1. GJSman's Avatar
    I had an odd idea for Microsoft last night - and I know, this isn't exactly the Feedback Hub, though this is a little long for that, though I decided not to include it in my "Suggestions for the Windows Store" thread. My idea was this:

    Win32 apps when they come from the Windows Store are sandboxed. They run with a fake/redirected Registry area, and files they leave are cleaned up.

    Currently, when Win32 programs are converted, they must go through the big "Desktop App Converter". But what does the Desktop App Converter actually do? It installs the app inside a VM (using Hyper-V), records the files it makes, and then creates an AppX from those changes.

    My idea is, what if, instead of running Win32 programs through the "Desktop App Converter" and such, Win32 programs were sandboxed by the operating system by default?

    Here is how it would work:
    1) Every time a Win32 program is installed, the OS makes a list of every file "setup.exe" or "setup.msi" or other setup program creates. It would hook into the area of Windows responsible for creating files for a process, and actually generate a secure list of things "setup.exe" makes.

    E.g. "setup.exe" creates in folder "Program Files\myWin32app"
    - - myapp.exe
    - - thing.exe
    - - mydll.exe

    2) When a program is launched, Windows finds the "Program Files" folder it is running from, and sets it up so every .exe in that folder runs in the same sandbox (so "thing.exe" runs in the same sandbox as "myapp.exe"). Technically, it isn't a sandbox per se, but a fake registry. Instead of passing the real registry, it passes the fake registry which only .exe-s in that folder can see.

    3) Windows would have a setting to un-sandbox an app if the user wants, and Microsoft would maintain a list of programs that can't run in the sandbox (or the software developer requests it to be turned off). Apps on this list run unsandboxed by default. If a program fails to launch, Windows will automatically try again with the sandbox turned off.


    So, I am asking the people here: Would this remotely work or be a good idea?
    TechFreak1 likes this.
    12-22-2017 11:51 AM
  2. TechFreak1's Avatar
    It's a neat idea and there is an application called sandboxie, that can run applications within a sandbox but the security of the container created by Sandboxie is questionable.

    There is one critical factor in play here, how well would the proposed sandbox environment for Win32 apps work in the emulation environment on Windows on ARM devices?

    Or perhaps they have added a sandbox layer within the emulation environment, unfortunately we will need wait until we get indepth reviews of Windows 10 on ARM (10 Pro not 10S) running on a consumer accessible device.
    GJSman likes this.
    12-23-2017 02:01 PM

Similar Threads

  1. Microsoft Lumia 950 XL Auto Switchoff- Darwin Horan
    By darwinhoran in forum Microsoft Lumia 950 XL
    Replies: 4
    Last Post: 01-10-2018, 08:38 PM
  2. Microsoft discounts popular Xbox One titles possibly for The Game Awards 2017
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 12-06-2017, 11:30 PM
  3. Replies: 2
    Last Post: 12-05-2017, 08:33 AM
  4. Replies: 1
    Last Post: 12-02-2017, 07:19 PM
  5. How to find the best possible laptop on any budget
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 11-29-2017, 10:10 AM