What is a Sandbox Environment? Explanation + Tools Alternative

Sandbox in software development? No idea!

I’ll introduce you to the sandbox in this post.

Practical tutorial on how to create and use a sandbox.

What is a Sandbox?

A sandbox is an isolated area in a computer. Any data processing within the sandbox has no effect on the external system. A sandbox is used for protected testing of software.

Application of Sandboxes

In addition to testing software, developers use sandboxes for …

• … testing self-programmed software
• … checking programmes for malware properties
• … running different operating systems in parallel
• … ensuring the stability of a system landscape (Kubernetes)
• … avoiding damage to the main system
• … separating the work environment (Office) and development environment (programming)
• … the use of operating system-exclusive applications: Office only runs on Mac and Windows – on Linux only to a limited extent, macOS claims Final Cut Pro and Xcode for itself, Docker only works “well” on Linux…

How Large Software Companies use Sandboxes

Imagine you have a powerful streaming server in your basement for all your cat videos.

This serves 10,000 clients in parallel. 1 client (hacker Mr. Heino) sends an unusually shaped request that crashes the server. The streaming connection is cancelled for the other 9,999 clients L.

You try to get the server back online. It takes 5 minutes to boot up with all the necessary programmes. The 9,999 users complain to you with nasty e-mails …

What happens if you only use 1 server per client? If the hacker brings down his server, the other servers remain untouched. Instead of setting up 10,000 physical servers, the admins use 10,000 sandboxes running on one large physical server. The Kubernetes programme can manage 1000 sandboxes.

Sandbox – Pros + Cons

Why do I need a sandbox? Here are a few reasons for and against:

Advantages – Reasons to use a Sandbox

• If you destroy the operating system during testing, you can replace the sandbox (in just a few minutes).
• You don’t have to risk the other user data on the test computer because the sandbox has been allocated a separate hard disc space and main memory area.
• Test your software with different versions of an operating system to test up and down compatibility (Windows XP, Windows 7, Windows 10 etc.)

Disadvantages – Sandboxes are NOT a Universal Solution

• Setup without a sandbox file can take longer
• The backup files of a sandbox are large (a Linux with a development environment corresponds to 30 GB for me)
• Sandboxes are only suitable for high-performance machines because they run the guest and host operating systems simultaneously. Your computer needs at least 8 GB of main memory (RAM) and at least 50 GB of free hard drive space (preferably SSD).
• Stopping a virtual machine while a process is running takes a long time because the main memory writes its entire contents to the hard drive.

Alternatives for Sandboxes

Use the Windows Subsystem for Linux (WSL) for programming, testing and playing with Linux.

You can install Ubuntu, Open Suse, Debian, Kali Linux and Intel Clear Linux in WSL and use them for any task. WSL 2 brings many improvements with its own kernel (Windows 10 version 2004).

WSL is used for the native execution of Linux programmes on Windows. If you are looking for a robust development environment and cannot do without Office, use WSL. A WSL works more efficiently with fewer system resources than a complete Linux.

Linux users can look forward to a complete Linux kernel with all classic Linux commands in WSL 2.

Tutorial for the Windows Sandbox

Before you download VMware or VirtualBox, use Windows’ own sandbox (from Windows 10 version 1903) if you only want to test a small programme:

1. Use the Task Manager to check whether virtualisation is switched on
   Performance > CPU > Description below
   
2. Optional: Activate virtualisation in your BIOS (device-specific)
3. Search for “Optional features” in the programmes
   
4. Tick the Windows Sandbox checkbox
5. Restart the computer
6. Search for the Windows Sandbox
7. Start the sandbox with admin rights
8. Please note: After closing, the sandbox cleans itself completely and no programme or file is available any more. The sandbox is only intended for testing

Requirements for Using Sandboxes

Your Windows computer (host OS) should have at least 8 GB RAM and at least 50 GB SSD for a virtualised, average Linux (Linux Mint, Arch Linux, Debian, etc.). An HDD slows down starting, stopping and operating Linux.

Remember: If you intend to use the guest OS for a longer period of time, plan for sufficient hard drive memory (programme user data). It is not always possible or easy to increase the memory.

Virtualisation with Hyper-V in Windows must be switched on.

Sandbox Software for Practical Use

You can download and find a selection of free sandboxes on the Internet.

• VMware develops virtualisation software (cloud computing) for Linux, Windows and Mac. With a turnover of 9 billion dollars in 2018, VMware produces the hypervisors (Virtual Machine Monitor).
• VirtualBox is the free alternative to VMware for x86, AMD64 and Intel64. The software is licenced with GPLv2 for all known operating systems (copyleft).
• KVM (Kernel-based Virutal Machine) is a virtualisation solution for x86 hardware with Intel VT and AMD V extensions.
• The Quick Emulator (QEMU) is an open source hypervisor with hardware.
• Windows Sandbox is available for everyone starting with Windows 10 version 1903.

“How should I create a sandbox in VMware?” – I have developed a detailed step-by-step tutorial for VMware, which you can use to set up your sandbox.

Before you start setting up VMware or VirtualBox, consider whether a ready-made image with all the settings is sufficient for your needs. Someone else may have already uploaded a VMware image with the latest version of your desired operating system.

My Tips for Testing different Operating Systems

What are good operating systems that cost nothing? Why don’t you test ..

• You need it modern, fast and elegant? – Use Elementary OS.
• Hackers love Kali Linux with lots of good configs.
• Linux Mint is a versatile operating system with a large community.
• Use the lightweight Arch Linux for DIY work

Bonus: Effective Protection against Malware

Imagine you need a new video player from the net. You go to a download platform and download the next player that meets your requirements.

• Who says the download is malware-free?
• Do you blindly trust the download platform with the security of your computer?

If the programme with admin rights is malware, then say bye-bye to your data and your operating system. If you have an offline backup, you can save a lot of data, but not all of it.

Use a malware sandbox! Test out untrusted software on an isolated system before you try to install the programme on your host OS! Here are a few malware sandboxes:

• Hybrid Analysis with Falcon Sandbox
• Intezer Analyze
• SecondWrite Malware Deepview
• ViCheck for a static analysis