Microsoft has given Windows Defender, Windows 10’s built-in anti-virus software, a huge security boost with the announcement that it can now run in its own restrictive process execution environment or “sandbox.”
When a program runs in a sandbox the code is largely isolated from other software running on the computer. This is particularly useful for an anti-virus program, because by its nature it encounters malicious code which is designed to spread to the operating system, or, in the case of ransomware, to encrypt important files on the computer.
“With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability,” the company claimed in its announcement.
It is not clear exactly what Microsoft means by this, because other anti-virus vendors offer sandboxing in their products, but the announcement is still significant because Defender is the default antivirus protection that ships with Windows 10.
Sandboxing is not a feature which is restricted to anti-virus products. Browsers such as Google’s Chrome also run in a sandbox to make it harder for hackers who find a vulnerability from exploiting it to attack other parts of the computer system such as the operating system or users’ data.