Windows 10: Defender Antivirus will be running in a sandbox

Windows Defender will be able to run in a sandbox, meaning that it will be isolated from the rest of the system, increasing security in the event of potential attacks. Windows 10 users can already try the feature.

Antivirus software is intended to protect users and their data, but the built-in windows antivirus runs with high privileges and it can be a threat in the event of an attack on potential security vulnerabilities, specifically its antivirus engine.

Running it with higher privileges is required to scan and inspect the computer data for malicious code. Altough this attack is not common, it's quite possible that hackers might start using this attack in the future. And no other antivirus is ready yet for this kind of threat, except for the Microsoft Defender Antivirus. 

By running it in sandbox, it eliminates the risk of many attacks, and can operate securely without affecting performance or usability.

A sandbox corresponds to a partitioned zone that is strictly separate from the rest of the system, so a malware that exploits the rights of Windows Defender can only `play in the sand` and has no access to the rest of the system. According to Microsoft, Windows Defender is the first antivirus application that has implemented such a sandbox.

If you want to test this feature out, it can be activated by a system-wide variable (setx / M MP_FORCE_USE_SANDBOX 1) in Windows 10 version 1703 or higher; however, it should not be switched on productive installations until Windows Insider has completed a few test runs before making this option production ready. Please note that recently, Windows updates did not shine with particularly high quality. 

Meanwhile Linux and MacOS users are relatively safe from malware which includes viruses, trojans, worms and other types of malware that affect Windows users.