Helping people with computers... one answer at a time.
Sandboxes and virtual machines share some characteristics, but they are fundamentally different technologies. I'll look at both from a high level.
Sandbox versus virtual machine: can you provide a brief overview on the differences, advantages, and disadvantages?
Sandboxes and virtual machines are two different technologies that share just enough characteristics to make them easily confused.
One could even confuse matters further by referring to a virtual machine as the ultimate sandbox. That would be an accurate statement, but it really only stirs up the mud in what is already muddy water without a little background.
Let's look at the three scenarios: the default case without either, a sandbox, and a virtual machine.
Let's start with a conceptual view on how Windows and Windows applications operate at a very high level:
As you can see in the above diagram, applications running in Windows interact with the machine and with you through Windows.
Windows manages access to the files and on-disk resources; it also manages access to the hardware through the device drivers that are installed for your machine's specific hardware configuration.
In a sense, a sandbox is a container placed around an application running within Windows:
You'll note that one of the three applications in this example configuration is drawn as being within a sandbox. Of particular note is that a portion of the "Files & Settings" used by that application are also placed in that sandbox.
Therein lies the magic.
When you run an application within a sandbox, it continues to have access to everything that it would were it not sandboxed. The primary difference is that anything created or changed by the sandboxed application is:
Not visible outside of the sandbox; other Windows applications don't see it.
Not saved when the sandboxed application exits1.
The best example is simply that any malware that might have been downloaded and "installed" by the sandboxed application is discarded when the application exits.
A virtual machine, or VM, is an application that runs under Windows that creates an environment that simulates a completely separate computer.
In this diagram, the application on the left is a VM that's running a completely separate copy of Windows. In a very real sense, it's a "machine within a machine." Windows running on the actual PC is often referred to as the "host" operating system, while any VMs running on it are referred to as "guest" operating systems.
Within a VM, applications continue to access the world around them through that VM's copy of Windows. That "world" includes that VM's own virtual hard disk on which files and settings are stored.
The VM also includes its own set of virtual device drivers that behave as if they're interfacing to actual hardware. In reality, they're mimicking the presence of actual hardware and talking to the host copy of Windows to gain access to the real hardware.
Everything that happens in the VM stays within the VM. It behaves exactly as if it were a completely separate physical machine.
That implies that any downloads, changes, updates, installations ... anything ... that is created or saved within the virtual machine is only accessible through the VM in some way.
And if you delete the VM, it's like getting rid of a PC. Everything on the virtual hard disk is erased.
One of the best ways to demonstrate virtual machine technology is a scenario such as this one:
This illustrates a single PC running three virtual machines.
The PC itself is running Windows 7
One VM is running Windows XP - and would appear as a window within the host Windows 7 machine.
One VM is running another copy of Windows 7 - and would appear as a window within the host Windows 7 machine.
One VM is running Ubuntu Linux - and would appear as a window within the host Windows 7 machine.
One physical machine running three different virtual machines simultaneously.
Each virtual machine is completely separate - as if it was on completely separate hardware - except that it's not.
This is actually more common than you might imagine. For example, so-called "cloud servers" are nothing more than virtual machines. As I write this, the Ask Leo! website is in reality a modest virtual machine on a virtual hosting provider. I have no idea what the underlying hardware actually is - the virtual machine can't look "out" to its host. My assumption is that it's a fairly beefy piece of hardware on which several virtual machines are hosted.
Sandboxing is typically lightweight and fairly easy to set up and use. I say "fairly" because there are complexities, most notably about how to get desired changes to be preserved outside of the sandbox.
For example, if your browser is sandboxed (the most common scenario), getting a downloaded file that you want to use outside the sandbox may take a few extra steps. Other changes that you might want to preserve while you're in the sandbox can also be slightly more complicated to retain.
Virtual machines are almost certainly not lightweight. You'll need disk space to allocate to the virtual hard drive and you'll also need to make choices about how much of your computer's RAM you want to allocate to the VM while it's running, among other things.
When discussing the characteristics of a virtual machine, the phrase that keeps coming up is "just as if it were a separate physical machine". And when looking at what a VM can and cannot do and what it takes to set one up, that's the best rule of thumb to remember.
Setting up a VM typically involves installing an OS from scratch. In the multiple-VM example above, each virtual machine would need to be set up - just as if they were separate physical machines.
A virtual machine and its host are effectively isolated from each other. A common way to copy files to and from the virtual machine is to set up network access on that machine - just as if it was separate physical machine.
As you can see, a VM is perfect if you want a completely isolated "virtual" second (or third, or fourth) machine. It's also perfect, particularly if you want that machine to run a different operating system than its host. For example, I no longer have a physical machine that has Windows XP installed on it, but I have virtual machines that I can fire up at will on my Windows 7 desktop that provide me with a copy of Windows XP to work with.
In fact, that's all that "XP Mode" on Windows 7 really is - a virtual machine in which Windows XP can run.
The most popular sandboxing tool by far is called "Sandboxie". Originally developed as a Sandbox for IE (hence the name), it's grown into a powerful and flexible general purpose sandboxing solution.
I use Parallels Workstation for Windows as my virtual machine technology. I regularly run copies of Windows 7, Windows Vista, Windows XP, and Ubuntu Linux in virtual machines for testing, doing demos, and answering your questions. Parallels is perhaps best known for their VM technology that allows you to run Windows on your Mac computers.
VMWare is another popular VM provider. Of note is that there are many pre-configured VMWare "appliances" that you can simply download and run. For example, you can download a ready-to-run VMWare appliance that is Ubuntu Linux without having to go through the steps of actually setting up the operating system.
VirtualBox is another VM alternative that I've only played with briefly, but it's free and appears well supported and quite robust.
I plan to dive into Sandboxie in more detail at some point in the future, as it can be a useful tool in your arsenal against malware. You needn't wait; you might consider checking it out.
Virtual machines aren't for everyone. If you know it's what you need and you have the hardware to support it, it's incredibly cool technology.
But it's overkill for most day-to-day usage.
1: Specific sandbox implementations may provide mechanisms to transfer or save data out of the sandbox, but the important concept here is that, unless such steps are taken, any changes made by the sandboxed application are lost.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.