This trip down the rabbit hole was inspired by a conversation with Chris in another thread...
Using a sandbox for software testing makes good sense -- the intent is to prevent software from making unwanted changes to the OS [Windows, Linux etc.]. Running a portable app will make changes to Windows -- installing software can make many, many more. At the least this leads to bloat, but OS performance, security, and basic function can all be effected.
There are services providing sandboxes running in the cloud designed specifically to help detect and analyze malware, and there's the Windows app, Sandboxie. A virtual machine [VM] can work as a sandbox, and is often used that way, but that's not what its most commonly used for. VM Host software, running in a host OS like Windows or Linux, or on bare metal, emulates physical hardware. You create a new machine, fill in the blanks, e.g., how much disk space, RAM, CPU cores etc., and install an OS, same as you would using real hardware. That lets you run what's essentially a separate PC while using your PC/laptop, running your choice of OS in a window, so you can run Linux in Windows, Windows in Linux or on a MAC and so on. It also makes for a disposable PC that can be rapidly set up, & then when unneeded, thrown away. VM Host software includes Windows Hyper-V [not available on Windows Home version], VMWare, VirtualBox, and on Linux, KVM, which is built into the kernel.
How VMs are commonly used...
Once you set up a PC/laptop -- install the OS, drivers, add software, and configure everything-- you can use a copy of the hard disk to set up however many additional PCs or laptops, saving a LOT of time & effort, as long as they use identical hardware. Businesses and manufacturers do this all the time. And this strategy works even better with VMs, since for any given brand of VM host software, the [emulated] hardware is always identical. Better yet, VMs are stored on a VHD [Virtual Hard Disk], which is a single file that acts like a physical drive. Make 5 copies of a reference VHD, and spin up 5 servers in minutes to manage an increased load, & then when things go back to normal, get rid of them all. [This strategy's pushed even further with containers.]
[You can create a snapshot in most VM host software, to restore a VM to an earlier state, but I keep reference copies of the VHDs my VMs use, using a copy to replace those that have been used.]
As a sandbox however VMs suffer, because nothing's been done to make the VM much more secure than the average PC/laptop. If a VM or sandbox is infected by malware, it poses the same risk to every device connected to your network as an infected PC. There's also the risk that malware may escape the VM or sandbox to infect the host -- the software's designed to prevent that, but malware's whole purpose is to circumvent those sorts of protections. And it can also fail as a testing environment to detect malware, because malware will often check to see if it's running in a VM or sandbox, and if so, remain dormant. Its masters don't want anyone to analyze the malware to figure out how it works, because then they can develop defenses and ways to detect & remove it.
It is possible to allow a VM to have network connectivity And keep it isolated from everything else on your network. It is possible to use a USB network adapter, wired or Wi-Fi, and connect it to the VM so it uses that instead of your PC's or laptop's network adapter. It's also possible to add a 2nd router, giving you two networks, one separate to isolate the VM from your other connected devices. If you're using a sandbox or isolated PC/laptop you can just connect to that separate, isolated network.
You can harden KVM, VMWare, and VirtualBox VMs by not installing [or uninstalling] what VirtualBox calls Additions, which is guest OS specific software to enable greater integration with the host OS, e.g., shared clipboard. Hyper-V uses a service that you can turn on/off, which **may** be easier for malware to turn on, rather than say VirtualBox, where you can remove the ISO containing the additions. With the additions installed you do get several worthwhile features, but while you can turn off access to files/folders stored on the host, there's the possibility that malware *might* be able to turn it on. Without the additions in VirtualBox for example, sharing a folder with the host OS is impossible, it's broken. That does mean however that you'd need to either use the .vhd format for the virtual hard disk, that you could mount in Windows to add/remove/copy files, or be able to attach the VirtualBox native .vdi virtual hard disk to another VM for the same purpose.
The Windows Sandbox [not available on Windows Home version] is more secure when/if using Protected Client mode, which adds security running in an "AppContainer Isolation execution environment". However, Win11 24H2's updated Sandbox removes Application Guard and its related APIs, which I suspect is why Protected Client mode no longer works. The 24H2 sandbox seems to Only focus on using less hardware resources than a typical VM, though there's hardly any info available. Running a VM does use up hardware resources -- on an average PC/laptop 4 CPU cores & 4-8GB RAM works pretty well -- on top of what it takes to run the host OS, so for those running somewhat lower spec PCs &/or laptops Windows Sandbox might be a worthwhile alternative.
Another option is to use an isolated PC or its equivalent, though unless you're in the biz of researching malware it may not be worth it. You can set up a PC/laptop on an isolated network, and/or you could use a Windows To Go drive on an isolated network, ideally with the PC's/laptop's internal drives disconnected, possibly in the BIOS. That eliminates the risk of malware detecting it's running in a sandbox or VM, and because there's nothing valuable for malware to access, there's no risk there. Drives would ideally be SSDs that have a factory command to reset them, which could be done booting to a USB stick. You could get a clean copy of the OS by restoring a disk image backup, again using USB drives. And just in case, the BIOS can be cleared & re-flashed after running malware. That's one advantage of using a VM, though *maybe not* Hyper-V, since the BIOS is in software -- you could make a [7-zip?] copy of the VM Host software's folder, delete the existing folder after running a VM, and restore that copy so nothing's changed.
Long story short, while using a sandbox is good for testing software, unless you take steps to harden / increase security, you should be just as careful about what software you run as when you're not using a sandbox.