Paul wrote:
VanguardLH wrote:
All in all, not much lure to the 1903 update. I was interested in the
Sandbox feature but only Pro and Enterprise edition users get that.
You are likely to need SLAT/EPT support in hardware for that Sandbox
as well. Just a guess.
That hardware feature is more common in 2019 than it was four years
ago.
The only BIOS requirement that I saw was the hardware-assisted
virtualization. Boxes have had that for quite awhile now. To check,
run systeminfo.exe and look at the "Hyper-V Requirements" section. Mine
are all marked Yes.
I've seen SLAT described since 2014, maybe earlier, so it seems
something that would be available in newer boxes. While my builds are
geared to 6-8 year survival period, most users replace them a lot
sooner, like after 4 years. Since 2014, most users even interested in
virtual machines, sandboxes, or virtualized drives would have already
replaced their desktop PCs. I had an Intel Core Duo for 8 years and
just recently replaced it with an Intel i7-8000 (non-T, so not over-
clockable which I don't do, anyway).
While possible, I didn't see the 1903 sandbox stating a requirement for
AMD's SLAT (or Intel's EPT), just for hardware-assisted virtualization
(which SLAT is usually included as part of that feature). SLAT showed
up in AMD's 3rd generation Opteron introduced in September 2007 and in
Intel's i3/i5/i7 Nehalem in November 2008. The CPUs had SLAT for over
10 years. Yes, it would take time for pre-built models to show up with
those CPUs, but I doubt it took more than a couple years.
I have just one computer with SLAT. I could test
that, but have no plan to try it. I'm not a big
fan of sandbox this and sandbox that. Usually these
things affect how the program works, and restrict
how you can get work done.
Although they call it a sandbox, it is far more like a virtual drive,
similar to how Returnil System Safe, Timewiz Time Machine, and other
virtual drive schemes (changes to the drive go to the virtual drive, a
reboot discards the virtual drive, so all those changes vaporize). Not
everyone wants the overhead, slowness of emulating all hardware (except
the CPU), using pass-through drivers, and the more complicated config of
using virtual machines, and why virtualized drives are a much lighter
solution. Some virtualing drive schemes allow for snapshots, but not
the one from Microsoft. Most virtualizing drive schemes require a
reboot to discard the virtual drive and all the drive changes (which
included registry changes since those are kept in files) that got
redirected to it. Looks like all you have to do with Microsoft's
"sandbox" is close it. As with virtual drive and virtual machine
schemes, the user must get involved in loading the virtual drive/machine
and later closing it or rebooting the OS. It isn't automatic as with
some sandboxes (e.g., Sandboxie or Comodo's Firewall Defense+ sandbox)
where you can list which processes get automatically sandboxed.
https://www.howtogeek.com/399153/win...always-wanted/
The worry about "Russian dolls" technologies, is how do you debug them
when there is a problem ? Process Monitor probably cannot trace the
execution of something which is inside a sandbox.
Why wouldn't you run Process Monitor inside the sandbox just like you
would with a virtualized drive or virtual machine? Back when I got
curious about Sandboxie, yep, you had to run multiple programs within
the same sandbox to ensure they cooperated within that environment. I
would expect that a process outside of the sandbox or virtual machine
couldn't look inside the sandbox or virtual machine, just like the
opposite isn't allowed which is what provides the security of isolation.
By the way, I have found articles that describe how to get the 1903
sandbox feature installed and usable inside the Home edition of Win10.
However, at this point, there's very little "pull" in the 1903 update
for me to bother with it. It's in my To Do list but with low priority.