Vista...
Doesn't Vista already do this for Internet Explorer?
Google is acquiring GreenBorder, a Silicon Valley startup that helps protect web users against malware. Word of the acquisition comes a week after Google inaugurated a blog devoted to online security, indicating the search king's growing interest in fighting the malware scourge. GreenBorder claims to work with both Internet …
My experience has always been that sand, including that found in boxes, is spectacularly bad for both the mouse and keyboard, not to mention what it does if it makes it way to the motherboard.
I remember the first time I heard about using sand boxes to create secure environments.
After yanking the cable modem through the window into the back garden, and then burying the computer and everything else in the sand box, I tested out this under-maligned theory.
I have to say the results were disastrous, especially after adding the water to make the castle - which I figured was essential if you are going to have a secure environment.
So don't believe what Google say - sand boxes are definitely not safe places to browse the internet.
whatever improvements Vista offers for IE, it seems imprudent to depend on MS security alone, considering the company's history of issues and bugs. Even now, 80% of all MS problems are remotely exploitable (i.e. do not require physical access to system).
it is also worth noting that the One Care service potentially provides additional income to MS. this is effectively an incentive to provide poor-quality software, and charge additional subscription fees to fix the bugs in the future ("pay me to fix the broken widget i sold you"...what a great racket that is...). it is a small, but no doubt growing source of recurring revenue.
it is also a conflict of interest. this contradiction may serve to explain why "One Care" sounds suspiciously like "wanker" to some of us (a great joke from someone else's Reg letter).
from this perspective, any additional source of browser security from a reputable third party is a good idea.
Would just like to point out that just because one uses a sandbox (a name bandied about too much) to "flush" the files away and seemingly come out clean for the end user does not mean it is safe. In fact it is more dangerous to assume so.
After a decade in the virus writing community I have came to understand that despite all the tricks n stunts created to make a user feel more protected, in reality all that happens is the feel good factor. We ran several tests where we were easily able to fool norman sandbox and come out the other end with the exact result we were after (un-noticed infection).
It's a game of tit for tat, what ever happens none of it is failsafe, if it was that easy then the solution would have already presented itself. We can rant and rave all we like about new startups and their new technology, we can add firewalls which can then be bypassed, we can disallow executables to be emailed only to get tricked by a malicious website, we can put up warnings to suspected websites only to find a new method around the warning.. It goes on and on! Remember, a warning to a suspected website is no use, the owner of the site will simply and easily create a new one which bypasses the warning, in the same way that anti virus only collar known viruses, hell, my anti virus can detect tens of thousands of viruses but im hardly about to be collard by the love letter am I? Neither is some old dos viri about to wreak havoc on my HDD and copy itself to floppy.
No matter what happens there is no method of complete protection, even the most experienced computer user gets infected because we cannot be on the lookout all the time. However everyone will still report on each new development and the games will commence.
Oh.. Sick of you MAC and *Nix people. And yes, same old. We don't do it to you because why bloody bother? Small market share and no fun...
Nothing tremendously wrong with *nix or Apple, however;
Small market share
No fun.
That's why you don't get it...
Why hasn't anyone sat down and designed an OS to be bullet proof? I don't mean piling security on top of *nix, I mean a ground up project with virtualisation/sandboxes for everything, whitelists, system wide input validation and read only partitions for the core OS etc.
The current war on Malware is about as effective as the war on drugs.
I understand small market share but fun....
Be more specific please.
What is fun for you? Keeping my swamp ass on a chair for hours fixing a computer?
I'd rather have a pint with friends.
And you need no Mac or PC for that.
Ah.. I forgot to mention that me too I tried to bury either my PC and my Mac under six feet of sand (i live on the seaside) for one month each (an adequate period for testing purposes) and I have to say that to my knowledge no virus infected the computer. Not one anymore.....
GaB
Well it's a start.
Sandboxes can work, but it takes more than virtualizing the environment and putting the browser in the virtual space.
If the sandbox contains persistent storage for use inside the sand box, then although it's a smaller universe, malware can still inhabit it.
If the sandbox has a mechanism to allow items to be moved through a gate to the real environment, that's an exploit waiting to happen.
Phishing inside the sandbox environment can still obtain information useful to hack the system outside the sandbox. People commonly use the same password for everything. Oops.
Safe browsing requires a few things. A secure sandbox is one of them. By secure I mean that there is a practical air-gap around the sand box. The virtual environment has to be locked so well that it isn't possible for things to be transferred from within. Nothing, not even a screen-shot. There can be no persistent storage within the sandbox, persistent storage attracts malware and phishing attempts.
What else? Ah, commercial transactions. We need to use transaction based card numbers that are valid only during the one specific transaction. Several card companies already do something like this. The number if valid only for a very short time. It's like being issued with a new credit card for each transaction, and that card expiring as soon as it's used. That way it's more or less impossible for someone to capture your card number, since you never give it.
Downloads. I hate downloads. I hate auto installing extensions and controls, everyone should hate these horribly dangerous things. We assume that they will do as they say. What if they don't? While it's impossible to catch and prevent every attempt at malware distribution since you don't know it's there until it's there. Requiring executable files to be sent as encrypted files that need a key to decrypt, makes it easier to know who you are getting something from, and makes it harder for a black hat to replace your happy extension with an unhappy one. The key requirement has either a second session to retrieve the correct key, or an email from the source of the download with the key. It's not as convinient as say, one click installing, but it will prevent my father in law from getting another 1500 viral infections from all those wonderful clicks he performs.
Email? Email is perfectly OK as long as it's not possible to send an email that results in the autoexecution of anything. So, out goes almost all the HTML crap in emails, perhaps something nice and passive like Rich Text format with a few passive HTML extensions would suffice? If people must send attachments, they can be automatically tagged with the execute disable bit when downloaded to the client.
Yeah, I know this all sounds very painful, but so are the effects of viral infection, phishing, malware and ID theft. Which pain do we prefer? It's not possible to continue the unfettered access model, it's just too damn easy for people to do bad things. We need to completely re-evaluate how we use the 'Net, and what the 'Net is for.
The true and fundamental problem is that ant data storage and retrieval system can be hacked. Even a system with a physical air gap is vulnerable to the insider. We have to find a way to make systems secure enough to deter all but the most well financed and persistent attackers. And that is a moving target. What is possible today was impossible yesterday. WEP can be cracked in about 60 seconds today. When WEP was first mooted, it could not be. However being based on weak encryption and poorly thought out security measures, WEP now has all the security value of wet tissue paper. It might be a good example of a bad standard, but it's also a good example of how security is temporary and we cannot rely on the same countermeasures forever.
Perhaps the most beneficial security measure would be to change the mid set of every user on the 'Net. Oh, wait, perhaps I can turn back the tides first, it might be easier.
IE7 can already function in protected mode (AKA lorie)
This only works in Vista but works very well.
In order to escape the virtual sandbox of 'lorie' only the user of the machine can knowingly allow this to happen.
If an online app needs to write to a directory then it gets a
virual enviroment all in the temporary internet files folder which gets flushed anyway.
Vista then gives the user another 3 levels of protection.
MIC- Mandatory Integrity Control, UIP-User Interface priviledge & of course that big anoying thingy the UAC.
Even if a user is a member of the admin group and tried to run an application. It will always run as if they were in a limited account- this prevents write to places such as the registry, program files, windows folder.
It will also isolate applications from each other in memory therby reducing the risk of syphening data.
Any applcations that do run and want to embed themselves in Vista through registry entries and file plants are also restricted by the principle of least priviledge.
Finally if a virus does happen to get past all this and try to embed itself in Vista it will probably get stuck in a virtual enviroment anyway since the PCA will redirect protected write requests to a virtualstore.
Although playing dice with backward compatibility ("Microsoft's Biggest asset"-Bill Gates, March 2006)
MS are trying to enter a world where people opting for admin rights is a thing of the past & reduce the need for apps to embed themelves in the core makeup of MS Windows.
If you read this far then you are a pure geek!!!!