How to defend against ActiveX and other malware exploits- Part II
In this post. I will discuss software methods for isolating the browser so that any malware cannot be passed to the rest of the system. The software makes use of virtualization methods or a “sandbox”. I have posted on this subject previously and will give some added details.
A “sandbox” is an isolated part of memory. Input can flow into the browser from the system but any output from the browser is kept in this walled-off area. If this area becomes infected, it can simply be discarded and a fresh sandbox created. Any incoming malware that is downloaded is trapped in the sandbox. Any attempt to make changes to the system are also trapped in the sandbox. A number of software programs are available that use this technique.
A program that I have mentioned previously is GreenBorder, which has been reviewed favorably in several reliable places. With this program, you can place either IE6, IE7, Firefox 1.5, or Firefox 2.0 in a sandbox. Ian Richards at TechSupportAlert has carried out thorough testing of a group of programs of this type and gives an excellent discussion of the pros and cons of this type of protection. Richards rates GreenBorder as the best in this group.
Another review is by Neil Rubenking at PC Magazine. He gives GreenBorder high marks for efficacy but points out that it is rather pricey:
GreenBorder Pro is an equal-opportunity guardian—it cordons off all activity from Web-based programs without worrying about exactly what the individual programs are. Thus it doesn’t need the kind of signature updates that a standard antispyware or antivirus utility does. I asked Jim Fulton, GreenBorder’s VP of marketing, why the product is sold as a yearly subscription. He responded that users actually requested that; they’re accustomed to buying their security protection as a subscription. I wonder if those users realize that eventually the product will stop working unless they renew? I also find the $49.95 yearly fee a bit high compared with Spy Sweeper or Spyware Doctor for $29.95.
Walter Mossberg has also reviewed the program. He agrees that it’s somewhat overpriced but likes its capabilities. He describes the approach of this kind of software:
Now, a small Silicon Valley company called GreenBorder is trying a radical approach. It has developed a product that isolates the browser from the rest of the computer, without impairing your Web browsing. It erects a sort of fence around the browser. Inside that fence, the browser runs normally, along with associated programs like media players. But the browser can’t be used to install bad software or to spy on the rest of the computer outside the fence.
With this product, called GreenBorder Pro, any malicious software you pick up is trapped in a computing environment — called a virtual session — that exists only inside the fence and can’t affect any key files or settings outside.
Once you quit the browser, this virtual session simply disappears, along with any bad stuff that has collected within it. Your files and settings remain unaffected. You can even purge the bad stuff from the virtual environment at any time by clicking on a command called Clean and Reset GreenBorder.
Another highly-rated but less polished program is the donation-ware program Sandboxie. (It’s free but the author requests that you consider a donation.) TechSupportAlert picked it as a product of the year for 2006. It can run either Internet Explorer or Firefox in a sandbox. It has the capability to put other applications in a sandbox as well.
Note that there is a tradeoff in convenience if you use any virtualization software. In effect, you have two computer systems and have to keep track of what’s in each. If you want to download and permanently install a program, you can’t do it in the sandbox. Neither can you download and keep a permanent folder of your email in a sandbox. Also, this type of software is not a sufficient defense by itself. You must still have a firewall and most PC users should probably continue to have anti-virus software.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.