi MS guys, feel free to tell the relevant people about this) is how they have started to add ads to the login screen and my start menu - even in the Pro version!

I'm on KDE now so I cannot verify this since the last few months, and probably shouldn't care but given that MS has become a lot nicer in a lot of areas it really should bug developers and PR people there that PMs or bean counters (sorry to all good accountants and PMs out there) are allowed to destroy all the work you put into making people love you.

Edit: minor edits for readability, clarification

> they have started to add ads to the login screen and my start menu

A coworker has asked what reasons I could have for not wanting to run "the best OS". this is enough for me.

If your coworker thinks that any version of Windows is "the best OS", then said coworker needs lobotomized (or might already be lobotomized).

LTSB is (IMO) the best version of Windows since 2000, but it still ain't good enough to be my daily driver.

What was your reason before ads were added to Windows?


- Clumsy installation process (unless you where in a position where you didn't have to rely on OEM crap, i.e. unless you where an IT pro or enthusiast)

- Performance. My builds would easily take 50% more time on the same hardware with Windows. Git was slower. Node was slower.

- Ecosystem. Until WSL getting access to standard tooling was kind of clumsy (respect for Cygwin, but still). Even after WSL it is still clumsy (who can tell my how to activate WSL without consulting duckduckgo? I've done it twice and I still cannot say for sure).

- Package management: Used to be non-existent (except again cygwin). Now it is just clumsy (a mix of Windows Store, WSL apt-get and Chocolatey should get you most of the stuff you need.)

- Licensing. I'm no die hard free software person, but many of the standard programs on Windows are directly user hostile (Acrobat Reader comes to mind).

- Until recently Windows also lacked basic desktop manager features like multiple desktops.

- Not directly Microsofts fault, but if people like me are using Windows it is often because someone I work for demand it. Usually that also means having to deal with an IT department running Active Directory and all the "interesting" consequences that has, even for someone who is part of said IT department like I've been. (Getting locked out from your files because an admin flipped a switch? Check! Someone swapped regional settings across a group of machines that I was responsible for and locked them, causing all POS systems to fail with no way to fix them? Check! Having to wait for all kinds of scripts that run on logon? Check! Accept having basic parts of your user experience set by it department? Check! Again this is not MS fault directly but back when I first experienced working with Windows in companies for some reason Active Directory seemed to attract people who wants to to those kinds of things and/or it has a power to make them want it. </rant>

Forced updates that risk randomly breaking my machine the night before a big deadline

> I see some people are really annoyed that it isn't available for the Home version and I too am somewhat annoyed but in this case it is somewhat understandable since it depends on a feature that is (somewhat more reasonable) limited to Pro versions.

Hyper-V does function under the garb of 'Windows Hypervisor Platform' and 'Virtual Machine Platform' even under Windows 10 Home. I have it installed and it provides the virtualisation capabilities for Device Guard and Core Isolation/Memory Integrity.

Virtualbox from version 6 has been forced to fallback to Hyper-V when the latter is running, as it doesn't relinquish control to another virtualisation software.

So there is no reason why MS cannot implement Windows Sandbox even on Home since the underlying tech actually functions on all Windows editions, provided hardware support is there.

> So there is no reason why MS cannot implement Windows Sandbox even on Home since the underlying tech actually functions on all Windows editions

By that logic Microsoft could also allow Windows 10 Home to run Active Directory. The reason there's a Pro/Home split is a commercial decision not a technical one, so trying to view it through a technical lens is faulty.

Regardless, if we want to talk about security features Windows 10 Home "should" have, let's talk AppLocker one of the most powerful security tools available. My computer illiterate relatives aren't going to be dropping into Sandbox to test potentially dangerous executable, but AppLocker could be set and forget, blocking execution of dangerous items.

The only thing Microsoft offers on Home is the highly self-serving "Allow apps from the store only." Which adds as many problems as it solves.

> By that logic Microsoft could also allow Windows 10 Home to run Active Directory. The reason there's a Pro/Home split is a commercial decision not a technical one, so trying to view it through a technical lens is faulty.

You misread the post.

eitland was saying that: 1) sandbox needs hyperv for technical reasons 2) hyperv is not in home for commercial reasons 3) therefore home can't have sandbox

Santosh83 wasn't trying to view the entire thing through a technical lens. Their post has an implicit understanding of the commercial argument when it comes to unlocking the full hyperv feature set. They were simply correcting the technical portion of someone else's argument.

But your computer illeterate relatives wouldn't know how to set applocker in the first place, so it does fall within the realm of managed machines which is kind of what pro is for.

It should be turned on by default then with an override option, so that the average home user can't install stuff that'll bork the system without being warned. Just like SIP in OS X or Developer Mode on Chromebooks (although that's more extreme).

AppLocker isn't available on Pro either.

Looks like you're singing the proprietary software blues. No worries, just spend more money. That solves everything on Windows.

When it comes to computers, there's never a silver bullet, not even money.

I digress. With the exception of biological disease there has never been a problem that more money couldn't solve. Whoever believes otherwise simply doesn't have enough money (or doesn't want to spend enough money) to accomplish what they're trying to do. Especially with computers.

Take a car wreck

How much money would it take to make volcanoes stop existing?

Technically it's free, if you wait long enough. If you wanted to be free of their influence then enough money to relocate into space or another planet without volcanoes. If you wanted to get rid of volcanoes on Earth then your best chances would likely be to try and slow the rotation of the Earth by sapping angular momentum, expensive and slow but it should work I think!

The thing that bothers me the most about the differentiation between home and pro is that they both include the same set of defaults.

Even in Windows Server, Windows Explorer includes links to Videos and Music as default. Why....

Compatibility and familiarity most likely. Server cuts pretty much everything that wouldn't be used by a role such as remote desktop host, what you see left is what is actually used in real world cases. In the particular case of links to Videos/Music the remote desktop host role would need to support them. I mean yeah they could dynamically add the links based on use case discovery of which roles that need them... or they could just include the default explorer profile and nobody really cares that the links are there as they are on every other Windows install.

Now when it comes to things meatier than a few shortcuts they are much more willing to go modular. See nano server.

If you dig around in settings you can disable those ads (aka "suggestions").

I've not found a way to stop Defender from advertising Microsoft accounts or OneDrive via the security warning system. But they can at least be dismissed until the next feature update puts them back.

> But they can at least be dismissed until the next feature update puts them back.

This is damning praise. If intentional it means users are't being offered permanent control of the software, only momentary changes. I dare say they aren't even 'options' at that point since the word implies lasting choice; at least for me.

Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly. And it's same on all known OSes. The side effect we see is system size growing in time.

IMO running an app in a sandbox should be the default option.

On Windows, I used to like sandboxie, which virtualized every write into single directory. Uninstall was easy as removing that dir.

This MS sandbox doesn't allow you to continually run an app in the sandbox, as all data get's destroyed on app close, so it's not sandboxie (or similar) replacement.

> Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly.

This has always been the case on Windows. In fact if anything, nowadays it’s better than its ever been because thanks to the UAC and other controls Microsoft have put in place, developers aren’t so free to do whatever they like to the host machine. But that’s remember a time before the UAC when it would often be common practice to reinstall the OS on a semi-regular basis (not something I personally engaged in but a great many of my peers used to).

> And it’s same on all known OSes

It really isn’t. On platforms with a proper package manager you can query what files get installed where. A great many package managers even let you query a file system file and see which package installed it.

Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).

It really is. I'm not talking about app binaries only. But about all files that app creates after install. Most of the reside in home dir, but stays there forever. Like various cache files, settings, ... And most of the time they are not confined to single dir.

That has always been the case though. For as long as I've use Linux as a desktop my $HOME directory has been littered with dot-files and folders. And as for Windows, things used to be so much worse. Since the UAC, Windows applications have been limited in where they can write to lest they annoy their users with frequent escalation prompts. Before the UAC developers often used to write files all over the place - it was a complete nightmare! In fact one of the primary purposes of the UAC - as I recall - was to reign developers in.

Even the UAC aside, on Windows you now have the application data directory and permissions on the registry which both take some reliance off random files dumped anywhere. Before then Windows was like the wild west. And we're not talking that long ago in terms of the history of Windows - Vista was released 11 years ago and it took a few years after that for developers to catch up.

Plus with the trend of moving everything to the web, you're getting fewer native applications which can write those random files in seemingly random locations (that's one of the few good things about the move to web applications in my personal opinion).

You'll always have problems with developers having their own opinions - that's inescapable. But things used to be so much worse.

> Most of the reside in home dir, but stays there forever. Like various cache files, settings, ... And most of the time they are not confined to single dir.

I think you need to support that statement. I believe the vast majority of software on common Unix distros creates no files in $HOME[1], and of those that do the majority use one folder in home[2], which *should+ be used for configuration, and often you don't want it automatically uninstalled on software removal.

The few I can think of that quote to multiple locations do so because the extra locations are shared folders. For example, I would not want my downloads directory removed on uninstallation of Firefox.

  1: E.g. Most things in /bin, and /usr/bin.

  2: other than what I outlined above, I can't think of any that use multiple directories. If it's truly a common as you say, you should be able to provide some examples.

He's referring to the XDG standard [0], I think. It used to be that all persistent user-configuration resided in ~/.${appname}, but some people were unhappy with that so they recreated the etc|var|lib|tmp filesystem usage distinction inside users' home directories. This means that an application's user files are now spread across $XDG_DATA_HOME, $XDG_CONFIG_HOME, $XDG_CACHE_HOME and $XDG_RUNTIME_DIR.

[0] https://specifications.freedesktop.org/basedir-spec/basedir-...

You're contradicting yourself in your first and second paragraph...

Those proper package managers still rely on the packager doing things correctly - just as it would creating a windows .msi.

There's plenty of linux packages that creates files during operation in their designated /var/log/xxx /var/db/xxx /etc/xxx /home/xxx/ directories that you're not able to query using the package manager.

> You're contradicting yourself in your first and second paragraph...

Those two paragraphs are talking about different OSs. 1st paragraph is talking about Windows, 2nd paragraph is talking about non-Windows systems with first-class package managers such as ArchLinux, Debian, CentOS, FreeBSD, etc.

> Those proper package managers still rely on the packager doing things correctly

Sure, but the point is you can query what the package manager has done.

> There's plenty of linux packages that creates files during operation in their designated /var/log/xxx /var/db/xxx /etc/xxx /home/xxx/ directories that you're not able to query using the package manager.

That's half true. You can query that /var/db/xxx and /var/log/xxx has been created by the package manager and often the directories (and their contents) will be owned by the user which the daemon runs under.

However I do agree with the point regarding your $HOME directory and actually made that point myself:

> Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).

As an aside, you can also query what files a particular application has open. In fact there are a few ways to do this from querying the /proc/$PID directory through to tools like `lsof`.

I have plenty of files in /var/lib/ that are not owned by any package, same in /var/log/ , /var/cache/ , /etc/sysconfig/ and other directories - their parent directory is owned by a different package than the ones creating these files.

I'm not arguing that a decent package manager is a better than none - but they are solving all issues you claim they do.

Pretty much all OSs, including windows, have ways to view which processes has a file open

> I have plenty of files in /var/lib/ that are not owned by any package, same in /var/log/ , /var/cache/ , /etc/sysconfig/ and other directories - their parent directory is owned by a different package than the ones creating these files.

Got any examples of that? You'd expect only docker to write to /var/lib/docker, mysql to write to /var/lib/mysql. etc. Not discounted that I've overlooked something but a quick look in my /var/lib and it's easy to see what is managed by what. So I'm curious what instances you have of a package manager creating a directory and then a completely unrelated daemon writing to that directory.

> I'm not arguing that a decent package manager is a better than none - but they are solving all issues you claim they do.

I'm not claiming they solve all the problems - in fact I literally identified a few problems they don't solve! Plus even those points I identified aside, there will always be edge cases for thing that package manager should have solved but failed to do so.

Perhaps we should turn this discussion on it's head and discuss better ways to solve the problems people are describing? What would your solution be? Or are you ostensibly agreeing with my points but being contrary just for the sake of playing devils advocate?

> Pretty much all OSs, including windows, have ways to view which processes has a file open

Isn't that literally what I just said? (plus I gave a few examples too).

> Got any examples of that?

Not the person you were talking to, but looking at certbot, it puts files into /lib/systemd/system/ and /etc/cron.d/ with root:root.

Thank you. I've not used certbot so excuse the dumb question, but is certbot doing that during install (ie via the package manager) or during program execution (ie when the certbot ELF is launched)?

I shouldn't expect too much in /lib/systemd/system is installed outside of package managers but I agree it does happen and at least they're generally quite easy to identify which service file does what.

crontab is definitely one of those nasty things that can often get forgotten about though (and I speak from unfortunate experience there hah!)

We're really drifting into the domain of Puppet and it's ilk now though.

I'm not sure when those files get created, I just knew about that example off the top of my head because I had to spend some time figuring out why our post-renew hook wasn't working.

dpkg -L helps a lot when figuring out where all the files get spread.

> dpkg -L helps a lot when figuring out where all the files get spread.

Well yeah, that was the central point of this conversation :)

Isn't the parallel to UAC a properly configure SELinux? I thought that was the component that lets process rwx from certain locations? I guess a full comparison may be including applocker too.

Not to hot on linux management options I just install the thing over and over.

One trick I use when trying to see where in $HOME a program creates files is to create a new user with an empty $HOME, run the program and then see what files were created. If it's a GUI program, give it permission to run from your regular user with xhost so you don't need to login through the desktop manager.

well, I usually do something alike, though just by changing the environment variable: HOME=$HOME/tmp myprogram. Symlinking the .Xauthority file (if using X) works quite well.

I actually always run that way most applications that do not fully adhere to the XDG base dir specification.

> Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).

The really tricky problem is when a package must modify an existing shared resource. Such as appending lines to an existing config for example.

The really tricky problem is when a package must modify an existing shared resource. Such as appending lines to an existing config for example.

This is currently solved by having applications support both a config file and a config.d directory. The primary owner (package) of the resource modifies the conf file, while secondary packages drop their own config in conf.d/${package}. Numerous examples exist: logrotate, rsyslog, apache, nginx, systemd and apt come to mind.

> The really tricky problem is when a package must modify an existing shared resource. Such as appending lines to an existing config for example.

Pacman creates a .pacnew file and lets you merge it yourself for this very reason.

Seems like that is offloading the tricky bit to the user rather than solving the tricky problem to be honest.

Yeah that's exactly what's happening. But Arch is an intentionally hands on distro (eg it doesn't even ship a an installer - instead you're expected to do everything yourself via the command line).

Obviously this wouldn't be to everyone's tastes but it's good that market is catered in my opinion (but then I would say that as I'm very much a hands on person).

Yeah, but it's very transparent to the user, which is kind of the Arch Way, and to be fair, there are tools to help you, like pacdiff.

I've had the installation of apt-get packages permanently hose an ubuntu or debian install. It's all up to packagers to author their packages right so they don't leave garbage on your machine that you have to manually clean up (or give up and reformat).

You're comment is very light on detail so it's hard to understand your issue properly but I've been running Linux as my primary desktop for more than 15 years and have managed literally hundreds of Linux servers too and never had a package manager hose my platform (big caveat: aside the notorious `filesystem` update on ArchLinux but that one is an extreme edge case scenario due to the rolling release nature of Arch. However even package was well documented on Arch's site beforehand as being a package that required manual steps to upgrade).

It's true that Linux package managers used to be buggy and problematic in the 90s but those days have long since gone. And while I'm not discounting that a package upgrade could damage your system, the instances when they do are highly unusual rather than a typical problem users face with each and every upgrade. In fact Windows sysadmins have far more dread with running Windows updates than Linux admins do and yet Windows updates are only focused on Microsoft products rather than every piece of software on the system.

> It's all up to packagers to author their packages right so they don't leave garbage on your machine that you have to manually clean up (or give up and reformat).

Actually it's not. It's up to the application developers to do that. If you specify a package to install a file `x` to location `y` then the package manager will uninstall that file automatically too. You don't specifically need to tell the package manager to do that (or at least not with any of the packaging systems I've used). But if the application developer writes the application to spew out thousands of files into $HOME, that happens outside of the package manager. There isn't a whole lot you can do to stop that aside limit the directories which your application has permission to write to (either via chroot, containerisation, user/group permissions, SELinux, or other forms of ACL. There's actually plenty of tools on Linux / UNIX to handle that problem).

Don't know about apt specifically, but using pacman (Arch Linux), you can list exactly what files on your filesystem were installed by what package and remove them. You can't do this on Windows, as far as I know.

As a kid, my favorite game was Norton CleanSweep. I couldn't stop watching it restore state, it was a bliss.

ps: coincidentally, I was just starting to use linux firejail on a daily basis.. very very useful.

Yes firejail is awesome, but you can only block writes to directories. What I'm looking for is an option to redirect all writes to single directory. This should be transparent (app still might think is writing willy nilly, but in reality all writes would be redirected let's say to ~/app).

I'm pretty sure you actually can do this with firejail, see: --overlay and --overlay-named. For some reason it looks like these are hardcoded (yay, UNIX culture!) to point to `$HOME/.firejail/<progname or name>`.

this is exactly what i was looking for. thanks

> Uninstall was easy as removing that dir.

File writes for application files are rarely the problem any more.

The problem is that in order to function correctly (For some definition of correct, but say e.g. to associate file extensions, create shortcuts, start automatically, install a dependency such as a C++ runtime patch, whatever) the program needs to write to subsystems of the OS in a non-reversible way. It's also very HARD to do these things (create setups) because systems like Windows Installer aren't trivial to use. Every time a setup author makes a mistake there is a risk of stuff being left behind.

Fundamentally, what you are doing is you are in state A when installing the program, creating state B. Then you continue to modify the system simply by using it or installing some more software creating state C. If you now uninstall the first software you don't have anything but a script undoing A->B, which run backwards can only do B->A, but you are in state C and you don't want to first run C->B because you want to keep the other parts of state C. So the uninstall script has to run in unknown territory (a file may have changed, a later dependency version may have been installed globally, a registry entry may not exist because they are NOT isolated per application etc) so the uninstall script just has to do what it can.

A sandbox could be a solution to this, where the sandbox contains diff views over some immutable base image. It probably is a lot easier to do (and do efficiently) with OS support.

Isn’t macOS doing that? The Mac App Store only allows sandboxed apps and macOS allows almost only apps from the store to be installed (+ certified developers) unless you change the system's settings.

On macOS some protection was added, so apps cannot write to system protected directories.

But I was talking about all files that app creates. Like files in home dir (eg. ~/Library). If you remove the app, those files stay there and occupy space.

The only way you can partly clean up the mess, is to delete home dir from time to time (but backup important files first). Even then, there might still be files in /usr/local etc.

A macOS app installed from the app store can only write to ~/Library/Containers/name.of.app.bundle. Those are not automatically trashed (as far as I know), but it is much easier to clean than the whole ~/Library. Actually, if all your apps are in /Applications it would be easy to write a small script that deletes everything in Containers that's a: not from Apple and b: doesn't have a app bundle identifier in /Applications

TBH I didn't know about that. Probably same situation is with Windows UWP apps installed from store (but there is special permission to grant access to whole fs, which allow app write outside it's sandbox dir). Anyway there are so many apps that are not installed from app stores. IMO having proper sandbox is still a thing in 2018.

And there are in fact “app cleaners” that do exactly this.

The app I use to do that is literally called AppCleaner, been using it for years it’s one of the first things I install.

For example, the other day I moved Word to the trash, 5 seconds later I get the AppCleaner pop up letting me know it found an additional 2GB of shit that Word just littered around my machine that wouldn’t have gotten removed by just deleting the app. And unfortunately, that definitely hasn’t even been the worst offender I’ve run into, and at this point I’m very rarely not surprised by the amount of leftover crap that doesn’t get removed when deleting an app.

> Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly. And it's same on all known OSes. The side effect we see is system size growing in time.

Unless I am mistaken, I don't think this is the case for iOS, Android, ChromeOS, FirefoxOS, and many game consoles.

This is really just a problem with desktop and server operating systems, not with operating systems as a whole. It's also getting bettwe with package managers, the Windows Store, and UAC.

Yes, I forgot to mention mobile OSes. Specially iOS, doesn't keep any app files on disk when app is uninstalled. Android apps tend to keep files regularly on SD card (virtual or real one). Some apps might benefit from this (eg. you don't have to redownload huge map files for navigation app), but paradoxically Sygic Navigation app isn't storing map files on sdcard, but some crappy apps, where it doesn't make sense are. So in practice it's not very different from what we have on PC.

UWP and/or the Windows Store has a way of packaging applications so they don't barf all over the system, assuming they're not maliciously designed to subvert this.

Frankly, the very concept of "installing" an application is a ridiculous invention. Many systems of the past had self-contained applications that could just be dragged around between disks, copied, and deleted, seamlessly meshing with the files & folders desktop metaphor. Of course none of those systems enforced this behavior, which is something we could do today but, for the most part, don't.

At least on Windows I have my pick of thousands of Portable Apps (and most Windows software can act as a portable app if you just extract it without installing it anyway, albeit still leaving junk in the registry). You know what's a great feeling? Being able to reinstall your OS and just pointing a new toolbar at wherever you keep your portable apps and being good to go.

You said ‘systems of the past’, but isn’t this how macOS works?

If I download an app, I’m anticipating a .dmg to mount, which holds a self-contained .app which runs anywhere, and a link to /Applications, to suggest a sensible place to put it.

It’s not enforced, but it is the norm.

> And it's same on all known OSes.

I guess you're missing one. Android allows you to remove everything that app created.

Total Uninstall. Basically a system diff tool. I run it before & after every install.

And this is where/when/why Docker (or other 'container' concept) will win.

Please do not make this a Pro / Enterprise feature. I do remote tech support for my parents and would love for them to browse / use apps in a sandbox.

Agreed. I'd go so as far to say that consumers -- especially technologically vulnerable ones like your parents, for example -- need this more than any other demographic.

Microsoft should make it easy to download, install and update on all non-Enterprise versions of the OS. This will also greatly reduce instances of a random ransomware holding critical data hostage and doing irreparable economic damage to small businesses (as was visible during the WannaCry episode last spring [0]).

[0] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

> Microsoft should make it easy to download, install and update on all non-Enterprise versions of the OS.

I'll take this one step further: Microsoft should make this as easy as "right click > Run in Sandbox". It would make the lives of everyone so much easier.

Think of it like giving your parent's a $100 present for Christmas, an upgrade from Win Home to Win Pro and your life will be so much easier.

Sure, but Microsoft could give the same gift to every parent out there. (I don’t mind buying windows pro for parents at all, issue is that when they buy a device it often does not come with pro preinstalled so there is a window where the device is vulnerable before I can remotely administer it)

Of course they could, but using that money they will go on to build another feature that you'll be able to use because you're already at the 'pro' level of their OS.

The alternative is to convince some engineers to create this same feature in their spare time and contribute it for free as a Linux package. Then they can get email about all of the things it doesn't do, and fix bugs in their spare time on a feature that all they see are complaints for. Until they burn out and the repo goes dead for a while and then gets picked up by one of those users who wants the feature to exist, and they make some improvements and get into an argument with another user who forks it and now there are two of them, almost the same but with a few features that are unique to each one. Of course for most of the users they either don't care and load one at random, or they do care and find features from the "other" system they want in the one that is being used. They send mail to the maintainers asking them to copy those features. Which adds more pain as the developers copy each other's features but they put their own special spin on them. This burns out more developers and a third person comes out and writes their own syntactically incompatible version that is functionally identical to the two different 'legacy' versions.

At this point I just pay the man his $100 and appreciate that the people working on the code are on it all day and can spend evenings with their family.

You underestimate your parents likelihood to overgeneralize your sandbox advice. I expect you will be receiving this call months from now:

"You told me to use sandbox to be safe, so I wrote critical document X in a sandbox because I want it to be safe, but now that I rebooted I've lost all of my work."

Agreed, this sounds like a genuinely useful feature, it’s a shame to hide it and restrict it to pro users only. Things like this should be “first class citizens” of the OS and in the spotlight for marketing.

That is what Windows store apps and MSIX sandbox are for.

Except Windows store apps are strictly worse than being able to run regular Windows software in a sandbox.

One of MSIX purposes is to package old style Windows software, your regular Windows software into Windows Store sandbox, hence why I mentioned it.

It is an evolution of desktop bridge, appx and msi.

I stand corrected.

I'm not much of a Windows user, but MSIX sounds great.

Does it add a simple context menu entry to convert an installer? Bonus points for straight up Install and even more for Run.

I see it's open source, so if it's missing it may be possible to make a distribution of it with those things implemented. Then one could install it and make it a default msi handler.

Edit: from what I see conversion is much more involved. Create a certificate and go through a wizard and fill out some forms. Correct me if the is a quick and easy convert option. Otherwise it's a nice thing that needs more development to be useful for a generic user.

MSIX is a developer feature, replaces appx and msi installers, while adding support for sandboxing in the process.


A generic user is supposed to just double click on an *.msix file to get it installed on the Windows Store infrastructure.

"Being just the start, MSI packages may very well be supported for at least a few more years on Windows 10. However, by looking on the GitHub repo of MSIX, there are some hints that Microsoft envisions a future where MSIX not only replaces the MSI but also creates a package format which cross-platform Microsoft applications can recognize and use on any platform (iOS, Android, MacOS, and Linux)."


> MSI packages may very well be supported for at least a few more years on Windows 10

This sounds like someone making installer stuff would say. MSI will be supported on modern OSes for much longer than "a few more years".

VB6 apps created in 1998 will be supported until 2025 at least. MSIs will be treated the same.

Windows Core OS doesn't support MSI by default. :)

You can't run a non-Store app in such a sandbox I believe?

Only when packaged via MSIX, which is why I mentioned it.

I wish MSIX was available on Windows 7 too. It would have much greater adoption.

why not just buy them a pro edition? I know it's more expensive, but that would also get you remote desktop, bitlocker, and group policy, which would all also be great for remote supporting your parents.

I would spend a few hundred extra dollars and just get a MacBook air or mini and install 1blocker on it.

Because you're still left with the same issue? MacOS's security technology is significantly behind Windows, only its relative obscurity protects it.

System Integrity Protection would protect against many of the same threats that Windows Sandbox would (since it prevents applications from doing extreme damage to the system even with root), and by default it only lets you install software from developers registered with Apple (either inside or outside the Mac App Store). It'd be more secure out of the box than a Windows system, as if you have admin and are willing to click "yes", you can let an application do anything on Windows (although most attacks can be prevented with the new features in Pro/Enterprise).

Windows 10 has identical defaults (Windows Store install only, with hard locks on certain parts of the system and an integrity checker).

All I know is my older and less tech savvy relatives experience pretty much no problems with Apple devices and iOS/macOS. And if they did, they can take it to the Apple store.

Because sometimes they buy a new computer and it is a while before I am able to visit them across the planet and install a new OS in it. Would really like a good out of the box experience.

You don't need to install a new OS, you just enter a Windows Pro license key to upgrade the version? Buy the key online, send it to your parents, tell them where to enter it, done.

Also I don't think your parents want to use that particular sandbox. There's no persistence at all: no bookmarks, no cookies, no history, no local documents, ...

The no persistence is why I like it. It would be ideal if I could ask my parents to do their entire browsing in an ephemeral sandbox and even if they end up clicking / installing something from a shady link it wont blow away their (real) persistent OS install.

Totally get that issue. It might be worth spending a day or weekend making a boot-disk for them that will wipe their current disk image, and install win10 pro with it set-up so you can remote admin it.

That way for your parents they just have to buy the pc, put the usb in and reboot it, and then call you when it's back on so you can remote in and give it a key and finish configuring it for them. I suppose even that might cause issues if you can't teach them or walk them through via facetime how to set the device to boot from the usb instead of the harddrive.

Hardware virtualization is a Pro feature in windows, so I doubt this is possible even if they wanted to (without moving virtualization to home edition).

I took an inventory of which apps my parents use: email, solitaire, Youtube, and some web browsing. That was it. Linux is good at doing those things, so I put them on Xubuntu (my preferred distro) about 8 years ago. Once my mom understood that the UI was similar enough to Windows, she didn't mind. Its been remarkably stable (and usable) ever since.

Ah, it's Pro because it's using Hyper-V.

Then make Hyper-v home.

Seriously this is a killer feature needed by everybody. And specially the non-pro users.

A lot (most?) of the hardware Home runs on doesn't support hardware virtualization.

Effectively all x86_64 hardware from the last 10+ years supports hardware virtualization, so I can't agree.

Aside from the points made by another reply (BIOS support, older CPUs), some machines have virtualization switched off by default because it's broken. I had a (fairly old) x86-64 laptop that would randomly hardlock while running VMs if I turned on hardware virtualization.

Not necessarily in the Bios settings. And there are CPUs without still.

£2,500 Dell XPS ships Home out of the box unless specified otherwise.

Windows SKU has nothing to do with hardware.


Actually I can't seem to configure that directly from dell to come with Pro lol. Seems there's a question about that too.

With Dell you have to buy the business version of a notebook to get Windows Pro. Your example would be [1][2]. Apart from price the main differences are that the business versions ship with Windows Pro and that they have better warranty (next-day onsite).

1: https://www.dell.com/en-uk/work/shop/tablets-and-2-in-1-lapt...

2: https://www.dell.com/en-uk/work/shop/laptops/new-xps-15-2-in...

The Windows Store in Windows 10 has a "one-click" $99 upgrade from Home to Pro, Dell doesn't really need to offer it as a configuration item anymore.

Agreed, but at least it isn't gated off like Windows Defender Advanced Threat Protection


Like get them to learn a lot of linux command lines?

I'm pretty sure that's not the only alternative... some others include a Chromebook, an iPad, a MacBook, or even installing a Linux distro and setting it up for them such that they don't need to use the CLI to accomplish the things they want to do.

But honestly, my opinion is that Windows 10 is not as fragile as earlier versions of Windows were.

If the parents' problem is that they install random software, that's not going to help them. I have seen MacBooks with twenty spyware browser extensions.

I really doubt that, but I can't easily argue with an anecdote, so sure. It happened, probably 15 years ago.

Windows was famous for tons of installers bundling toolbars, but that's never been an epidemic on Mac.

These days, Macs will not install unsigned software by default, and you can lock that down to App Store only with a single setting change, so they're certainly not getting bundled malicious toolbars from installing software... since distributing malware is a quick way to get your developer signature revoked, and you're certainly not going to be installing toolbars from the App Store sandbox.

That leaves manually installing malicious toolbars through the official extension store for whatever browser they use. All extension stores do their best to weed out malicious extensions these days, and it takes intentional effort to install extensions. It doesn't just happen while you're trying to do other things.

Obviously, toolbars don't even exist on iPads, and software installers bundling random malware is obviously not a huge concern on Chromebooks. A MacBook was not at the front of my list, so I don't know why you chose to singularly attack that option. Maybe you thought it was the easiest target?

But I don't think "it just happens" on windows either (outside of OEM crapware, which granted is pure dirt). Most of the time it is unsophisticated users led to click and install things themselves. An application signature won't help.

how would application signing not help?

if the OS won't let the user install the malware, that's the end of the line.

As I said in my original comment, I don't think Windows 10 is as fragile as earlier versions. A large part of this is the additional enforcement around application signing, even though it isn't as strong as what macOS does by default.

In earlier versions of Windows, it absolutely did "just happen" from a non-technical user's point of view. Linux, macOS, and (to a slightly lesser extent) Windows 10 do not allow it to "just happen".

>if the OS won't let the user install the malware, that's the end of the line.

except there's no definitive, 100% foolproof way to identify something as malware v. not-malware. If you put a bunch of dialogs in front of something, the site will just include a for-dummies illustration of what to click to allow the install. This will especially be the case if doing so is a prerequisite for receiving the new emoji pack, or whatever else it is that the people have been promised on the other side of those clicks.

We've been through this song and dance enough times that it's not a question of whether this will happen or whether users will fall for it. It's clear that it will and they will. Users do not read dialog boxes, they interpret them as noise and click through them. Operating systems can only protect the user from themselves up to a certain point, at least while retaining the ability to install third-party software.

My mom's computer(s) have been running Linux for probably 10 years now. This has kept her reasonably safe (especially as contrasted with my dad, who insists on Windows), but one time I went over to find some PDF injector-thing installed as a Chrome extension. From her POV, this "just happened".

While using a less-targeted platform helps a lot, online malfeasance is not a platform-specific problem. Pretending otherwise is kidding ourselves. Vigilance is always needed.

> some others include a Chromebook,

I.e. a web browser with a keyboard.

> an iPad

I.e. a content consumption tool, not a general-purpose computer.

> a MacBook

Fine if you can afford it.

> or even installing a Linux distro and setting it up for them such that they don't need to use the CLI to accomplish the things they want to do.

That's... possible, but tough. As someone who switched from Windows to Linux many years ago, I still see every distribution to be "leaking" the fact that it's a CLI-oriented ecosystem. They do that that especially when someone goes wrong.

All are valid alternatives if you carefully consider your parents' needs and discover they're extremely limited. But Windows would still be my first, default choice - because of a combination of its design and history, it's the cheapest commercial system that still lets you own your computing experience, and run professional software.

Most Chromebooks have Android applications now. So it's more like a browser and a tablet on steroids. Many newer ones (even cheap) have Linux support.

But of course as you said it's a game of trade offs. My father was using Windows years ago and because of constant service needs I set up Linux for him. It was easier for me to service it remotely. It was better, but far from perfect. Later on I bought him a new computer that had a Windows license, so with upgrade to Windows 10 I thought that it would be ok. My father wanted Linux back after a month or so. With newer distribution and newer computer it was much better than previously. Now it's pretty alright.

However I still think of something a bit more like ChromeOS. Then it would be quite maintaince free. Not Gallium, but a full distribution with same update model as ChromeOS.

Yeah, because you MUST use command line when running Linux. The Linux command line committee will make sure of that /s.

If you start from a rock-solid distro, install an adequate DE and do troubleshooting the Windows way (i.e. just reinstall and restore your data from a manual backup whenever things go haywire - which they shouldn't, anyway), you can absolutely get away with not using the Linux CLI, ever. Is this a sensible way of using a computer system? Perhaps not. Is it better than just staying on Windows 10 (provided that Linux itself addresses your needs, of course)? Absolutely!

Why? Major GNU/Linux based distributions have browsers, LibreOffice and most of the software ordinary people usually want.

Sandboxie has been providing similar functionality on versions of Windows since XP: https://www.sandboxie.com/

It's probably nowhere near as elegant as the Windows 10 feature, but it should be very handy if you have older versions of Windows!

I would want to know how the software works before really trusting it. Like, I am aware since XP (NT?) Windows has had some ability to drop privileges, but I have no idea what the Windows API offers for isolation. If it were to use a solution like patching NTDLL routines in memory it would be escapable by syscalling manually, so surely that can't be it. What is the magic API they can use to sandbox and isolate IPC, files, the registry?

Sandboxie is actually still superior to this Windows Sandbox, as it allows you to continually run an app in the sandbox. In Windows Sandbox, once you close the app, your stored data, settings etc. are gone.

But yes, it's UI is horrible and might be difficult to setup (apps with incorrect setup might not even run).

They clearly have different use cases, I don't think it's fair to say one is necessarily better because of it.

Yes you're right, I was bit harsh, but not intentionally.

Sandboxie is a UI nightmare IMO - it took me ages to work out how to launch a single program in a sandbox.

Interesting. How long ago was this? I've used Sandboxie for around 10 years and in that entire time, it has always just been a matter of right-clicking the program and "Run Sandboxed", even trivially accessing the sandboxed start menu via the notification icon.

I agree, been using Sandboxie for way over 6 years now and it's the easiest thing ever to use.

Yes it's one of the examples of brilliant coding marred by a very unintuitive user interface.

I've used it many times on occasion but always end up uninstalling it because it makes such simple things so complicated.

Apparently you've to uninstall Sandboxie for this update: https://i.imgur.com/oVKzdq0.png

You have to uninstall Sandboxie for every Windows (kernel version) update due to how deeply it is tied to the OS.

If you run a business the folks at http://bromium.com do this at an enterprise level.

Do you have any info that shows it's not "as elegant"? Sandboxie works great for me and has always done it's job.

No, but I assume the Windows kernel developers are more capable of wrestling with all the nitty gritty details than Sandboxie is (though it too provides a kernel driver in order to operate, I'm sure there's a lot of similarities).

Sandboxie is a broken POS. I gave up on it a few months ago after getting tired of having to troubleshoot why another app wasn't working the way it should.

I don't think that's a fair comment to make. It's obviously not broken. I've used it myself to run games downloaded from torrents and it was fine. It also supports office installations and a whole other loaf of stuff. Whilst I agree that the UI isn't the best (at least when I used it) calling it a piece of shit without providing specifics isn't helping anyone

Only Microsoft would come up with a new security feature and then intentionally and arbitrarily limit its availability to the most expensive version of their OS.

This is the same company that thinks putting ads in the fucking file explorer is appropriate on an OS they charge hundreds and hundreds of dollars for.

The same goes for full disk encryption, it isn’t included in the cheapest edition I installed on an old laptop for my mother. Now booting with veracrypt takes 2 minutes. Needless to say I had to get her a chromebook: new laptop, easy to use, secure and for the price of one windows license. This is what will get Microsoft in the end.

Secure and inexpensive as long as you don't mind paying with your privacy.

I'm worried that this is going to be the compromise we're all forced to make in the future.

This is a legitimate concern for me, but almost no part of my mother's life takes place online. She did have a mac, but lost that and there is no money for a new one. She also has an android phone, so the privacy argument applies here as well and is still very valid. Eventually I will get her on a mac or ubuntu laptop or something like that.

In terms of usability I have to tip my hat to Google. ChromeOS is very easy to use so far. Probably until chromebook vendors start adding all sorts of their own shitty tools and accounts like Huawei has done with their phones.

> Secure and inexpensive as long as you don't mind paying with your privacy.

There are obvious alternatives to ChromeOS that are just as secure and just as inexpensive (especially if you have some old hardware just laying around, or else you can just buy refurbished hardware - just about anything made in the last 10 years will do, if not more than that) - and not any less useful than a Chromebook. And they can be updated for as long as the hardware keeps going - they won't suddenly become "unsupported" after a mere five years.

Yeah, if you're technical enough, then for now you can still install and run Linux. That's probably not an option for OP's parents.

You can easily imagine that in the future hardware manufacturers will remove the ability to install a 3rd party operating system. It's already essentially impossible on a locked-down Apple iOS appliance.

Chrome wins on the mom, grandpa, etc. can easily use it... I've yet to see an OS that is less locked down that's easier to use in practice. Yes, privacy concerns. That said, it's still what I recommend for MOST people not interested in gaming.

Seems like the privacy situation isn't much better in Windows 10 tbh. At least Microsoft aren't an advertising company (for now) I suppose.

That's already the Android/iOS tradeoff, and that's assuming Android is considered secure now which it wasn't last time I was using it.

Umm, that's how economics work?

Privacy should not be a luxury good.

I question your mother's need for full disk encryption.

Everybody needs disk encryption. Loose your laptop on the train or in a cafe and all your browser cookies are out in the wild.

That's just the start, people store private stuff on their computers you know. Photos, letters, bank transactions, emails, contact lists.

Microsoft choice to make this not only non-default but even a premium feature is inexcusable. I already switched to Ubuntu for this reason alone. Now my life is much easier for many other reasons as well, like Docker.

While your statement is reasonable, it's interesting seeing a Mac user complain about things being too expensive. Is it fundamentally worse to overcharge for software over the hardware?

You misunderstand me, it has nothing to do with Windows being "too expensive", the point is that you've paid for it and they still abuse your privacy and shove ads down your throat at every opportunity.

By way of comparison, I willingly and happily pay more to use Apple hardware and software specifically because that money buys me a hell of a lot more privacy, security, and functionality than the equivalent amount of money would buy me in the Microsoft / PC ecosystem.

I am not misunderstanding you. Your entire comment was centered around a perceived unfairness regarding price:

> most expensive version of their OS.

> they charge hundreds and hundreds of dollars for.

To be clear here, I'm not defending Windows. I agree with you that what they do is not constructive for their users. I'm merely pointing out it's ironic for Mac users sit on their throne and decry Windows' practices while paying significantly more for non-upgradeable Mac hardware when if you really gave a shit about security and privacy, you'd buy reasonably priced PC hardware and install a linux distro.

Last I checked, App Store is absolutely filled with advertisements that I didn't request. Why is it so significantly worse that Microsoft happens to place theirs within Explorer? I think both are rather frustrating when you already paid for the software and/or hardware.

Are you seriously trying to claim that Macs are overpriced by hundreds of dollars by trying to compare them against an ATX desktop? Or do you have some more reasonable comparison in mind of Apple and non-Apple products that actually compete in the same market segment, and where the Dell/Lenovo/HP/whatever is significantly more upgradable?

And do you have any reasonable complaints about the security and privacy of a modern Mac with the T2 chip, or are you saying that anyone who cares at all about security should run Linux and spend 30% of their time wrangling with SELinux policies?

Not a parent commenter, but I have some examples of upgradeability/repairability. Dell XPS line of laptops has upgradeable storage and screwed-in batteries. 15" variant has upgradeable RAM and wireless card. The keyboard is attached with screws instead of being permanently fixed to chassis and costs significantly less to order and replace yourself should you find a need for it. Similarly in the worst case scenario, there are replacement motherboards on eBay for $550 or sometimes less which you could again order and replace yourself (or upgrade your base CPU option with).

And both 13" and 15" Dells have a fingerprint sensor which is as snappy as Touch ID without being bundled with a thin strip of touchscreen and a $200 price hike.

That's because these laptops are designed to be serviced on-site by repairmen who are not always so bright. So I imagine, similar HP offerings are as robust.

Dell's and HP's phone support and warranty support are super awful, though, so this may be a factor for you. For me, the difference between a drink spill costing $600 (and I do it myself) on a $2500 Dell versus $1500 (and I have to lose my files/get a new system) on a $1600 MBP (both true stories) is significant and I'm not rich enough to go for latter.

I think the problem is not that windows pro costs money. The problem is that Microsoft also sells a second-class version of their OS that is really shitty.

From a pure brand perspective, the smart move for Microsoft would be to stop selling windows home.

And while they are at it rethink the "OS as a service" strategy. I don't get the often cited comment on how Microsoft transformed itself under Nutella. They just take the steps they are forced to make because a lot of developers ran to different platforms.

I think MS-software to be less attractive than any time before. Be that windows, their office suite or their cloud landscape, which mainly excels at being slow. And stronger competitors are not the reason for decisions that are mostly not consumer oriented.

I have mixed feelings on this one... tbh, I wish I could pay MS $5-10/month to nuke all the passive-agressive ads. I reluctantly do so for YouTube already.

But the subscription model for windows makes a lot of sense, I think. Leaving people on older versions is the same as selling a crippled version of your OS

It seems to me that no matter what happens two classes of users are going to be created: those that can pay for security and those that cannot. Ultimately Apple's pricing means all their users are first class - hence security as a bread-and-butter feature on their platforms. In MSFT's case they're going to have low and high cost consumers, so they segment those users into the two relevant classes.

None of this is good, for anybody involved. IT security is like vaccines, it only works if everybody's got them. This one of my biggest issues with the current "ads let us have free software" defense of the advertising craze. Ads let us segregate users based on what features they can afford not to have, and unfortunately for most laypeople it's security and privacy that's on the chopping block.

What a mess. Typed from my iPad Pro.

> unfortunately for most laypeople it's security and privacy that's on the chopping block.

I think this is why we need legislation: The free market obviously can't sort this out to peoples' benefit.

I have a couple Android devices I can't figure out how to update, so I'm afraid to use them for anything serious. If the author isn't responsible for writing crappy code, and I can't fix it, then where's my lemon law?

I agree, but have one nitpick - it's not that the free market can't sort this out, but that this is exactly the solution the free market is set up to organically create. Can't afford the tech? Sell your identity to marketers! That's all free market and I don't think we give the "free market" (scare quotes because we're so far from that in actuality it's painful) enough credit for creating these exact problems.

It is not a better solution to take away the freedom of people who are willing to sell their privacy. For some, it’s the only way to afford a computer.

> Ultimately Apple's pricing means all their users are first class - hence security

Yeah... Good luck running the latest version of iOS on an older iPhone. (Many are still have a 5/6 and you really don't want to update those if you value a reasonable experience and latency.)

You do realize you're attacking the _one_ company which supports their phone for the longest period, do you?

IOS 12 can be installed on the 5S, which is the oldest 64 bit phone. It was launched in 2013.

iOS 12 runs on everything through the 5S, and notably improved performance over iOS 10/11 on the same devices. [1] is a bunch of benchmarks from back in the beta period.

My kid has it on a 6, and it's legitimately good performance there.

Good luck getting the latest Android onto a 5 year old handset without jumping through some non-trivial hoops.

[1]: http://www.iphonehacks.com/2018/09/ios-12-performance-improv...

I'm not speaking hypothetically, but from experience. I have a 4 year old 200gbp Android phone running Pie, took 10 minutes.

I also have an iPhone 8, this is an Ok phone but is a worse experience than the 4 year old Android phone. Despite the cost being much higher, the screen is worse quality, for instance.

My partner has a 6 and it is remarkably slower than both. To the point where you sometimes just want to give up on whatever you were trying to do while waiting for a map or Spotify to load.

Maybe your experience is different to ours, but I'm only reporting what I see from using all 3.

> I'm not speaking hypothetically, but from experience. I have a 4 year old 200gbp Android phone running Pie, took 10 minutes.

You're lying. Installing a custom third-party Android ROM is way more than a 10 minute process, your OnePlus X is barely more than 3 years old, and there's a huge difference between a random OS image you downloaded from a forum online and manufacturer-supported OS updates for a 5 year old phone.

Which cheapo Android has a better screen than an iPhone 8??

At the risk of wading into the iPhone vs Android battle...:

iPhone 8 vs Nexus 6 from 2014, back when Google marketed that series as reasonable Dev devices, not necessarily flagships.

326 ppi vs 493 ppi

750 x 1334 pixels vs 1440 x 2560 pixels


Somewhere there is a tongue in cheek meme comparing a sister phone, the Nexus 4, from 2012 against a 2016(?) iPhone and it's quite interesting how many features the Android phones had and were mildly credited for that when copied to iPhone were /world changers!!1/

Granted, Android phone manufacturers have wised up and besides things like the Nokia 6.1 you can't really get a good mid-range Android phone any more... it's mostly clustered around either the humble Moto E or the Note 9 price points.

I know my G1 had online contact syncing and updates while the iPhone still required a USB adapter.

OnePlus X specifically, but pretty much any that has a decent AMOLED.

>Yeah... Good luck running the latest version of iOS on an older iPhone. (Many are still have a 5/6 and you really don't want to update those if you value a reasonable experience and latency.)

Spoken like someone who's never actually used a 5 or 6 running iOS 12.

Nope I speak from experience, we have a 6 with iOS 12.

Also have an 8, which admittedly is an ok phone if horrendously overpriced but work paid for it so I can't complain.

I have a couple Android devices and I can't get them to update at all. I'm sure there's some kind of solution, but my time is really valuable to me: If all I have to do is spend £1k every four years (£20 a month) to not worry about this, it's a done deal.

I imagine that people who buy a Mac, want to have a Mac and it's their choice to pay. Maybe I am wrong. But people who buy a PC, have no choice but pay the Microsoft tax for the pre-installed Windows on it.

So, yes, it is reasonable to be angry when they put advertisement on the hardware that you paid on the OS that you paid together with the hardware. It is creepy, and belittling too.

Luckily IT professionals have yet the choice to install something else. Let's see how long it takes until we have no choice what software is allowed to run on devices that we buy.

Sorry for the rant.

I totally agree, Apple's markup on products must be astronomically high.

Am I the only one who doesn't see where the roughly $1000 price gap between the Honor Play and the newest(?) iPhone XS Max?. Their brand is really not worth that much to me anyhow.

"iPhone: About 1250 EUR, Honor Play: About 320 EUR" [1]

[1] https://www.gsmarena.com/compare.php3?&idPhone2=9230&idPhone...

For sure apple has a markup, but there is no way the Honor Play compares to the iPhone XS Max. Starting with the camera.

It also has that blank area at the bottom, whereas Apple had to basically invent some insane hardware gymnastics to not have that on theirs. The iPhone X screen bends around backwards at the base.

What do you mean by blank area?

I don't really know what to call it, although I've seen tech sites call it a "chin". The screen doesn't extend right to the bottom.

The 'chin' on newer Android phones is pretty thin anyway. And with gesture navigation becoming more common (see the newest Pie version, but plenty of OEMs offered gesture navigation before), starting the gesture from the "chin" (outside the touch area) is a nice convenience. The newer iPhones have that horizontal line at the bottom anyway, so it's not even clear what the cleanest design is.

Yeah I actually don't mind it at all. Just saying there's extra hardware (and R&D) expense in doing it Apple's way, in terms of the production cost of those two phones.

I paid 13€ for an Microsoft Windows 10 Pro OEM key. I thought everyone is doing this as well?

I paid 0 EUR for Linux. My school works with Windows stuff and Microsoft doesn't even provide us with free keys. It's ridiculous. Let's just keep all school stuff open source.

Power of defaults. People have Home, they stay on it.

Nonetheless, if you can go from Home to Pro with 13€ it feels quite ridiculous that there is a Home/Pro distinction at all from the very start.

I paid 0€ for the LTSB version just by changing the KMS server. I thought everyone is doing this!

Where did you buy such a cheap copy of Windows 10 Pro?

Those are digital (unused) licenses, that although can't technically be resold, they "can" be in Europe as they contradict a ruling made in 2012 (I don't have time to dig the link up, unfortunately).

Those cheap licenses are always used. They exploit the fact that these can be used to activate ~10 copies of Windows. It's even worse than that though. One seller could keep track of this limit, but what happens is that a bunch of sellers source their keys from other similar sellers. So they don't even know how many times a key has been used.

Last time I bought one of these 15€ keys for a friend, I had to write to the customer support over 10 times and shuffle through at least 6 different keys until one actually worked.

To be fair they aren't necessarily unused. I made the mistake of buying one once and had to jump through a lot of hoops to get Microsoft to activate it. I'm still not sure that it was entirely legal, if I'm honest.

I use a windows 8 retail key

Last time I tried a (legitimately owned) Windows 7 Ultimate key (around 6 months ago?) it still happily activated Windows 10 despite no longer being "officially" supported.

Where did you get such a deal?

I’d put oracle in that boat too.

Actually, I think it would be hard to find an enterprise software vendor who wouldn’t want to include extra functionality in their premium SKUs as a way to further differentiate them and encourage up-sell.

Extra functionality yes, but not a security feature. I'd understand making WSL or PowerShell a >= Pro feature, but something that is designed to secure users from malicious applications. That should be included with even the lowest SKU that can run win32 (its sad that this last qualifier is even required).

That's OK when you put enterprise features in enterprise versions. A regular user doesn't need to be able to run SharePoint, but they might want to get proper sandboxing of regular software.

I believe it's because the virtualization support is only limited to those versions. I might be wrong though.

On this note, because of the lack of virtualization support in Windows Home, in my small business we're encouraging everyone to get rid of Windows both at home and in the office. They've intentionally crippled Windows Home in a way which impacts us -- we want to support devs doing work from home or on their own hardware. But when their OS can't run Docker, that gets harder. No way we're going to buy Pro licenses for people's home machines just because Microsoft decided to flip a bit in their build scripts and suck even more blood.

Windows Pro is not expensive. That alone can hardly be worth the switch.

All other virtualization software runs fine on Windows Home.

Isn’t this basically a virtual machine, though? I don’t see anything special that you’d need a more expensive version of Windows for. This should be using your processor’s virtualization capabilities, right?

Yeah, but it uses their Hyper-V hypervisor, which is limited to the Pro and Enterprise versions for no reason other than money.

What other reason would there be to put an advanced feature in a more expensive version of something?

Agreed. Every time somebody complains about Microsoft doing business shrewdly and increasing their value to customers, I think "This is wht Linux never captured the desktop."

I don't get it. Linux never captured the desktop because they don't arbitrarily limit security features to people who pay more?

It is basically a virtual machine but note from the article:

- "One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine." - "we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”" - "More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows." (Note: it also works with OpenGL nowadays too)

Maybe you can achieve your workflow needs from Home + free 3rd party virtualization software but if you don't see anything special I'd recommend reading the article more carefully.

My perception with stuff like this has always been. Microsoft testing it out in the environment it's going to be used, and with expert supervision. Then after a couple of versions, normal users can get a solid version. I have seen this happen with Visual Studio and resounding tools.

They'd probably have to raise the price of their cheaper versions if they didn't do this. Seems like a good compromise for the consumer to me. Offset the cost of all of the fancy tech most people won't want or use to those willing to pay more and potentially use it.

Not having to risk your machine being compromised every time you run a third party executable is not fancy tech.

Try explaining how and when(!) to use this to your HR department, then tell me it's not fancy tech.

"My spreadsheet won't open" 'don't use sandbox for that' "But you said every file I downloaded" 'no, only exe'

"I opened the PDF exe, edited it, now it's gone" 'self-extracting zips from our payroll system are fine'

So right... this is clearly a "PRO" feature. For normal users the by far better solution is still: Do not install any EXE from unknown sources. Or even better: Do not install anything new in the first place.

Not that I disagree with what you're saying per se, since it really is the simplest option, but as technologists we really need to get over this idea that people shouldn't be allowed to actually use a computer to do computer stuff. Mobile OSs got it pretty close to right: self-contained applications that are sandboxed by default. We need to embrace that concept in personal desktop computers, only without the stupid store (and that includes a package manager) and with complete disk portability of the applications. Basically, the way desktop computer OSs worked in the 90s, only with sandboxing by default.


Who are these users who want/could make effective use of sandbox, but need none of the other features of pro, exactly?

What an odd response.

More abstractly: A company adds a new feature to help sell a product.

Disk encryption is also only available with Pro upwards.

It's not helping against the notion that Windows is insecure to use...

> come up with a new security feature and

While they sell this as something that protects against downloaded malware, I think this is going to be used a lot in software testing. We have lots of manual tests of desktop software that neads clean environments which is painful when e.g. comparing several versions side by side etc. This is great compared to running multiple full VM's side by side.

The Pro edition isn't the most expensive one...

You can get a pro key for 10 bucks.

> "Only Microsoft would come up with a new security feature and then intentionally and arbitrarily limit its availability to the most expensive version of their OS."

What's your point? How is that not a reasonable business model?

Charge more for enterprise features by all means, but if basic security concepts are something you feel the need to charge for, your priorities are fucked up.

It's hardly basic. It might seem so for you or - in general - people who frequent hn, but you'd have to spend a lot of time explaining why it's good to an average person running windows home.

There are a lot of basic, in the sense of foundational, things that are not basic, in the sense of easy to understand. I think "basic security feature" was meant in the former sense.

I wouldn’t worry because it won’t work anyway so you’re not losing anything. When they introduced Virtual Secure Mode in windows 10 with big fanfare, there was a CVE that followed almost immediately.

The case in point is it’s putting lipstick on a pig at this point. Every change that is made comes with another security or friction factor. Every problem solved creates two more.

They need to stop adding shit to it and fix what is already there.

>this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!

Swing and a miss. It's interesting how Microsoft will force their slow AV onto every win10 home edition device, yet won't give actual tools users can protect themselves with.

Power users get Pro, typical home users think that sandboxes are children playgrounds.

I'd argue that typical home users are the people who need this feature the most.

And I would argue they are better off with Windows S mode.

Tell that to my father who still uses decades-old software. I agree with the gp, Windows Home users need this feature the most.

Folks who don't mind Windows S would already be using android/ios.

"S Mode" (as opposed to Windows S which was briefly a separate SKU) in current builds of Windows 10 (Home/Pro/Enterprise) is now arbitrarily admin activatable/deactivatable. As your father's admin (assumedly in this example) you deactivate S Mode, install all the old apps, then reactivate S Mode. Your father still gets access to the old apps, and can install new apps from the Windows Store [1] without your involvement as admin. You just have switch it out of S Mode if your father finds another old CD or floppy behind the couch to (re-)install.

[1] I don't recall if S Mode currently allows sideloading non-Store but code-signed APPX/MSIX packages. I think it is supposed to? But I think my confusion is that it may differ (at least currently) between Windows Home in S Mode and Windows Enterprise in S Mode.

I don't think you can launch non-signed apps when S Mode is on. Does not matter, if you installed them when it was off.

Most people who use Windows are not paying for Pro. That includes the 'power users'. This is a feature that has to be enabled, having it in Home does 0 damage, yet gives the ability for those who don't have Pro to protect themselves.

I've found Defender to be a definite performance hit but what's a better option? I'd rather not have the subscription costs.

Not running a tool that makes your attack surface bigger in exchange for questionable benefits?

They've put Defender into a sandbox nowadays.


Insider only for now. But a very good move imo.

Okay, even if I take your comment about attack surface at face value, what are you suggesting? Surely not avoiding AV completely.

> Surely not avoiding AV completely.

Exactly that.

Ok, what about for the 99% of the population that that won't work for?

Well, I'm recommending it on HN, not on Facebook ;)

Use ChromeOS, Android, or iOS.

Seriously, AV is pointless software. It will false-positive often, it will false-negative slightly less often, and it will introduce a performance degradation 100% of the time regardless. It is a bad solution to the problem of malware.

You could use an AV but only run offline scans on a schedule.

I - and I'm quite sure it's common practice - have been doing something similar using VMware, desktop integration and shared folders. It's nothing close to a native integration but it does the work - and I've been able to render 3D applications pretty well (not at a professional level of course).

I've been wondering for a while what was preventing a virtual machine editor to step ahead in integration and let you run the hosts' applications in a safe, virtualized environment - I've had thoughts mixing a sort of overlayfs (no idea if that exists on Windows), RAM isolation, and chroot-like (again, no idea if that exists on Windows but there must be something similar, right?)

Anyway, I'm really happy to see Microsoft stepping ahead. Most programs downloaded online are simply unsafe - sometimes just for privacy reasons! - and I often don't feel comfortable running them on my bare metal OS (not even talking of cracked software).

When I first got back on using Windows after a long time on OSX then Linux (I'm not happy with recent Apple hardware, I'm missing a whole lot of entertainment/creation applications on Linux), I assumed Hyper-V would be the best option to have a reliable, built-in hypervisor on my system. I was wrong. My goal was to setup 2 VMs: Linux CLI only do development, Windows 10 for untrusted software. It worked but the graphics integration of the windows VM sucked, and the Linux VM was extremely unreliable - I can't recall exactly what happened but crashes were common, especially in situations like sleep resume, drivers updates etc.

I would like to finish this informative comment with a hope that this new "sandbox" feature fixes most of the problems I used to experience with hyper-V. I would also love to see the others - VMware and virtualbox - to implement such feature. Hopefully, this could bump the use of virtual machines at a personal level (agreeing on dman comment to, please!, make it a standard feature) and see better performances and painless integration in the future.

I think enabling this for Windows Home users would potentially turn into a bit of a support nightmare. The requirements for Sandbox include turning virtualization on in BIOS, it also recommends 8GB of RAM and 4 CPU cores with hyperthreading. Correct me if I'm wrong but most consumer laptops and desktops probably don't have a virtualization option in the BIOS and only a small percentage use 4 cores with hyperthreading. So it either won't work for a lot of Home users or even if it did run, performance wouldn't be great.

> most consumer laptops and desktops probably don't have a virtualization option in the BIOS

I haven't seen a single amd64 machine without a virtualization option (except Macs, which don't have a Setup menu in the firmware, but they have virtualization always enabled)

Did Microsoft fix the issue that when Windows virtualization is enabled then VirtualBox VMs do not run [0]? Better they focus some of their resources to fix that first.

If not yet, then Windows Sandbox it is a less useful feature that it may seem, because we have to choose between Windows Virtualization and VirtualBox VM snapshots all the time.

[0] https://www.virtualbox.org/ticket/16801

This. I cannot use docker on my gaming rig to use it as dev machine sometimes because I need VirtualBox on it.

You can use docker-machine with VirtualBox. It is not smooth as the native Docker experience, but it is good enough.

Isn't it just a case of changing a registry value and rebooting?

If switching from games to dev work requires manually patching the system registry and rebooting, then something is horribly wrong.

Yes, it was fixed last week in VirtualBox 6.0, which now uses Hyper-V APIs at the cost of reduced performance.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact