What is “sandboxing?”

Here’s a 21st century dilemma. You want to check out a web site or install an app, but you’re simply afraid. Your IT department at work has drilled into your head how easy it is for “bad actors” to take down whole companies. Maybe you’ve even read stories about how hospitals, school districts, and other organizations were brought down just because someone went to a link they shouldn’t have.

It’s not all about “that”

Before I go further, let’s be honest here. Yes, there are a lot of sites you shouldn’t be visiting using your work PC. An IT director who’s smart will try to block that sort of thing. But, it’s not all about “that.” I have a lot of cases where I need to go to web sites in other countries to research products. I test out software sometimes. And I’m not alone in this. We all have very legitimate, “non-adult” reasons for doing things like that. But yes, it can be scary. Luckily there are some ways to limit the exposure. One of them is “sandboxing,” but before I get to that, I’ll talk about another.

The expensive option: another device, another network

You can get a Chromebook for easily under $200. You can get an access point that lets you set up a guest network for under $100, if your router doesn’t allow you to do that. While you’re at it, get a debit VISA card and put $100 on it.

With all that stuff in place, set up a guest network that can’t see the rest of your home or office network. Then, set up the Chromebook with a throwaway Gmail address. Make sure you DON’T load your office’s credentials or VPN on it. This is about as safe as you are going to be.

It’s not going to let you install software, but it is going to let you go to the weird corners of the web if you want to. If installing stuff is on the agenda for you, for under $300 you can get a cheap PC, either a new underpowered one or an off-lease laptop, and this will give you that ability. It won’t be perfect, but it will be pretty safe.

A better option: sandboxing

“Sandboxing” is the process of creating a separate process in your computer that is unrelated to the main one. Modern computers have the ability to run multiple operating systems at the same time, with each having its own access to memory. When you create a second version of Windows, it can’t really interact with your computer except in a very limited way. This means you can install software, surf weird web sites, etc, and you’ll be pretty darn safe. If you end up going to the wrong place, you just “shut down” that special version of Windows and go on about your business.

The best part is that this capability is built into Windows 10 and Windows 11. They call it Windows Sandbox. It will run on most computers with higher-end processors. Your computer won’t even let you install it if it won’t work, so it’s pretty painless to try.

How to enable Windows Sandbox

First, press the Start button, either by clicking on the icon on screen or by using the Windows button on your keyboard. Type “turn windows features” and your computer will suggest the option to “Turn Windows features on or off.” This will bring up a menu like this one:

It’s an alphabetical list. Look for “Windows Sandbox” and if it’s there, check it and click OK. You’ll be prompted to restart your computer.

Once you’ve restarted, you’ll find Windows Sandbox as one of your apps, listed alphabetically.

You can either go to “all apps” and scroll, or start typing the word “sandbox” and it will appear.

When you run Windows Sandbox, you’ll get a window that looks like a completely different PC running Windows. You can install software, surf the web, whatever, with no fear of affecting the computer at large. You can cut and paste things into the Sandbox and out of it, but that’s the extent to which the Sandbox can communicate with your computer. If things go sideways, click the red X at the upper right and just close it.

The next time you open up Sandbox, you’ll get another fresh PC, with no sign of anything you did before. It’s very freeing, really. I do think it would be neat if you could save different Sandboxes, but there isn’t. If you want that functionality you need to upgrade to something like VMWare Player that lets you install multiple operating systems. That’s not exactly cheap.

Safety is your responsibility

I hate to agree with the IT department, but computer safety starts with you. Be careful where you go and what you do. Using a tool like Sandbox gives you an added layer of security, but the most important thing is that you use common sense when you’re interacting with the outside world. The second most important thing is, of course, that you shop at Solid Signal when you need anything to make your digital life better.

About the Author

Stuart Sweet
Stuart Sweet is the editor-in-chief of The Solid Signal Blog and a "master plumber" at Signal Group, LLC. He is the author of over 8,000 articles and longform tutorials including many posted here. Reach him by clicking on "Contact the Editor" at the bottom of this page.