At the time of writing, all third-party Windows store apps were running inside of such an API sandbox. Windows did not use virtual machines for that, but the sandbox is quite good nevertheless. AFAIK they used CreateRestrictedToken API to implement that.
> He does mention that app stores are not a solution and gives sound reasons.
Despite one can now technically package any Win32 app into the store now, this does not mean there’s no API sandbox anymore. Developers can still code against UWP APIs only, and the OS will use a sandbox for such apps.
At the time of writing, all third-party Windows store apps were running inside of such an API sandbox. Windows did not use virtual machines for that, but the sandbox is quite good nevertheless. AFAIK they used CreateRestrictedToken API to implement that.
> He does mention that app stores are not a solution and gives sound reasons.
Despite one can now technically package any Win32 app into the store now, this does not mean there’s no API sandbox anymore. Developers can still code against UWP APIs only, and the OS will use a sandbox for such apps.