- Windows 11 can now run legacy Win32 apps isolated from the main system.
- This new sandbox approach will help to improve security.
- The technology is now available in preview for developers to implement on their apps.
Windows 11 now has isolation support for legacy Win32 applications for consumers and business users. According to the company, developers can now ship their applications using a sandbox container to isolate them from the rest of the operating system to protect the system from malware and other threats, thus improving security.
The new approach will help to prevent programs from having unexpected or unauthorized access to critical internal subsystems, minimizing the damage to setup if an app is compromised. In other words, this new technology will make it more difficult for attackers and malicious code to exploit vulnerabilities and spread out to other applications or components of the operating system.
The new technology is now available as a preview, but it’s not a feature you can enable on Windows 11. Instead, it’s a security feature based on the AppContainers foundation that developers must implement on their apps. Microsoft is dedicating a page on GitHub with the resources and instructions for developers to get started isolating their applications.
Although this is a new feature, it’s not the first time the company has attempted to containerize applications to improve security. Sandbox is a feature part of the Pro, Enterprise, and Education editions that creates an isolated Windows desktop environment that allows users to run untrusted applications or browse web pages that may be malicious.
Furthermore, Microsoft Defender Application Guard is another solution that creates a virtualized environment that isolates an instance of Microsoft Edge to browse untrusted websites without affecting the main setup.