More user applications are relying on sandboxes to limit the damage a Remote Code Execution vulnerability can inflict. It started with Web Browsers such as with Internet Explorer's Protected Mode and now covers many different applications. Unfortunately the Windows operating system isn't well matched to providing secure sandboxing. Through a combination of missing features, poor documentation and unexpected behaviour writing a secure sandbox on Windows seems an impossible task. Even built-in technologies such as Windows 8 AppContainer's have unusual behaviour which can even catch out Microsoft.
This presentation details some of the ways Windows actively hamstrings sandbox development. It also includes some interesting bugs in sandboxed applications such as Chrome, IE and Adobe Reader which directly result from these problems with OS. Attendees should get a better understanding of some of the issues with Windows sandboxes so that they might be able to better audit and develop them in the future.