Seems like a really nice feature. I've been thinking about something like this for a while.
I see some people are really annoyed that it isn't available for the Home version and I too am somewhat annoyed but in this case it is somewhat understandable since it depends on a feature that is (somewhat more reasonable) limited to Pro versions.
The thing that annoys me more (hi MS guys, feel free to tell the relevant people about this) is how they have started to add ads to the login screen and my start menu - even in the Pro version!
I'm on KDE now so I cannot verify this since the last few months, and probably shouldn't care but given that MS has become a lot nicer in a lot of areas it really should bug developers and PR people there that PMs or bean counters (sorry to all good accountants and PMs out there) are allowed to destroy all the work you put into making people love you.
- Clumsy installation process (unless you where in a position where you didn't have to rely on OEM crap, i.e. unless you where an IT pro or enthusiast)
- Performance. My builds would easily take 50% more time on the same hardware with Windows. Git was slower. Node was slower.
- Ecosystem. Until WSL getting access to standard tooling was kind of clumsy (respect for Cygwin, but still). Even after WSL it is still clumsy (who can tell my how to activate WSL without consulting duckduckgo? I've done it twice and I still cannot say for sure).
- Package management: Used to be non-existent (except again cygwin). Now it is just clumsy (a mix of Windows Store, WSL apt-get and Chocolatey should get you most of the stuff you need.)
- Licensing. I'm no die hard free software person, but many of the standard programs on Windows are directly user hostile (Acrobat Reader comes to mind).
- Until recently Windows also lacked basic desktop manager features like multiple desktops.
- Not directly Microsofts fault, but if people like me are using Windows it is often because someone I work for demand it. Usually that also means having to deal with an IT department running Active Directory and all the "interesting" consequences that has, even for someone who is part of said IT department like I've been. (Getting locked out from your files because an admin flipped a switch? Check! Someone swapped regional settings across a group of machines that I was responsible for and locked them, causing all POS systems to fail with no way to fix them? Check! Having to wait for all kinds of scripts that run on logon? Check! Accept having basic parts of your user experience set by it department? Check! Again this is not MS fault directly but back when I first experienced working with Windows in companies for some reason Active Directory seemed to attract people who wants to to those kinds of things and/or it has a power to make them want it. </rant>
> I see some people are really annoyed that it isn't available for the Home version and I too am somewhat annoyed but in this case it is somewhat understandable since it depends on a feature that is (somewhat more reasonable) limited to Pro versions.
Hyper-V does function under the garb of 'Windows Hypervisor Platform' and 'Virtual Machine Platform' even under Windows 10 Home. I have it installed and it provides the virtualisation capabilities for Device Guard and Core Isolation/Memory Integrity.
Virtualbox from version 6 has been forced to fallback to Hyper-V when the latter is running, as it doesn't relinquish control to another virtualisation software.
So there is no reason why MS cannot implement Windows Sandbox even on Home since the underlying tech actually functions on all Windows editions, provided hardware support is there.
> So there is no reason why MS cannot implement Windows Sandbox even on Home since the underlying tech actually functions on all Windows editions
By that logic Microsoft could also allow Windows 10 Home to run Active Directory. The reason there's a Pro/Home split is a commercial decision not a technical one, so trying to view it through a technical lens is faulty.
Regardless, if we want to talk about security features Windows 10 Home "should" have, let's talk AppLocker one of the most powerful security tools available. My computer illiterate relatives aren't going to be dropping into Sandbox to test potentially dangerous executable, but AppLocker could be set and forget, blocking execution of dangerous items.
The only thing Microsoft offers on Home is the highly self-serving "Allow apps from the store only." Which adds as many problems as it solves.
> By that logic Microsoft could also allow Windows 10 Home to run Active Directory. The reason there's a Pro/Home split is a commercial decision not a technical one, so trying to view it through a technical lens is faulty.
You misread the post.
eitland was saying that:
1) sandbox needs hyperv for technical reasons
2) hyperv is not in home for commercial reasons
3) therefore home can't have sandbox
Santosh83 wasn't trying to view the entire thing through a technical lens. Their post has an implicit understanding of the commercial argument when it comes to unlocking the full hyperv feature set. They were simply correcting the technical portion of someone else's argument.
But your computer illeterate relatives wouldn't know how to set applocker in the first place, so it does fall within the realm of managed machines which is kind of what pro is for.
It should be turned on by default then with an override option, so that the average home user can't install stuff that'll bork the system without being warned. Just like SIP in OS X or Developer Mode on Chromebooks (although that's more extreme).
I digress. With the exception of biological disease there has never been a problem that more money couldn't solve. Whoever believes otherwise simply doesn't have enough money (or doesn't want to spend enough money) to accomplish what they're trying to do. Especially with computers.
Technically it's free, if you wait long enough. If you wanted to be free of their influence then enough money to relocate into space or another planet without volcanoes. If you wanted to get rid of volcanoes on Earth then your best chances would likely be to try and slow the rotation of the Earth by sapping angular momentum, expensive and slow but it should work I think!
Compatibility and familiarity most likely. Server cuts pretty much everything that wouldn't be used by a role such as remote desktop host, what you see left is what is actually used in real world cases. In the particular case of links to Videos/Music the remote desktop host role would need to support them. I mean yeah they could dynamically add the links based on use case discovery of which roles that need them... or they could just include the default explorer profile and nobody really cares that the links are there as they are on every other Windows install.
Now when it comes to things meatier than a few shortcuts they are much more willing to go modular. See nano server.
If you dig around in settings you can disable those ads (aka "suggestions").
I've not found a way to stop Defender from advertising Microsoft accounts or OneDrive via the security warning system. But they can at least be dismissed until the next feature update puts them back.
> But they can at least be dismissed until the next feature update puts them back.
This is damning praise. If intentional it means users are't being offered permanent control of the software, only momentary changes. I dare say they aren't even 'options' at that point since the word implies lasting choice; at least for me.
Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly. And it's same on all known OSes. The side effect we see is system size growing in time.
IMO running an app in a sandbox should be the default option.
On Windows, I used to like sandboxie, which virtualized every write into single directory. Uninstall was easy as removing that dir.
This MS sandbox doesn't allow you to continually run an app in the sandbox, as all data get's destroyed on app close, so it's not sandboxie (or similar) replacement.
> Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly.
This has always been the case on Windows. In fact if anything, nowadays it’s better than its ever been because thanks to the UAC and other controls Microsoft have put in place, developers aren’t so free to do whatever they like to the host machine. But that’s remember a time before the UAC when it would often be common practice to reinstall the OS on a semi-regular basis (not something I personally engaged in but a great many of my peers used to).
> And it’s same on all known OSes
It really isn’t. On platforms with a proper package manager you can query what files get installed where. A great many package managers even let you query a file system file and see which package installed it.
Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).
It really is. I'm not talking about app binaries only. But about all files that app creates after install. Most of the reside in home dir, but stays there forever. Like various cache files, settings, ... And most of the time they are not confined to single dir.
That has always been the case though. For as long as I've use Linux as a desktop my $HOME directory has been littered with dot-files and folders. And as for Windows, things used to be so much worse. Since the UAC, Windows applications have been limited in where they can write to lest they annoy their users with frequent escalation prompts. Before the UAC developers often used to write files all over the place - it was a complete nightmare! In fact one of the primary purposes of the UAC - as I recall - was to reign developers in.
Even the UAC aside, on Windows you now have the application data directory and permissions on the registry which both take some reliance off random files dumped anywhere. Before then Windows was like the wild west. And we're not talking that long ago in terms of the history of Windows - Vista was released 11 years ago and it took a few years after that for developers to catch up.
Plus with the trend of moving everything to the web, you're getting fewer native applications which can write those random files in seemingly random locations (that's one of the few good things about the move to web applications in my personal opinion).
You'll always have problems with developers having their own opinions - that's inescapable. But things used to be so much worse.
> Most of the reside in home dir, but stays there forever. Like various cache files, settings, ... And most of the time they are not confined to single dir.
I think you need to support that statement. I believe the vast majority of software on common Unix distros creates no files in $HOME[1], and of those that do the majority use one folder in home[2], which *should+ be used for configuration, and often you don't want it automatically uninstalled on software removal.
The few I can think of that quote to multiple locations do so because the extra locations are shared folders. For example, I would not want my downloads directory removed on uninstallation of Firefox.
1: E.g. Most things in /bin, and /usr/bin.
2: other than what I outlined above, I can't think of any that use multiple directories. If it's truly a common as you say, you should be able to provide some examples.
He's referring to the XDG standard [0], I think. It used to be that all persistent user-configuration resided in ~/.${appname}, but some people were unhappy with that so they recreated the etc|var|lib|tmp filesystem usage distinction inside users' home directories. This means that an application's user files are now spread across $XDG_DATA_HOME, $XDG_CONFIG_HOME, $XDG_CACHE_HOME and $XDG_RUNTIME_DIR.
You're contradicting yourself in your first and second paragraph...
Those proper package managers still rely on the packager doing things correctly - just as it would creating a windows .msi.
There's plenty of linux packages that creates files during operation in their designated /var/log/xxx /var/db/xxx /etc/xxx /home/xxx/ directories that you're not able to query using the package manager.
> You're contradicting yourself in your first and second paragraph...
Those two paragraphs are talking about different OSs. 1st paragraph is talking about Windows, 2nd paragraph is talking about non-Windows systems with first-class package managers such as ArchLinux, Debian, CentOS, FreeBSD, etc.
> Those proper package managers still rely on the packager doing things correctly
Sure, but the point is you can query what the package manager has done.
> There's plenty of linux packages that creates files during operation in their designated /var/log/xxx /var/db/xxx /etc/xxx /home/xxx/ directories that you're not able to query using the package manager.
That's half true. You can query that /var/db/xxx and /var/log/xxx has been created by the package manager and often the directories (and their contents) will be owned by the user which the daemon runs under.
However I do agree with the point regarding your $HOME directory and actually made that point myself:
> Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).
As an aside, you can also query what files a particular application has open. In fact there are a few ways to do this from querying the /proc/$PID directory through to tools like `lsof`.
I have plenty of files in /var/lib/ that are not owned by any package, same in /var/log/ , /var/cache/ , /etc/sysconfig/ and other directories - their parent directory is owned by a different package than the ones creating these files.
I'm not arguing that a decent package manager is a better than none - but they are solving all issues you claim they do.
Pretty much all OSs, including windows, have ways to view which processes has a file open
> I have plenty of files in /var/lib/ that are not owned by any package, same in /var/log/ , /var/cache/ , /etc/sysconfig/ and other directories - their parent directory is owned by a different package than the ones creating these files.
Got any examples of that? You'd expect only docker to write to /var/lib/docker, mysql to write to /var/lib/mysql. etc. Not discounted that I've overlooked something but a quick look in my /var/lib and it's easy to see what is managed by what. So I'm curious what instances you have of a package manager creating a directory and then a completely unrelated daemon writing to that directory.
> I'm not arguing that a decent package manager is a better than none - but they are solving all issues you claim they do.
I'm not claiming they solve all the problems - in fact I literally identified a few problems they don't solve! Plus even those points I identified aside, there will always be edge cases for thing that package manager should have solved but failed to do so.
Perhaps we should turn this discussion on it's head and discuss better ways to solve the problems people are describing? What would your solution be? Or are you ostensibly agreeing with my points but being contrary just for the sake of playing devils advocate?
> Pretty much all OSs, including windows, have ways to view which processes has a file open
Isn't that literally what I just said? (plus I gave a few examples too).
Thank you. I've not used certbot so excuse the dumb question, but is certbot doing that during install (ie via the package manager) or during program execution (ie when the certbot ELF is launched)?
I shouldn't expect too much in /lib/systemd/system is installed outside of package managers but I agree it does happen and at least they're generally quite easy to identify which service file does what.
crontab is definitely one of those nasty things that can often get forgotten about though (and I speak from unfortunate experience there hah!)
We're really drifting into the domain of Puppet and it's ilk now though.
I'm not sure when those files get created, I just knew about that example off the top of my head because I had to spend some time figuring out why our post-renew hook wasn't working.
dpkg -L helps a lot when figuring out where all the files get spread.
Isn't the parallel to UAC a properly configure SELinux? I thought that was the component that lets process rwx from certain locations? I guess a full comparison may be including applocker too.
Not to hot on linux management options I just install the thing over and over.
One trick I use when trying to see where in $HOME a program creates files is to create a new user with an empty $HOME, run the program and then see what files were created. If it's a GUI program, give it permission to run from your regular user with xhost so you don't need to login through the desktop manager.
well, I usually do something alike, though just by changing the environment variable: HOME=$HOME/tmp myprogram. Symlinking the .Xauthority file (if using X) works quite well.
I actually always run that way most applications that do not fully adhere to the XDG base dir specification.
> Of course you still have the problem of the software writing files during its operation but that should be limited to $HOME (on POSIX systems) or any path that is writable by the owner / group of the user that application runs as (which should be limited even if it’s a system service).
The really tricky problem is when a package must modify an existing shared resource. Such as appending lines to an existing config for example.
The really tricky problem is when a package must modify an existing shared resource. Such as appending lines to an existing config for example.
This is currently solved by having applications support both a config file and a config.d directory. The primary owner (package) of the resource modifies the conf file, while secondary packages drop their own config in conf.d/${package}. Numerous examples exist: logrotate, rsyslog, apache, nginx, systemd and apt come to mind.
Yeah that's exactly what's happening. But Arch is an intentionally hands on distro (eg it doesn't even ship a an installer - instead you're expected to do everything yourself via the command line).
Obviously this wouldn't be to everyone's tastes but it's good that market is catered in my opinion (but then I would say that as I'm very much a hands on person).
I've had the installation of apt-get packages permanently hose an ubuntu or debian install. It's all up to packagers to author their packages right so they don't leave garbage on your machine that you have to manually clean up (or give up and reformat).
You're comment is very light on detail so it's hard to understand your issue properly but I've been running Linux as my primary desktop for more than 15 years and have managed literally hundreds of Linux servers too and never had a package manager hose my platform (big caveat: aside the notorious `filesystem` update on ArchLinux but that one is an extreme edge case scenario due to the rolling release nature of Arch. However even package was well documented on Arch's site beforehand as being a package that required manual steps to upgrade).
It's true that Linux package managers used to be buggy and problematic in the 90s but those days have long since gone. And while I'm not discounting that a package upgrade could damage your system, the instances when they do are highly unusual rather than a typical problem users face with each and every upgrade. In fact Windows sysadmins have far more dread with running Windows updates than Linux admins do and yet Windows updates are only focused on Microsoft products rather than every piece of software on the system.
> It's all up to packagers to author their packages right so they don't leave garbage on your machine that you have to manually clean up (or give up and reformat).
Actually it's not. It's up to the application developers to do that. If you specify a package to install a file `x` to location `y` then the package manager will uninstall that file automatically too. You don't specifically need to tell the package manager to do that (or at least not with any of the packaging systems I've used). But if the application developer writes the application to spew out thousands of files into $HOME, that happens outside of the package manager. There isn't a whole lot you can do to stop that aside limit the directories which your application has permission to write to (either via chroot, containerisation, user/group permissions, SELinux, or other forms of ACL. There's actually plenty of tools on Linux / UNIX to handle that problem).
Don't know about apt specifically, but using pacman (Arch Linux), you can list exactly what files on your filesystem were installed by what package and remove them. You can't do this on Windows, as far as I know.
Yes firejail is awesome, but you can only block writes to directories. What I'm looking for is an option to redirect all writes to single directory. This should be transparent (app still might think is writing willy nilly, but in reality all writes would be redirected let's say to ~/app).
I'm pretty sure you actually can do this with firejail, see: --overlay and --overlay-named. For some reason it looks like these are hardcoded (yay, UNIX culture!) to point to `$HOME/.firejail/<progname or name>`.
File writes for application files are rarely the problem any more.
The problem is that in order to function correctly (For some definition of correct, but say e.g. to associate file extensions, create shortcuts, start automatically, install a dependency such as a C++ runtime patch, whatever) the program needs to write to subsystems of the OS in a non-reversible way. It's also very HARD to do these things (create setups) because systems like Windows Installer aren't trivial to use. Every time a setup author makes a mistake there is a risk of stuff being left behind.
Fundamentally, what you are doing is you are in state A when installing the program, creating state B. Then you continue to modify the system simply by using it or installing some more software creating state C. If you now uninstall the first software you don't have anything but a script undoing A->B, which run backwards can only do B->A, but you are in state C and you don't want to first run C->B because you want to keep the other parts of state C. So the uninstall script has to run in unknown territory (a file may have changed, a later dependency version may have been installed globally, a registry entry may not exist because they are NOT isolated per application etc) so the uninstall script just has to do what it can.
A sandbox could be a solution to this, where the sandbox contains diff views over some immutable base image. It probably is a lot easier to do (and do efficiently) with OS support.
Isn’t macOS doing that? The Mac App Store only allows sandboxed apps and macOS allows almost only apps from the store to be installed (+ certified developers) unless you change the system's settings.
On macOS some protection was added, so apps cannot write to system protected directories.
But I was talking about all files that app creates. Like files in home dir (eg. ~/Library). If you remove the app, those files stay there and occupy space.
The only way you can partly clean up the mess, is to delete home dir from time to time (but backup important files first). Even then, there might still be files in /usr/local etc.
A macOS app installed from the app store can only write to ~/Library/Containers/name.of.app.bundle. Those are not automatically trashed (as far as I know), but it is much easier to clean than the whole ~/Library. Actually, if all your apps are in /Applications it would be easy to write a small script that deletes everything in Containers that's a: not from Apple and b: doesn't have a app bundle identifier in /Applications
TBH I didn't know about that. Probably same situation is with Windows UWP apps installed from store (but there is special permission to grant access to whole fs, which allow app write outside it's sandbox dir). Anyway there are so many apps that are not installed from app stores. IMO having proper sandbox is still a thing in 2018.
The app I use to do that is literally called AppCleaner, been using it for years it’s one of the first things I install.
For example, the other day I moved Word to the trash, 5 seconds later I get the AppCleaner pop up letting me know it found an additional 2GB of shit that Word just littered around my machine that wouldn’t have gotten removed by just deleting the app. And unfortunately, that definitely hasn’t even been the worst offender I’ve run into, and at this point I’m very rarely not surprised by the amount of leftover crap that doesn’t get removed when deleting an app.
> Nowadays it's almost impossible to uninstall an app completely, because most of them creating files willy nilly. And it's same on all known OSes. The side effect we see is system size growing in time.
Unless I am mistaken, I don't think this is the case for iOS, Android, ChromeOS, FirefoxOS, and many game consoles.
This is really just a problem with desktop and server operating systems, not with operating systems as a whole. It's also getting bettwe with package managers, the Windows Store, and UAC.
Yes, I forgot to mention mobile OSes. Specially iOS, doesn't keep any app files on disk when app is uninstalled. Android apps tend to keep files regularly on SD card (virtual or real one). Some apps might benefit from this (eg. you don't have to redownload huge map files for navigation app), but paradoxically Sygic Navigation app isn't storing map files on sdcard, but some crappy apps, where it doesn't make sense are. So in practice it's not very different from what we have on PC.
UWP and/or the Windows Store has a way of packaging applications so they don't barf all over the system, assuming they're not maliciously designed to subvert this.
Frankly, the very concept of "installing" an application is a ridiculous invention. Many systems of the past had self-contained applications that could just be dragged around between disks, copied, and deleted, seamlessly meshing with the files & folders desktop metaphor. Of course none of those systems enforced this behavior, which is something we could do today but, for the most part, don't.
At least on Windows I have my pick of thousands of Portable Apps (and most Windows software can act as a portable app if you just extract it without installing it anyway, albeit still leaving junk in the registry). You know what's a great feeling? Being able to reinstall your OS and just pointing a new toolbar at wherever you keep your portable apps and being good to go.
You said ‘systems of the past’, but isn’t this how macOS works?
If I download an app, I’m anticipating a .dmg to mount, which holds a self-contained .app which runs anywhere, and a link to /Applications, to suggest a sensible place to put it.
Agreed. I'd go so as far to say that consumers -- especially technologically vulnerable ones like your parents, for example -- need this more than any other demographic.
Microsoft should make it easy to download, install and update on all non-Enterprise versions of the OS. This will also greatly reduce instances of a random ransomware holding critical data hostage and doing irreparable economic damage to small businesses (as was visible during the WannaCry episode last spring [0]).
> Microsoft should make it easy to download, install and update on all non-Enterprise versions of the OS.
I'll take this one step further: Microsoft should make this as easy as "right click > Run in Sandbox". It would make the lives of everyone so much easier.
Sure, but Microsoft could give the same gift to every parent out there. (I don’t mind buying windows pro for parents at all, issue is that when they buy a device it often does not come with pro preinstalled so there is a window where the device is vulnerable before I can remotely administer it)
Of course they could, but using that money they will go on to build another feature that you'll be able to use because you're already at the 'pro' level of their OS.
The alternative is to convince some engineers to create this same feature in their spare time and contribute it for free as a Linux package. Then they can get email about all of the things it doesn't do, and fix bugs in their spare time on a feature that all they see are complaints for. Until they burn out and the repo goes dead for a while and then gets picked up by one of those users who wants the feature to exist, and they make some improvements and get into an argument with another user who forks it and now there are two of them, almost the same but with a few features that are unique to each one. Of course for most of the users they either don't care and load one at random, or they do care and find features from the "other" system they want in the one that is being used. They send mail to the maintainers asking them to copy those features. Which adds more pain as the developers copy each other's features but they put their own special spin on them. This burns out more developers and a third person comes out and writes their own syntactically incompatible version that is functionally identical to the two different 'legacy' versions.
At this point I just pay the man his $100 and appreciate that the people working on the code are on it all day and can spend evenings with their family.
You underestimate your parents likelihood to overgeneralize your sandbox advice. I expect you will be receiving this call months from now:
"You told me to use sandbox to be safe, so I wrote critical document X in a sandbox because I want it to be safe, but now that I rebooted I've lost all of my work."
Agreed, this sounds like a genuinely useful feature, it’s a shame to hide it and restrict it to pro users only. Things like this should be “first class citizens” of the OS and in the spotlight for marketing.
I'm not much of a Windows user, but MSIX sounds great.
Does it add a simple context menu entry to convert an installer? Bonus points for straight up Install and even more for Run.
I see it's open source, so if it's missing it may be possible to make a distribution of it with those things implemented. Then one could install it and make it a default msi handler.
Edit: from what I see conversion is much more involved. Create a certificate and go through a wizard and fill out some forms. Correct me if the is a quick and easy convert option. Otherwise it's a nice thing that needs more development to be useful for a generic user.
"Being just the start, MSI packages may very well be supported for at least a few more years on Windows 10. However, by looking on the GitHub repo of MSIX, there are some hints that Microsoft envisions a future where MSIX not only replaces the MSI but also creates a package format which cross-platform Microsoft applications can recognize and use on any platform (iOS, Android, MacOS, and Linux)."
why not just buy them a pro edition? I know it's more expensive, but that would also get you remote desktop, bitlocker, and group policy, which would all also be great for remote supporting your parents.
System Integrity Protection would protect against many of the same threats that Windows Sandbox would (since it prevents applications from doing extreme damage to the system even with root), and by default it only lets you install software from developers registered with Apple (either inside or outside the Mac App Store). It'd be more secure out of the box than a Windows system, as if you have admin and are willing to click "yes", you can let an application do anything on Windows (although most attacks can be prevented with the new features in Pro/Enterprise).
All I know is my older and less tech savvy relatives experience pretty much no problems with Apple devices and iOS/macOS. And if they did, they can take it to the Apple store.
Because sometimes they buy a new computer and it is a while before I am able to visit them across the planet and install a new OS in it. Would really like a good out of the box experience.
You don't need to install a new OS, you just enter a Windows Pro license key to upgrade the version? Buy the key online, send it to your parents, tell them where to enter it, done.
Also I don't think your parents want to use that particular sandbox. There's no persistence at all: no bookmarks, no cookies, no history, no local documents, ...
The no persistence is why I like it. It would be ideal if I could ask my parents to do their entire browsing in an ephemeral sandbox and even if they end up clicking / installing something from a shady link it wont blow away their (real) persistent OS install.
Totally get that issue. It might be worth spending a day or weekend making a boot-disk for them that will wipe their current disk image, and install win10 pro with it set-up so you can remote admin it.
That way for your parents they just have to buy the pc, put the usb in and reboot it, and then call you when it's back on so you can remote in and give it a key and finish configuring it for them. I suppose even that might cause issues if you can't teach them or walk them through via facetime
how to set the device to boot from the usb instead of the harddrive.
Hardware virtualization is a Pro feature in windows, so I doubt this is possible even if they wanted to (without moving virtualization to home edition).
I took an inventory of which apps my parents use: email, solitaire, Youtube, and some web browsing. That was it. Linux is good at doing those things, so I put them on Xubuntu (my preferred distro) about 8 years ago. Once my mom understood that the UI was similar enough to Windows, she didn't mind. Its been remarkably stable (and usable) ever since.
Aside from the points made by another reply (BIOS support, older CPUs), some machines have virtualization switched off by default because it's broken. I had a (fairly old) x86-64 laptop that would randomly hardlock while running VMs if I turned on hardware virtualization.
With Dell you have to buy the business version of a notebook to get Windows Pro. Your example would be [1][2]. Apart from price the main differences are that the business versions ship with Windows Pro and that they have better warranty (next-day onsite).
I'm pretty sure that's not the only alternative... some others include a Chromebook, an iPad, a MacBook, or even installing a Linux distro and setting it up for them such that they don't need to use the CLI to accomplish the things they want to do.
But honestly, my opinion is that Windows 10 is not as fragile as earlier versions of Windows were.
If the parents' problem is that they install random software, that's not going to help them. I have seen MacBooks with twenty spyware browser extensions.
I really doubt that, but I can't easily argue with an anecdote, so sure. It happened, probably 15 years ago.
Windows was famous for tons of installers bundling toolbars, but that's never been an epidemic on Mac.
These days, Macs will not install unsigned software by default, and you can lock that down to App Store only with a single setting change, so they're certainly not getting bundled malicious toolbars from installing software... since distributing malware is a quick way to get your developer signature revoked, and you're certainly not going to be installing toolbars from the App Store sandbox.
That leaves manually installing malicious toolbars through the official extension store for whatever browser they use. All extension stores do their best to weed out malicious extensions these days, and it takes intentional effort to install extensions. It doesn't just happen while you're trying to do other things.
Obviously, toolbars don't even exist on iPads, and software installers bundling random malware is obviously not a huge concern on Chromebooks. A MacBook was not at the front of my list, so I don't know why you chose to singularly attack that option. Maybe you thought it was the easiest target?
But I don't think "it just happens" on windows either (outside of OEM crapware, which granted is pure dirt). Most of the time it is unsophisticated users led to click and install things themselves. An application signature won't help.
if the OS won't let the user install the malware, that's the end of the line.
As I said in my original comment, I don't think Windows 10 is as fragile as earlier versions. A large part of this is the additional enforcement around application signing, even though it isn't as strong as what macOS does by default.
In earlier versions of Windows, it absolutely did "just happen" from a non-technical user's point of view. Linux, macOS, and (to a slightly lesser extent) Windows 10 do not allow it to "just happen".
>if the OS won't let the user install the malware, that's the end of the line.
except there's no definitive, 100% foolproof way to identify something as malware v. not-malware. If you put a bunch of dialogs in front of something, the site will just include a for-dummies illustration of what to click to allow the install. This will especially be the case if doing so is a prerequisite for receiving the new emoji pack, or whatever else it is that the people have been promised on the other side of those clicks.
We've been through this song and dance enough times that it's not a question of whether this will happen or whether users will fall for it. It's clear that it will and they will. Users do not read dialog boxes, they interpret them as noise and click through them. Operating systems can only protect the user from themselves up to a certain point, at least while retaining the ability to install third-party software.
My mom's computer(s) have been running Linux for probably 10 years now. This has kept her reasonably safe (especially as contrasted with my dad, who insists on Windows), but one time I went over to find some PDF injector-thing installed as a Chrome extension. From her POV, this "just happened".
While using a less-targeted platform helps a lot, online malfeasance is not a platform-specific problem. Pretending otherwise is kidding ourselves. Vigilance is always needed.
I.e. a content consumption tool, not a general-purpose computer.
> a MacBook
Fine if you can afford it.
> or even installing a Linux distro and setting it up for them such that they don't need to use the CLI to accomplish the things they want to do.
That's... possible, but tough. As someone who switched from Windows to Linux many years ago, I still see every distribution to be "leaking" the fact that it's a CLI-oriented ecosystem. They do that that especially when someone goes wrong.
All are valid alternatives if you carefully consider your parents' needs and discover they're extremely limited. But Windows would still be my first, default choice - because of a combination of its design and history, it's the cheapest commercial system that still lets you own your computing experience, and run professional software.
Most Chromebooks have Android applications now. So it's more like a browser and a tablet on steroids. Many newer ones (even cheap) have Linux support.
But of course as you said it's a game of trade offs. My father was using Windows years ago and because of constant service needs I set up Linux for him. It was easier for me to service it remotely. It was better, but far from perfect. Later on I bought him a new computer that had a Windows license, so with upgrade to Windows 10 I thought that it would be ok. My father wanted Linux back after a month or so. With newer distribution and newer computer it was much better than previously. Now it's pretty alright.
However I still think of something a bit more like ChromeOS. Then it would be quite maintaince free. Not Gallium, but a full distribution with same update model as ChromeOS.
If you start from a rock-solid distro, install an adequate DE and do troubleshooting the Windows way (i.e. just reinstall and restore your data from a manual backup whenever things go haywire - which they shouldn't, anyway), you can absolutely get away with not using the Linux CLI, ever. Is this a sensible way of using a computer system? Perhaps not. Is it better than just staying on Windows 10 (provided that Linux itself addresses your needs, of course)? Absolutely!
I would want to know how the software works before really trusting it. Like, I am aware since XP (NT?) Windows has had some ability to drop privileges, but I have no idea what the Windows API offers for isolation. If it were to use a solution like patching NTDLL routines in memory it would be escapable by syscalling manually, so surely that can't be it. What is the magic API they can use to sandbox and isolate IPC, files, the registry?
Sandboxie is actually still superior to this Windows Sandbox, as it allows you to continually run an app in the sandbox. In Windows Sandbox, once you close the app, your stored data, settings etc. are gone.
But yes, it's UI is horrible and might be difficult to setup (apps with incorrect setup might not even run).
Interesting. How long ago was this? I've used Sandboxie for around 10 years and in that entire time, it has always just been a matter of right-clicking the program and "Run Sandboxed", even trivially accessing the sandboxed start menu via the notification icon.
No, but I assume the Windows kernel developers are more capable of wrestling with all the nitty gritty details than Sandboxie is (though it too provides a kernel driver in order to operate, I'm sure there's a lot of similarities).
Sandboxie is a broken POS. I gave up on it a few months ago after getting tired of having to troubleshoot why another app wasn't working the way it should.
I don't think that's a fair comment to make. It's obviously not broken. I've used it myself to run games downloaded from torrents and it was fine. It also supports office installations and a whole other loaf of stuff. Whilst I agree that the UI isn't the best (at least when I used it) calling it a piece of shit without providing specifics isn't helping anyone
Only Microsoft would come up with a new security feature and then intentionally and arbitrarily limit its availability to the most expensive version of their OS.
This is the same company that thinks putting ads in the fucking file explorer is appropriate on an OS they charge hundreds and hundreds of dollars for.
The same goes for full disk encryption, it isn’t included in the cheapest edition I installed on an old laptop for my mother. Now booting with veracrypt takes 2 minutes. Needless to say I had to get her a chromebook: new laptop, easy to use, secure and for the price of one windows license. This is what will get Microsoft in the end.
This is a legitimate concern for me, but almost no part of my mother's life takes place online. She did have a mac, but lost that and there is no money for a new one. She also has an android phone, so the privacy argument applies here as well and is still very valid. Eventually I will get her on a mac or ubuntu laptop or something like that.
In terms of usability I have to tip my hat to Google. ChromeOS is very easy to use so far. Probably until chromebook vendors start adding all sorts of their own shitty tools and accounts like Huawei has done with their phones.
> Secure and inexpensive as long as you don't mind paying with your privacy.
There are obvious alternatives to ChromeOS that are just as secure and just as inexpensive (especially if you have some old hardware just laying around, or else you can just buy refurbished hardware - just about anything made in the last 10 years will do, if not more than that) - and not any less useful than a Chromebook. And they can be updated for as long as the hardware keeps going - they won't suddenly become "unsupported" after a mere five years.
Yeah, if you're technical enough, then for now you can still install and run Linux. That's probably not an option for OP's parents.
You can easily imagine that in the future hardware manufacturers will remove the ability to install a 3rd party operating system. It's already essentially impossible on a locked-down Apple iOS appliance.
Chrome wins on the mom, grandpa, etc. can easily use it... I've yet to see an OS that is less locked down that's easier to use in practice. Yes, privacy concerns. That said, it's still what I recommend for MOST people not interested in gaming.
Everybody needs disk encryption. Loose your laptop on the train or in a cafe and all your browser cookies are out in the wild.
That's just the start, people store private stuff on their computers you know. Photos, letters, bank transactions, emails, contact lists.
Microsoft choice to make this not only non-default but even a premium feature is inexcusable. I already switched to Ubuntu for this reason alone. Now my life is much easier for many other reasons as well, like Docker.
While your statement is reasonable, it's interesting seeing a Mac user complain about things being too expensive. Is it fundamentally worse to overcharge for software over the hardware?
You misunderstand me, it has nothing to do with Windows being "too expensive", the point is that you've paid for it and they still abuse your privacy and shove ads down your throat at every opportunity.
By way of comparison, I willingly and happily pay more to use Apple hardware and software specifically because that money buys me a hell of a lot more privacy, security, and functionality than the equivalent amount of money would buy me in the Microsoft / PC ecosystem.
I am not misunderstanding you. Your entire comment was centered around a perceived unfairness regarding price:
> most expensive version of their OS.
> they charge hundreds and hundreds of dollars for.
To be clear here, I'm not defending Windows. I agree with you that what they do is not constructive for their users. I'm merely pointing out it's ironic for Mac users sit on their throne and decry Windows' practices while paying significantly more for non-upgradeable Mac hardware when if you really gave a shit about security and privacy, you'd buy reasonably priced PC hardware and install a linux distro.
Last I checked, App Store is absolutely filled with advertisements that I didn't request. Why is it so significantly worse that Microsoft happens to place theirs within Explorer? I think both are rather frustrating when you already paid for the software and/or hardware.
Are you seriously trying to claim that Macs are overpriced by hundreds of dollars by trying to compare them against an ATX desktop? Or do you have some more reasonable comparison in mind of Apple and non-Apple products that actually compete in the same market segment, and where the Dell/Lenovo/HP/whatever is significantly more upgradable?
And do you have any reasonable complaints about the security and privacy of a modern Mac with the T2 chip, or are you saying that anyone who cares at all about security should run Linux and spend 30% of their time wrangling with SELinux policies?
Not a parent commenter, but I have some examples of upgradeability/repairability. Dell XPS line of laptops has upgradeable storage and screwed-in batteries. 15" variant has upgradeable RAM and wireless card. The keyboard is attached with screws instead of being permanently fixed to chassis and costs significantly less to order and replace yourself should you find a need for it. Similarly in the worst case scenario, there are replacement motherboards on eBay for $550 or sometimes less which you could again order and replace yourself (or upgrade your base CPU option with).
And both 13" and 15" Dells have a fingerprint sensor which is as snappy as Touch ID without being bundled with a thin strip of touchscreen and a $200 price hike.
That's because these laptops are designed to be serviced on-site by repairmen who are not always so bright. So I imagine, similar HP offerings are as robust.
Dell's and HP's phone support and warranty support are super awful, though, so this may be a factor for you. For me, the difference between a drink spill costing $600 (and I do it myself) on a $2500 Dell versus $1500 (and I have to lose my files/get a new system) on a $1600 MBP (both true stories) is significant and I'm not rich enough to go for latter.
I think the problem is not that windows pro costs money. The problem is that Microsoft also sells a second-class version of their OS that is really shitty.
From a pure brand perspective, the smart move for Microsoft would be to stop selling windows home.
And while they are at it rethink the "OS as a service" strategy. I don't get the often cited comment on how Microsoft transformed itself under Nutella. They just take the steps they are forced to make because a lot of developers ran to different platforms.
I think MS-software to be less attractive than any time before. Be that windows, their office suite or their cloud landscape, which mainly excels at being slow. And stronger competitors are not the reason for decisions that are mostly not consumer oriented.
I have mixed feelings on this one... tbh, I wish I could pay MS $5-10/month to nuke all the passive-agressive ads. I reluctantly do so for YouTube already.
But the subscription model for windows makes a lot of sense, I think. Leaving people on older versions is the same as selling a crippled version of your OS
It seems to me that no matter what happens two classes of users are going to be created: those that can pay for security and those that cannot. Ultimately Apple's pricing means all their users are first class - hence security as a bread-and-butter feature on their platforms. In MSFT's case they're going to have low and high cost consumers, so they segment those users into the two relevant classes.
None of this is good, for anybody involved. IT security is like vaccines, it only works if everybody's got them. This one of my biggest issues with the current "ads let us have free software" defense of the advertising craze. Ads let us segregate users based on what features they can afford not to have, and unfortunately for most laypeople it's security and privacy that's on the chopping block.
> unfortunately for most laypeople it's security and privacy that's on the chopping block.
I think this is why we need legislation: The free market obviously can't sort this out to peoples' benefit.
I have a couple Android devices I can't figure out how to update, so I'm afraid to use them for anything serious. If the author isn't responsible for writing crappy code, and I can't fix it, then where's my lemon law?
I agree, but have one nitpick - it's not that the free market can't sort this out, but that this is exactly the solution the free market is set up to organically create. Can't afford the tech? Sell your identity to marketers! That's all free market and I don't think we give the "free market" (scare quotes because we're so far from that in actuality it's painful) enough credit for creating these exact problems.
It is not a better solution to take away the freedom of people who are willing to sell their privacy. For some, it’s the only way to afford a computer.
> Ultimately Apple's pricing means all their users are first class - hence security
Yeah... Good luck running the latest version of iOS on an older iPhone. (Many are still have a 5/6 and you really don't want to update those if you value a reasonable experience and latency.)
iOS 12 runs on everything through the 5S, and notably improved performance over iOS 10/11 on the same devices. [1] is a bunch of benchmarks from back in the beta period.
My kid has it on a 6, and it's legitimately good performance there.
Good luck getting the latest Android onto a 5 year old handset without jumping through some non-trivial hoops.
I'm not speaking hypothetically, but from experience. I have a 4 year old 200gbp Android phone running Pie, took 10 minutes.
I also have an iPhone 8, this is an Ok phone but is a worse experience than the 4 year old Android phone. Despite the cost being much higher, the screen is worse quality, for instance.
My partner has a 6 and it is remarkably slower than both. To the point where you sometimes just want to give up on whatever you were trying to do while waiting for a map or Spotify to load.
Maybe your experience is different to ours, but I'm only reporting what I see from using all 3.
> I'm not speaking hypothetically, but from experience. I have a 4 year old 200gbp Android phone running Pie, took 10 minutes.
You're lying. Installing a custom third-party Android ROM is way more than a 10 minute process, your OnePlus X is barely more than 3 years old, and there's a huge difference between a random OS image you downloaded from a forum online and manufacturer-supported OS updates for a 5 year old phone.
At the risk of wading into the iPhone vs Android battle...:
iPhone 8 vs Nexus 6 from 2014, back when Google marketed that series as reasonable Dev devices, not necessarily flagships.
326 ppi vs 493 ppi
750 x 1334 pixels vs 1440 x 2560 pixels
IPS LCD vs AMOLED
Somewhere there is a tongue in cheek meme comparing a sister phone, the Nexus 4, from 2012 against a 2016(?) iPhone and it's quite interesting how many features the Android phones had and were mildly credited for that when copied to iPhone were /world changers!!1/
Granted, Android phone manufacturers have wised up and besides things like the Nokia 6.1 you can't really get a good mid-range Android phone any more... it's mostly clustered around either the humble Moto E or the Note 9 price points.
>Yeah... Good luck running the latest version of iOS on an older iPhone. (Many are still have a 5/6 and you really don't want to update those if you value a reasonable experience and latency.)
Spoken like someone who's never actually used a 5 or 6 running iOS 12.
I have a couple Android devices and I can't get them to update at all. I'm sure there's some kind of solution, but my time is really valuable to me: If all I have to do is spend £1k every four years (£20 a month) to not worry about this, it's a done deal.
I imagine that people who buy a Mac, want to have a Mac and it's their choice to pay. Maybe I am wrong. But people who buy a PC, have no choice but pay the Microsoft tax for the pre-installed Windows on it.
So, yes, it is reasonable to be angry when they put advertisement on the hardware that you paid on the OS that you paid together with the hardware. It is creepy, and belittling too.
Luckily IT professionals have yet the choice to install something else. Let's see how long it takes until we have no choice what software is allowed to run on devices that we buy.
I totally agree, Apple's markup on products must be astronomically high.
Am I the only one who doesn't see where the roughly $1000 price gap between the Honor Play and the newest(?) iPhone XS Max?. Their brand is really not worth that much to me anyhow.
"iPhone: About 1250 EUR, Honor Play: About 320 EUR" [1]
It also has that blank area at the bottom, whereas Apple had to basically invent some insane hardware gymnastics to not have that on theirs. The iPhone X screen bends around backwards at the base.
The 'chin' on newer Android phones is pretty thin anyway. And with gesture navigation becoming more common (see the newest Pie version, but plenty of OEMs offered gesture navigation before), starting the gesture from the "chin" (outside the touch area) is a nice convenience. The newer iPhones have that horizontal line at the bottom anyway, so it's not even clear what the cleanest design is.
Yeah I actually don't mind it at all. Just saying there's extra hardware (and R&D) expense in doing it Apple's way, in terms of the production cost of those two phones.
I paid 0 EUR for Linux. My school works with Windows stuff and Microsoft doesn't even provide us with free keys. It's ridiculous. Let's just keep all school stuff open source.
Those are digital (unused) licenses, that although can't technically be resold, they "can" be in Europe as they contradict a ruling made in 2012 (I don't have time to dig the link up, unfortunately).
Those cheap licenses are always used. They exploit the fact that these can be used to activate ~10 copies of Windows. It's even worse than that though. One seller could keep track of this limit, but what happens is that a bunch of sellers source their keys from other similar sellers. So they don't even know how many times a key has been used.
Last time I bought one of these 15€ keys for a friend, I had to write to the customer support over 10 times and shuffle through at least 6 different keys until one actually worked.
To be fair they aren't necessarily unused. I made the mistake of buying one once and had to jump through a lot of hoops to get Microsoft to activate it. I'm still not sure that it was entirely legal, if I'm honest.
Last time I tried a (legitimately owned) Windows 7 Ultimate key (around 6 months ago?) it still happily activated Windows 10 despite no longer being "officially" supported.
Actually, I think it would be hard to find an enterprise software vendor who wouldn’t want to include extra functionality in their premium SKUs as a way to further differentiate them and encourage up-sell.
Extra functionality yes, but not a security feature. I'd understand making WSL or PowerShell a >= Pro feature, but something that is designed to secure users from malicious applications. That should be included with even the lowest SKU that can run win32 (its sad that this last qualifier is even required).
That's OK when you put enterprise features in enterprise versions. A regular user doesn't need to be able to run SharePoint, but they might want to get proper sandboxing of regular software.
On this note, because of the lack of virtualization support in Windows Home, in my small business we're encouraging everyone to get rid of Windows both at home and in the office. They've intentionally crippled Windows Home in a way which impacts us -- we want to support devs doing work from home or on their own hardware. But when their OS can't run Docker, that gets harder. No way we're going to buy Pro licenses for people's home machines just because Microsoft decided to flip a bit in their build scripts and suck even more blood.
Isn’t this basically a virtual machine, though? I don’t see anything special that you’d need a more expensive version of Windows for. This should be using your processor’s virtualization capabilities, right?
Agreed. Every time somebody complains about Microsoft doing business shrewdly and increasing their value to customers, I think "This is wht Linux never captured the desktop."
It is basically a virtual machine but note from the article:
- "One of the key enhancements we have made for Windows Sandbox is the ability to use a copy of the Windows 10 installed on your computer, instead of downloading a new VHD image as you would have to do with an ordinary virtual machine."
- "we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”"
- "More recently, Microsoft has worked with our graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows." (Note: it also works with OpenGL nowadays too)
Maybe you can achieve your workflow needs from Home + free 3rd party virtualization software but if you don't see anything special I'd recommend reading the article more carefully.
My perception with stuff like this has always been. Microsoft testing it out in the environment it's going to be used, and with expert supervision. Then after a couple of versions, normal users can get a solid version. I have seen this happen with Visual Studio and resounding tools.
They'd probably have to raise the price of their cheaper versions if they didn't do this. Seems like a good compromise for the consumer to me. Offset the cost of all of the fancy tech most people won't want or use to those willing to pay more and potentially use it.
So right... this is clearly a "PRO" feature. For normal users the by far better solution is still: Do not install any EXE from unknown sources. Or even better: Do not install anything new in the first place.
Not that I disagree with what you're saying per se, since it really is the simplest option, but as technologists we really need to get over this idea that people shouldn't be allowed to actually use a computer to do computer stuff. Mobile OSs got it pretty close to right: self-contained applications that are sandboxed by default. We need to embrace that concept in personal desktop computers, only without the stupid store (and that includes a package manager) and with complete disk portability of the applications. Basically, the way desktop computer OSs worked in the 90s, only with sandboxing by default.
While they sell this as something that protects against downloaded malware, I think this is going to be used a lot in software testing. We have lots of manual tests of desktop software that neads clean environments which is painful when e.g. comparing several versions side by side etc. This is great compared to running multiple full VM's side by side.
> "Only Microsoft would come up with a new security feature and then intentionally and arbitrarily limit its availability to the most expensive version of their OS."
What's your point? How is that not a reasonable business model?
Charge more for enterprise features by all means, but if basic security concepts are something you feel the need to charge for, your priorities are fucked up.
It's hardly basic. It might seem so for you or - in general - people who frequent hn, but you'd have to spend a lot of time explaining why it's good to an average person running windows home.
There are a lot of basic, in the sense of foundational, things that are not basic, in the sense of easy to understand. I think "basic security feature" was meant in the former sense.
I wouldn’t worry because it won’t work anyway so you’re not losing anything. When they introduced Virtual Secure Mode in windows 10 with big fanfare, there was a CVE that followed almost immediately.
The case in point is it’s putting lipstick on a pig at this point. Every change that is made comes with another security or friction factor. Every problem solved creates two more.
They need to stop adding shit to it and fix what is already there.
>this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
Swing and a miss. It's interesting how Microsoft will force their slow AV onto every win10 home edition device, yet won't give actual tools users can protect themselves with.
"S Mode" (as opposed to Windows S which was briefly a separate SKU) in current builds of Windows 10 (Home/Pro/Enterprise) is now arbitrarily admin activatable/deactivatable. As your father's admin (assumedly in this example) you deactivate S Mode, install all the old apps, then reactivate S Mode. Your father still gets access to the old apps, and can install new apps from the Windows Store [1] without your involvement as admin. You just have switch it out of S Mode if your father finds another old CD or floppy behind the couch to (re-)install.
[1] I don't recall if S Mode currently allows sideloading non-Store but code-signed APPX/MSIX packages. I think it is supposed to? But I think my confusion is that it may differ (at least currently) between Windows Home in S Mode and Windows Enterprise in S Mode.
Most people who use Windows are not paying for Pro. That includes the 'power users'. This is a feature that has to be enabled, having it in Home does 0 damage, yet gives the ability for those who don't have Pro to protect themselves.
Seriously, AV is pointless software. It will false-positive often, it will false-negative slightly less often, and it will introduce a performance degradation 100% of the time regardless. It is a bad solution to the problem of malware.
I - and I'm quite sure it's common practice - have been doing something similar using VMware, desktop integration and shared folders.
It's nothing close to a native integration but it does the work - and I've been able to render 3D applications pretty well (not at a professional level of course).
I've been wondering for a while what was preventing a virtual machine editor to step ahead in integration and let you run the hosts' applications in a safe, virtualized environment - I've had thoughts mixing a sort of overlayfs (no idea if that exists on Windows), RAM isolation, and chroot-like (again, no idea if that exists on Windows but there must be something similar, right?)
Anyway, I'm really happy to see Microsoft stepping ahead. Most programs downloaded online are simply unsafe - sometimes just for privacy reasons! - and I often don't feel comfortable running them on my bare metal OS (not even talking of cracked software).
When I first got back on using Windows after a long time on OSX then Linux (I'm not happy with recent Apple hardware, I'm missing a whole lot of entertainment/creation applications on Linux), I assumed Hyper-V would be the best option to have a reliable, built-in hypervisor on my system. I was wrong.
My goal was to setup 2 VMs: Linux CLI only do development, Windows 10 for untrusted software. It worked but the graphics integration of the windows VM sucked, and the Linux VM was extremely unreliable - I can't recall exactly what happened but crashes were common, especially in situations like sleep resume, drivers updates etc.
I would like to finish this informative comment with a hope that this new "sandbox" feature fixes most of the problems I used to experience with hyper-V. I would also love to see the others - VMware and virtualbox - to implement such feature. Hopefully, this could bump the use of virtual machines at a personal level (agreeing on dman comment to, please!, make it a standard feature) and see better performances and painless integration in the future.
I think enabling this for Windows Home users would potentially turn into a bit of a support nightmare. The requirements for Sandbox include turning virtualization on in BIOS, it also recommends 8GB of RAM and 4 CPU cores with hyperthreading. Correct me if I'm wrong but most consumer laptops and desktops probably don't have a virtualization option in the BIOS and only a small percentage use 4 cores with hyperthreading. So it either won't work for a lot of Home users or even if it did run, performance wouldn't be great.
> most consumer laptops and desktops probably don't have a virtualization option in the BIOS
I haven't seen a single amd64 machine without a virtualization option (except Macs, which don't have a Setup menu in the firmware, but they have virtualization always enabled)
Did Microsoft fix the issue that when Windows virtualization is enabled then VirtualBox VMs do not run [0]? Better they focus some of their resources to fix that first.
If not yet, then Windows Sandbox it is a less useful feature that it may seem, because we have to choose between Windows Virtualization and VirtualBox VM snapshots all the time.
First thought: I'd love to be able to ship an app w/ this enabled by default (i.e. it's an ephemeral app w/ no local data storage).
Second thought: I'd love to pause this snapshot and resume it. Too many apps store preferences that you don't want to reconfigure just because you want isolation from the rest of the system each execution.
Third thought: Instead of always-dispose-on-app-close, I would like to namespace/cgroups-style it instead. This is how I would expect the Chrome equivalent of FF's "containers" would be built (I know I can --user-data-dir which is similar).
Ok, we're taking bets on what the first sandbox-escaping attack will target. My money is on a privilege escalation based on this gem:
> Our solution is to construct what we refer to as “dynamic base image”: an operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host. The majority of the files are links (immutable files) and that's why the small size (~100MB) for a full operating system.
Can the app detect if it's in the sandbox? If so, then it could just behave differently in the sandbox and then when used outside behave another way. I think the Linux systemd folks have the right idea with just running processes in their own cgroup regardless, this thing where programs go mucking around with stuff all over the place should be relegated to the past at this point.
It is stated that "every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows", so it seems that such an app could simply look for the presence of any non-bundled software or any non-default settings to get a rough idea.
I'm not going to try to parse and decode that, but it's mostly unnecessary and my security software thinks it's an XSS attack (a false positive, I would guess). This link works:
As much as hyper-v. Without sounding disparaging (because this is really cool), its just a one-click application-on-windows-on-hyper-v. So all the pros and cons come with it.
Yeah, I assumed that "sandbox" implied some smarter isolation technique closer to eg Linux namespaces instead of just app-v in a new shiny packaging. Nothing new for the malware-analysis use-case.
This is great! I was waiting for something like this for a while. Can't wait to try it out.
Now we need the same for Android and iPhone, so we can run our apps in true isolation. I dont want apps to be anywhere near my actual data and contact information on the phone. Just mimic some fake contacts or whatever for majority of apps.
I wish they would have added the option to have the data persist. I have a bunch of software that I run only a few times per year, but I don't want to go through the hassle of re-installing it every time I need to run it. It would have been so much more useful if the data could persist.
Ordinary VM takes several GB of storage to store the whole guest OS. A docker image is only as big as the delta inside it and you can easily persist data outside of it with docker volumes.
I could but I won't. What keeps me on VMware if that I can easily expand the vm to use 1 or more monitors. I am not sure if hyperv handles resizing of the window as smooth as VMware the adjust the display settings in the client. Last time i checked hyperv (rdp) just gave me scrollbars. It is probably antitrust concerns that is the reason why Microsoft never has improved the RDP client.
I haven't used HyperV in a while. I rarely connected to VMs via the hyperv console, just for installations or cases where windows wasn't booting properly. I use MSTSC (MS Terminal Services Client). That has supported multimonitor for the 12 or so years I've used it.
Yes, it does support multi monitor no problem. VMware has a couple of buttons in the tools bar that allows you to go from using 1 monitor to 2 or 3. It then adjust the screen resolution inside the guest vm and of course you can go back to one monitor. I believe MSTSC reguires you to start it with a switch /span or something and then you need to close the RDP window and launch it again if you want to add / remove monitors.
I'm trying to think when exactly the GUI was updated. I think somewhere around Vista. You can just check "use all my monitors for the remote session" in the Display tab.
I'll admit that with a triple-monitor setup, I've sometimes wanted to remote in with only a dual-screen setup. So it wasn't perfect for me. It certainly did fine for my 95% use-cases. Having to reconnect to adjust desktop size just was never a big deal for me.
Maybe adjusting sizes is more of an issue for people today. If I was using a laptop and constantly docking/disconnecting external monitors with a large number of active connections, it'd annoy me to have to completely reconnect each time.
For some reason with the 1809 version of Windows, I've been able to run both Hyper-V and VMWare Workstation simultaneously. Never was able to do that before.
I don’t build the VMs myself, they’re created as part of a CI pipeline. I once tried converting the VMs to VirtualBox while I was waiting for the VMware license—didn’t work.
But maybe it’ll work with 1809, who knows. Don’t have it yet.
In case that wasn’t sarcasm: you probably don’t want to run your browser in this, since it already has a sandbox and you’ll have a measurable performance penalty by running in a virtual machine.
It wasn't sarcasm, although I don't know if it would become my daily driver either.
Performance is a non-issue for me, generally the browser performance is limited by pages waiting for ad networks to serve up ads. A pi-hole helps (and running in a VM/Sandbox lets you run the filtering DNS server as a local process pretty easily.
Lack of local data persistence is similarly a non-issue as the reason for running this way is to drop tracking cookies etc that fall out of a browsing session like leaves on an autumn day.
If it had some built in way to defeat the dozen other ways in which a browser can be fingerprinted, then it would be perfect.
Just a simple way to avoid the ad trackers and keep my actual stuff safe from the evil doers on the web.
The performance penalty for running your browser in a hardware assisted VM with a virtual GPU is much smaller than you may initial think. I do it regularly and doubt most people would even noticed if you didn't tell them to look for it.
"In case that wasn’t sarcasm: you probably don’t want to run your browser in this, since it already has a sandbox and you’ll have a measurable performance penalty by running in a virtual machine."
Actually, what I do want to do more than anything in this sphere is run browsers in a VM. The account containers in firefox is not enough.
This would work without performance penalty if you could chroot jail a gui application. There's almost no overhead in a jail - it's not a full blown VM, just a different chroot.
... but of course that's not a fit for OSX, which has no Xserver and blah blah quartz blah blah major spaghetti to get that working. Also OSX does not have 'jail'.
It would have been very useful to have something that support persistence(you can install a program in isolation and use it over time). This does not support that.
Are there any good alternatives, that do support persistence ?
In addition to the use-case of running untrusted applications safely, I think these light weight and ephemeral execution environments would be amazing for continuous integration as well!
> Additionally, since Windows Sandbox is basically running the same operating system image as the host we also allow Windows sandbox to use the same physical memory pages as the host for operating system binaries via a technology we refer to as “direct map”.
> In other words, the same executable pages of ntdll, are mapped into the sandbox as that on the host.
> We take care to ensure this done in a secure manner and no secrets are shared.
I would really like to see that last point elaborated. They claim it's completely separated from the host, yet they say it maps to the same physical memory, yet somehow it's done securely.
Microsoft actually has this nifty thing meant for IT admins called App-V, that allows you to create immutable application packages that execute in an isolated environment where changes made to the local system default to copy-on-write and are redirected to a centralized location (including both filesystem changes and registry changes).
It's actually been integrated into Windows 10 Enterprise edition for quite a while now, and I personally use it to package up a lot of the apps I use on a daily basis, delivering the packages through a network drive and synchronizing the centralized state store with Syncthing for mostly seamless cross-device roaming. (You can download the App-V Sequencer from the Windows 10 ADK to package some apps to try it out for yourself, if you happen to have a copy of Windows 10 Enterprise: https://docs.microsoft.com/en-us/windows-hardware/get-starte...)
This actually works fairly well for most apps, but unfortunately the isolation isn't perfect, and some apps for inexplicable reasons manage to get around the App-V sandbox and read/write to the local filesystem directly (Especially apps that have some kind of licensing mechanism, where licensing state can't be properly isolated and synchronized. Though you could definitely argue that's the licensing mechanism working as intended, in my view it still represents a technical failure on the part of the sandbox that this can happen), forcing me to install them locally instead of keeping them as isolated App-V packages.
I was hoping this would basically be App-V but with better isolation through the lightweight virtualization layer they built for windows containers (and with less restrictive licensing. Seeing lots of valid criticism on licensing here, but from where I stand, Pro and above is still much more accessible than App-V's Enterprise-only), but looks like they can't quite serve the same use cases just yet.
App-V isolates state changes, but those isolated state changes are persisted on disk, so when properly configured, you can use an app across multiple sessions, closing and reopening at will without losing state, as if it was locally installed.
Sandbox also isolates state changes, but those state changes seem to be ephemeral and will be discarded upon closing the app. This means it's only useful for running apps that are mostly stateless or for experimenting with untrusted apps. There's nothing wrong with serving those use cases, but to someone who's been feeling the pain from App-V's poor isolation, and someone who's been watching immutable application ecosystems like Nix, Guix, Flatpak, Snaps, etc, flourish in the Linux world, it does seem like a missed opportunity. Definitely hoping they're planning to extend it to also support the same use cases as App-V in the future.
I was excited by the premise, but the execution is all wrong. What I had hoped to see was a webbrowser based sandbox environment, that I could quickly access from my mac (or windows for that matter) to achieve the same results.
The current execution is nuts and doesn’t make any sense.
AMD64 = x64 = x86_64 = common names used to describe the 64-bit x86 instruction set that both Intel and AMD CPUs support. It was just first designed by AMD.
Firejail is based on the same type of tech as containers, namely process restrictions that you can activate on a per namespace basis. The MS sandbox is a separate VM with its own sandboxed kernel, which sounds like stronger isolation on the face of it.
You are right but I stand my point, the main functionality (isolation) is the same. One may indeed prefer a stronger isolation and be ready to accept a larger memory footprint, less easy ways to fine-tune isolation in order to let the isolated software access to some system-wide resources...
Some games physics engines break down once you go past a high enough framerate, such as the fallout games a performance hit would likely keep you below the 125 fps where it begins to break
You can say you get the same result, yes. However this does it in a very different way. It's linking to the host OS's OS. It's not a VHD with a separate windows installation. That makes it quite a bit more lightweight. You don't have to patch it separately, etc. When installed, the sandbox image is only 100mb, mostly immutable links to host OS files.
I agree, it is not the same sandbox as for example, browser sandboxes which restrict capabilities for multiple tabs to a given set of resources. However, its closer to KVM or Docker than to VirtualBox. The host and the 'guest' appear to be much more tightly integrated than in a full virtualized environment.
All vm's are sandboxes I suppose. The interesting difference between this and a normal VM is that the files are shared so that it's not using the space of a full VM.
Sure, I just don't think they should advertise this as such because it's nothing more then a VM. It's not some new windows feature, you could do this same thing since Windows 8.1 using hyper-V or since windows XP using something like Virtualbox.
A proper sandbox would be if you could run a program in the same operating system with an isolated execution environment, similar to how sandboxie does it.
I see some people are really annoyed that it isn't available for the Home version and I too am somewhat annoyed but in this case it is somewhat understandable since it depends on a feature that is (somewhat more reasonable) limited to Pro versions.
The thing that annoys me more (hi MS guys, feel free to tell the relevant people about this) is how they have started to add ads to the login screen and my start menu - even in the Pro version!
I'm on KDE now so I cannot verify this since the last few months, and probably shouldn't care but given that MS has become a lot nicer in a lot of areas it really should bug developers and PR people there that PMs or bean counters (sorry to all good accountants and PMs out there) are allowed to destroy all the work you put into making people love you.
Edit: minor edits for readability, clarification