This looks good!

The users will be able to create a sandbox, basically a seperate Kernel for running a lightweight Windows Sandbox using Hypervisor for running/testing .exe files.

https://theverge.com/2018/12/...

Really hoping we get the ability to dynamically allow access to things like Fisk usage, internet access and the like with this, would be a testing dream!

@lxmcf Since it's built over the Windows Container tech, I guess we're in luck.
Still need to read about it in more detail though..!

<sarcasm>
Yay! Because viruses dosent have any ability to check if they run in a sandboxed mode!
</sarcasm>

(check wannacry)
(the killswitch was designed to be a sandbox detection shit but it crashed it instead...)

@Gregozor2121 Well, I do not know a lot about the subject. But can a malicious sw running in a VM easily attack the host machine?

@DangerousDev not easily, but there are some that can break out of a vm. the problem is you test it in sandbox, it detects its running in one so doesnt do anything harmful, you think its safe so start it on your machine and bam you are fucked.

however if it cant break out of vms it safer to just use it in a vm even if it doesnt do nasty things there

but you know people, more of them will do the first scenario than should

Hmm... So it can still mine cryptocoins, do shit on the net, phone home and possibly access user data, but can't persist itself anymore? Nice, persistence always WAS the largest threat malware had to offer.

Sure... Microsoft wants Windows to be the only malware on your computer, right?

@ilPinguino Sort of.. But since it's HW virtualization with a separate kernel, there's very little scope of any other threat if the user is well informed (the feature is for power users anyways). And regarding accessing user data, it don't quite understand how that could happen in this case.

Plus, personally I feel this is great for testing stuff because I don't need a full blown VM anymore, this stuff is extremely lightweight!

PS: I don't really get the logic behind calling windows a malware... Was that a joke? Am I supposed to laugh ? 😛

@DangerousDev

It's for power users? So the main target group for "Just download this and execute it, it's no virus, pinkie promise!" isn't even using this feature? But still, saves me the trouble of setting up a VM, so I guess it's okay...

As for the malware joke... That's a Richard Stallman reference. I'm not gonna tell you how to feel about it, feel free to laugh, cry, be angry, disappointed or print my comment and use it as toilet paper.

@ilPinguino Yeah tbis this feature is not meant for the "Pinkie Promise folks".. Also themis feature is exclusive to Windows 10 Pro, Enterprise and Education so the target audience is quite clear.
Common folks won't understand the importance of sandbox anyways 🤷‍♂️

but can it contain ALL THE MALWARE?!?!?!?!

Nice job including the screenshot of the preview! That made me actually want to read it! Lol

@riekena In case you need more details
https://techcommunity.microsoft.com/...

Works only on Windows pro .. 😑

@DangerousDev thanks, I realize that my comment could have come off as sarcastic. I was seriously glad you added the image. I wish DevRant provided url previews. I actually copied your link and shared it with my team on slack!

This is cool

@DangerousDev breakout.mp4

It's a Microsoft program, it'll happen.

I'll bet there will be breakout vulnerabilities found within two weeks of release.

@PrivateGER Well you certainly are an optimistic lad!