Claude Desktop spawns 1.8 GB Hyper-V VM on every launch, even for chat-only use (opens in new tab)

Google is historically terrible as a product company (and has succeeded in spite of that) As their technical innovations become less of a moat (we're already there) they won't be able to win on engineering alone (they are no longer winning on engineering alone)

They are releasing AluminumOS with their Googlebooks, which is a AI forward OS. If its good or not we have yet to see.

The only lesson I'm taking away is that we are still very early in the AI era. AI workflows look entirely different today than they did 18 months ago and I wouldn't bet on them looking the same in 18 months from now.

Scary that your first shot is Google with Gemini instead of copilot and Microsoft who are certainly in a better position to make this happen. I guess nobody escorts msft to lead anything anymore.

Don't you read HN? Nobody wants AI in their OS, especially in Windows. Common complaint that Microsoft is forcing AI into every corner of Windows.

Re: AI OS integration: I recently retired so most of my LLM use is just implementing and fixing fairly mundane OS and networking things along with light scripting for OS automation (AHK) and Home Assistant. So far, I just use web chat and cut-paste to the OS which is fine for little things but it starts to suck after the 15th round back and forth. For example, debugging intermittent Windows crash logs on my wife's laptop by doing multi-line PowerShell incantations from browser chat window, paste into PowerShell window. Cut multi-line error messages back to browser. Rinse / Repeat.

I'm leery about just giving an LLM free run of my laptop, but with reasonable restrictions on which app(s) it can access and how many steps it can do before checking in, and maybe even a throttle on how fast it works, I'd be fine (I'm not in a hurry and I can learn by watching it work at double-speed). It doesn't have to be mil-spec locked down, it's not like I have production code accessible or millions in crypto keys, the biggest downside would be a few hours hosing out and restoring the laptop, which would be annoying but not the end of the world.

I get those that say, "just spin up a VM and run it there", but I 'spin up a VM' rarely enough that the versions have changed and UXs drifted enough that it's exactly the kind of thing I'd actually want the LLMs help to do without me being a cut-paste bot. I'm mostly Windows at the moment and I don't understand why MSFT insists on spamming LLM features everywhere except the one place I'd not only use it, but pay for it. The usage model could be as simple and intuitive as a Zoom remote desktop share with a collaborator. That's already constrained and users have a mental model for the interaction pattern.

I asked Gemini earlier today to search recent user reviews of the latest 'drive my Windows desktop for me' and it reported that the capability is still slow, expensive, and prone to getting lost navigating the interface or interpreting window boundaries etc.

Anyone have any suggestions for my lightweight, casual use case?

Microsoft has Copilot and Windows. Look what happened.

Because the framework and base is and firmware is freaking huge? You would need any AI hook on every setting/ action.

It seems easier to do just a screenshot and click.

Google is probably already doing and releasing the most actual research into this (like the work that went into Gemma 4)

would "before the major operating systems companies figure out AI integration into their OS that doesn't suck" including running a process with its own address space, like every other thing?

> why Google which has both Gemini and Android can't figure this out,

Not the first time an incumbent has four aces in hand and appears to be entirely unable to make anything of it.

> and if there are lessons to draw from that

Lesson 1: doing shit is hard

Lesson 2: money rules so milking the cow wins over taking the slightest risk

Folks that are interested in a way of doing work locally that doesn't suck, but which integrates LLMs, may be interested in [Barnum](https://barnum-circus.github.io/). The TLDR is that it's a programming language whose frontend is a DSL in TypeScript that is well suited for managing async and parallel work, focused on control flow, from which it is easy to invoke LLMs, and which is easy for LLMs to write. I use it to autonomously ship a very large number of PRs.

They're some of the only new UIs to be made in the last decade. Almost everyone else stays in the browser (or something close like electron- claude code is actually mostly written in React, they couldn't get far from web dev). The problem is they need to interact with the local filesystem, and not many people have built apps for such a wide range of devices in a long time, and of that small talent pool I bet most are corpo coders- moving too slow and to focused on "the right way" to actually ship more than detailed Jira tickets. They also don't have time for stable releases because competition is so fierce.

But I almost always think of things from a talent-pool-first perspective. Perhaps there are actual technical issues like what Boris was referring to.

There are lots of good answers in this thread but I think it's because they are AI companies and not UI companies. When you look at tools like AnythingLLM, OpenCode, pi, etc. you see all kinds of different interfaces, and while they might make disagreeable choices at least they do it with intentionality and direction.

They are dogfooding their products like you wouldnt believe

They are releasing at breakneck pace, it's pretty funny how vibed their products feel sometimes

Because 90% of those UIs is written by these new AI models. That is how they are able to churn so much new user facing stuff all the time. The fact that it works at all is proof that these new AI models are actually pretty decent.

Many people will say it’s because of the slop. I think it’s because they have no product vision. The roadmap is pretty much a random walk, which combined with the velocity of agentic coding is like digging a moat with atomic bombs.

No one left who could fix anything here by hand. Being able to handcraft compelling desktop apps and their plumbing is not a marketable skill anymore.

Mythos, Fable, please do the thing with the VM. Make no mistakes.

> Why are the UIs of the AI companies all broken in multiple ways?

Because they're vibe-coded ultra sloppy code. And it really shows.

Dogfood

They are moving at breakneck speed deploying on scales most of us can't even imagine. They are working in a space that's completely unexplored where getting information as quickly as possible is preferred above iterating on some feature until it's "done" while your competitor has released fifteen other features, all sucky, but one of which turns out to be a killer and makes a billion bucks overnight.

They vibecoded it, and admitted as much. Once it was able to self-vibecode, that's all they did. That's why it's written in React and uses gigabytes of RAM as a chat client.

I thought they were all in on agentic coding? They are probably just building at a surface level with only an eye towards shipping, without considering the impact of all the changes. I've seen less and less coordination between engineers as well under that model. If that's the case (Claude Code is this way). it is sort of what you get, no matter the rhetoric about "make sure to review all your changes!" It's always trade offs.

It is surprising that the Claude web app lags pretty easily when using either chromium or firefox on ubuntu linux. Chats that delay my laptop work without issues on my ipad or iphone using the app.

The web app is definitely a bit of a problem. IF there is a native app on desktop or if claude cli is much faster, i haven't tried them.

I'm with you. I have the Claude web app pinned as a PWA for quick queries, and then use the CLI for everything project-based.

I did consider experimenting with the Routines feature on the desktop app, but I'm leaning towards whipping together something with cron. I saw another poster here who has a daily PR summary routine that I think would be handy, as I have quite a few repos where I'm a sporadic contributor but would like to keep tabs.

I uninstalled it because I have no need for Claude Desktop and there’s no way to keep the 10+ GiB VM image off of my machine

Guaranteed nobody is reading the code being merged in. It's vibes all the way down.

If you're not going to give Claude access to anything on your machine, why are you using Desktop instead of web chat? (Real question, I don't use these much!)

If you are, obviously you need the VM.

Probably because they vibecoded it

Anthropic has pretty consistently been shitty about how they roll out their software. Extreme lack of engineering rigor and thoughtfulness.

The answer is probably as simple as "no one thought not to do that."

---

I know different people work on these things so I can't do more than guess about how engineering culture cuts across teams, but given the sheer amount of carelessness and sloppiness in Anthropic's software I have to imagine they're burning investor money in training and inference because the code to do it is as bad as the rest of their software.

It kind of does though. If you want to use the product they'll need the sandbox ready.

> Claude Desktop spins up a VM without no way of stopping it

I frequently make this error when I talk. My brain thinks of different ways to phrase what I want to say, but when I speak it starts with one and finishes with another. The result is almost always wrong in the way the title is, ie some variant of a double negation.

Sometimes it happens when I type, though I try to read it multiple times so often catch it.

When you realize that in some languages, for instance, in Spanish, double-negatives are not just tolerated, but correct, it helps you to let go of this particular type of pedantry when it accidentally appears in an English sentence.

All your RAM are belong to us

This question is answered by the post? There is reportedly actually no way of stopping it happen. Perhaps the poster had a brain fart while typing it. Maybe they speak a different dialect of English from you.

Op is nitpicking on the poorly written title. I came here to find that comment :)

I agree. Why is this a problem?

Rule 1 with making number go up is you eliminate friction at all costs. The user's hard drive is free to you, so there's no reason to gate a feature you want them to use based on that. 98% of them will have no idea you're foisting garbage on them.

RIP, every base model mac from the past 10 years with the <= 256GB SSD. Including the new Neo. When you consider how much of that is eaten up by the system, swap space, caches, reserved space to download OS updates, and apps (2GB a piece is far from uncommon) -- having less than 15GB free is completely unsurprising on that size disk.

I've found that the easiest way to 'remove' the bundle is to delete its contents, then change the permission on the folder, so Claude can't write to it.

It was on my machine at least, I remember I had to do an additional install to activate that tab...

Incredibly insightful. Not everyone speaks English as a first language. On top of that, the title is not ambiguous.

lol :D fair enough

It hurts to have all this control stripped away. Once upon a time, you bought iLife (suite of iPhoto, iMovie, etc) on a CD or DVD and installed it. Today, you physically cannot delete the Photos app no matter what.

On my work computer, where I never manage any photos, have no iCloud account and never will, I have to keep this app installed and anytime I so much as AirDrop a png to my computer I am prompted to "Add to Photos" with it. No thank you.

The .app is actually only 41MB, so obviously they've moved the majority of it to some mystery-meat libraries or frameworks installed elsewhere anyway.

Highly recommend trying a linux computer with kde. I have been having similar annoyances with my macbook and switching to kde felt really good. Even though the hardware of the linux pc isn’t nearly as good.

These apps are built for normies, not coders

Not sure if this is deliberate or not but you're describing Docker Sandbox extremely closely. https://www.docker.com/products/docker-sandboxes/

Yep, I've been using a local vm-centric agent setup for about 3 months, and it works great. I think there is also value in the fact that with a local VM, you can have the same public IP address, so you're not relying on an EC2 EIP that may be blacklisted somewhere.

Wsl2.0 is literally a Linux vm built into windows. I imagine some people are using that.

I mean I’m using coding agents on windows, because I’m not just going to learn a whole new operating system just to make robots write code for me.

I want tools that meet me where I’m at, not tools that demand I change up my entire UX to interact with them.

The assumption is not “what’s wrong with Windows that it doesn’t work with <technology>,” more “what’s wrong with <technology> that it doesn’t work with Windows”

Why wouldn’t you want your thing to be cross platform

Are you sure they're not using WSL2 (which is Linux, not Windows)?

I don't know where's a good place to post a screenshot, but can confirm I get a dialog saying:

> Get an app to open this 'x-apple.systempreferences' link

> Your PC doesn't have an app that can open this link. Try looking for a compatible app in the Microsoft Store.

Claude is entirely vibecoded and it shows

There are some English dialects with negative concord, meaning that to form the negation of a sentence, you negate all negateable words in it

Well we could start by not building ever gd app with f*cking electron.

Apart from you have no idea what's going on in the VM. It's not as it has a virtual terminal. I'll play the skeptic archetype: What's not to say they're transmitting all prompts back HQ?

Don't be naive and don't think they don't already do this.

Why not ask itself and see what it says about it. "Claude, why are you running in a virtual machine and what are you doing?".

/shrug

The VM causes observability problems, which corporate platform stakeholders are sensitive to. They will eventually figure out a way to provide an ESR/logging interface to the sandboxed code that is distinct from the user level telemetry, then Defender/Crowdstrike etc will just support that.

I run totally unprotected with gpt5.4/5. I've been through thousands of dollars worth of API tokens through both copilot and custom harnesses that have local admin and arbitrary powershell access. I've never seen anything that could even remotely be construed as malicious.

I see a lot of people making a really big deal about safety and sandboxing while I'm busy getting shit done. If you can't handle your current source code checkout getting screwed up by a bad prompt, that's on you 1000%. Source control is the answer for anything information over time.

Unless you intentionally try to make a scene, these models aren't going to go fuck with your system shell or do anything you couldn't recover from in a few minutes. Connecting chatgpt to the enterprise sql server as sysadmin is not what I'm advocating for. This is another example of "on you, not the AI". There's a tiny amount of nuance you can apply at the edges that makes it easy to allow broad access with negligible risk.