Slightly off topic, but how well do sandbox execution environments handle malware that only execute if a VM is not detected? AFAIK most virtualization environments are easily detectable by the guest.
The sandbox just provides environment separation to run automated tests independently. How you define the environment, and how malware may react to it, is up to the user. (However, the 'hooks' could in theory be written to circumvent or detect malware looking for signs of a guest VM)
