Microsoft open-sources LiteBox, a security-focused library OS

From the GitHub page:

LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.

LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.

Example use cases include:

  - Running unmodified Linux programs on Windows
  - Sandboxing Linux applications on Linux
  - Run programs on top of SEV SNP
  - Running OP-TEE programs on Linux
  - Running on LVBS

Copilot

https://github.com/microsoft/litebox/blob/main/.github/copil...

With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.

What is a 'library OS'?

at first I thought library OS might have meant an OS meant for use at a library.

Honestly far less interesting to know I was wrong.

I’m not sure I understand what a library OS is; can someone here elaborate?

No mention of starting with a design specification & then tied to formal verification the whole way?

It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?

The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.

Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.

The cargo.lock file is 2200+ lines long. Did they spend a reasonable amount of time auditing these dependencies?

Hmmm. Another, admittedly interesting, step towards the complete digital lockdown. Isolate and virtualize everything, now also governed by AI!

I wonder if they, the industry as a whole, eventually will make being able to freely use a PC a subscription, bastardizing "freedom" completely.

Another layer (ouch) to abstract away Windows (ouch * ouch).

Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.

No deployment instructions?

Baaah! Microsoft, security-focused in a single sentence!

Can it replace Wine to run Windows apps on Linux?

A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused

"We did not find any viable commercial use for it, but maybe you will."

Cool

[dead]

[flagged]

What % of it is vibe-coded in copilot ?

I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.