Desktop Grids harvest the computing power of idle desktop computers whether these are volunteer or deployed at an institution. Allowing foreign applications to run on these resources requires the sender of the application to be trusted, but trust in goodwill is never enough. An efficient solution is to provide a secure isolated execution environment ("sandbox"), which does not constrain any additional burden neither on administrators nor on users. Currently Desktop Grids do not provide such facility. In this paper we investigate methods and mechanisms that enable the use of virtual machines as part of a security infrastructure for Desktop Grid clients to provide a sandbox for running (untrusted) applications. We define and analyze the requirements for any platform independent and transparent sandbox for Desktop Grids. We detail a prototype, which we built based on our findings and we give a performance evaluation.