back to article Brave VMs to destroy themselves, any malware they find on HP's new laptop

HP has announced plans to integrate Bromium's virtualization technology into a laptop as a defence against malware. The soon-to-be-launched EliteBook x360 1030 G2 will feature virtualization-based security built in to the hardware in the form of a feature called Sure Click, which will go on general availability in Spring. The …

  1. Anonymous Coward
    Anonymous Coward

    I wonder how effective this will be. Things like file downloads need to escape the VM. Persistent data is required ( cache, cookies, passwords, etc ).

    1. alain williams Silver badge

      When is this activated ?

      It seems to me that this will depend on the user doing something. That depends on:

      * the user being aware that something untowards has happened

      * the user knowing that they can or should do something - and what that is

      * the user caring: ''it is an IT problem''.

    2. P. Lee

      There seems to be some confusion in the article as to whether it is tab-based or application-based. I'd assume application if its a VM and there's no reason why it shouldn't be persistent if it is not asked to wipe itself.

      This is more along the lines of how things should work, but its a little sad that its a third-party thing and not an OS thing.

      Downloads do need to be handled. The right way to do it would be to have the browser ask the host OS to pick the file up from a download cache area. The host OS would then ask the user if they want to retrieve the file into the host OS data area and initiate the transfer. The guest vm should not have outbound (to the host OS) capabilities beyond very simple message passing.

  2. J. R. Hartley

    Very fancy but will it work?

    Probably not.

    1. Baldy50

      Re: Very fancy but will it work?

      Hey! Just out of curiosity did find that book and did you get Michael Russell a copy too?

      1. J. R. Hartley

        Re: Very fancy but will it work?

        No. That cunt owes me a tenner.

  3. GingerOne

    They talk about this being in the hardware but then describe software. And isn't the EliteBook aimed at the Enterprise? Our machines never see the OS install they come with, out the box and booted to PXE immediately for the corporate image to be installed.

    Think most are going to be more interested in seeing a download for this rather than having it baked in.

  4. rd232


    In what way is that different from Sandboxie? (Other than that it's pre-installed and only works in Chrome and IE...)


    1. Anonymous Coward
      Anonymous Coward

      Re: Sandboxie?

      Sandboxie is a user mode sandbox (similar to Chrome sandbox) and thus vulnerable to kernel exploits which means it is not that hard for a skilled malware author to break out of. This technology uses a virtual machine and so the kernel is removed as an attack surface. Breaking out of a virtual machine is extremely difficult.

  5. Anonymous Coward Silver badge

    Won't work

    When Chrome was first released, one of its major selling points was that each tab is a separate process and all addins are sandboxed. But then things need to escape sandboxes and communicate across processes in order for the browser to function (in a usable manner anyway). So holes are left anyway.

    Plus, most malware these days seems to be just a scary webpage followed by the user doing everything they possibly can to bypass protections and infect themselves. Browser exploits barely feature any more.

    1. juul

      Re: Won't work

      Totally right, because if the user cannot copy/paste items to a document, they will try to stop the protection or object to have such a work pc that makes them less productivity. With a reference to not being able to copy pic or text from work-related sites.

  6. Sandtitz Silver badge

    Wait a minute...

    HP had a somewhat similar product a decade ago, "Mozilla Firefox for HP Virtual Solutions".

    Perhaps the virtualization layer was working as advertised, but HP didn't keep up with update cycle of Firefox 2.x so the product was quietly killed.

    This 'bromium VM' thingy seems as just another sales gimmick.

  7. Steve Davies 3 Silver badge

    Wot! Internet Exploder?

    Shouldn't they be targetting Edge rather than IE?

    MS might be wanting to have a quiet word or three with HP over this.

  8. Brian Miller

    But cell phones already do this...

    Except that it's not in response to malware.

  9. Anonymous Coward
    Anonymous Coward

    Does it block...

    Win-10 spyware too?

  10. Denarius

    back up a minute

    does not this conversation just demonstrate that active web pages are a major security flaw ? Web browsers by definition should be read only software unable to trigger any local event. I know, I know...

    1. Stevie

      Re: back up a minute

      Get Rid Of Useless Javascript Now!

  11. Tezfair

    Sounds like a variant on steady state, just a virtualised one

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like