Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.
How many times have you downloaded an executable file, but were afraid to run it?...
Updated Dec 12, 2022
Version 11.0
Blog Post
While I absolutely hate to bother you Microsoft guys with more ominous predictions, I think the status quo calls for it, lest you don't face another fiasco like Windows 8 and Windows Vista.
It seems to me that Windows Sandbox goes right into the domain of paravirtualization and hardware-assisted virtualization. That's overkill. Let's assume you get the performance concern out of the way. Tangling yourself with the intricacies of virtualizing the graphic subsystem is something about which you must think twice. You might end up having to play catch-up with graphic hardware vendors. Storage virtualization would probably suffice for the purpose of sandboxing. Maybe just go all the way up to OS-level virtualization (AKA containerization).
The fact is, running untrusted code will eventually have a cost. Electricity and user's time are always wasted. But what else are you trying to protect by going into paravirtualization, especially if Windows Sandbox is not going to hide the fact that its apps are running inside a sandbox.