A sandbox is a walled-off section of your computer or network where untrusted or unknown programmes run in isolation. Think of it as a containment box: anything that happens inside stays inside. If a programme crashes, behaves oddly, or turns out to be malicious, your actual operating system and data remain untouched.
Sandboxes work by restricting what a programme can access. A sandboxed application cannot read files outside its designated folder, modify system settings, install drivers, or communicate with your network unless you explicitly allow it. This is why opening a suspicious email attachment or installing an unknown programme in a sandbox is far safer than doing so normally.
Common uses include:
- Antivirus software testing suspicious files without risk
- Developers testing new code before release
- Web browsers running plugins or scripts in isolated tabs
- Virtual machines running potentially dangerous software
- Testing software updates before rolling out across an organisation
Many modern operating systems include built-in sandboxing. Windows has Windows Sandbox (available on Pro and Enterprise editions). macOS uses sandboxing for App Store applications. Linux has multiple options including seccomp and AppArmor.
The main limitation is that sandboxes are not foolproof. Sophisticated malware occasionally finds ways to 'break out' of a sandbox, though this is rare. A sandbox also cannot protect you from social engineering or phishing tactics that trick you into willingly sharing sensitive information.
For home users, sandboxes are most useful for testing downloads from untrusted sources or running older software you no longer trust. For businesses, sandboxing is a critical layer of defence against zero-day exploits and advanced threats.