back to article HP loads PC with nonexistent web browser

HP is now offering desktop PCs with virtual web browsers. Today, the hardware maker unleashed the HP Compaq dc7900, a business desktop with a version of Firefox that isn't really there. Developed in tandem with Symantec, the Firefox for HP Virtual Solutions browser operates in a runtime netherworld that's separate from the …

COMMENTS

This topic is closed for new posts.
  1. Gordon Fecyk
    Pirate

    This says something about HP's confidence in Firefox

    "SVS [...] virtualizes individual applications, installing them in packages that remain separate from a machine's registry."

    SVS seems to reinvent what user accounts already do on Windows. At least, what non-admin accounts already do on Windows, that is, isolate the app from the operating system itself. Even the Explorer shell and IE are isolated from the OS in this manner. Want new settings? Log on with a different non-admin account.

    HP is telling me here that they don't trust Firefox to play nicely. Or they're assuming that their users are going to run Firefix (sic, heh heh) as admin. This might be a valid assumption, but it's still the wrong solution to it.

  2. Ed

    But really...

    But really, this is a problem with the OS that's just being solved like this. The OS should be responsible for ensuring that browsers (and other apps) aren't able to access things they shouldn't...

  3. DrewHew
    Thumb Up

    This is wicked!!

    Guess I'm the first person to state what a bloody great idea I think this is!!

    Wonder if I'm overreaching by suggesting that this could very well spell the death of malware?

    Sounds promising...

  4. wsm
    Joke

    Registry

    Separate from a machine's registry? As if it didn't need one to run an application? What kind of operating system could do that?

  5. Sleeping Dragon

    Well done HP...

    ... for trying to solve some of the shortcomings of the OS.

  6. moonoi
    Gates Halo

    Hasn't this been done before?

    Sounds similar to Softricity to me :)

  7. Anton Ivanov
    Coat

    Re:This says something about HP's confidence in Firefox

    Actually it says a lot about HP (and any admin) confidence in Windows user accounts. I agree - the functionality offered by SVS should be a part of the base OS. However, as we all know it is there only on paper. In reality, MSFT has continuously failed to deliver.

  8. This post has been deleted by its author

  9. Simon Brown
    Thumb Up

    it's ok but...

    It's ok as a concept but I have a number of criticisms of SVS

    Firstly that version of Firefox is 1.5. So we're running a slow and obsolete browser in a virtual sandbox. Presumably that won't be running particularly quickly then...

    Secondly, technology like this should be open source. Something as useful as SVS would benefit from being developed by a large community rather than a small firm - so that bugs can be ironed out asap, so that exploits and vulnerabilities can be detected and fixed asap. Closed source we only have their word for it that the application is running in a sandbox...

    Thirdly it appears to be the case that you can only use applications that have been pre-packaged for the SVS - it doesn't seem to be possible for example to install an SVS container then install Microsoft Office into that container. This would be useful as MS Office is so vulnerable to attack that it would surely benefit from being installed in as tight an environment as possible - especially one which can be reverted back to original state when bad things start to happen as they invariably do.

    Still it's a brilliant idea and hopefully as others have said will spell the beginning of the end for certain types of malware

  10. Peter Gathercole Silver badge
    Coat

    Sound familier to UNIXers?

    Hey, guess what. HP have just re-invented the chrooted environment.

    We've been doing this in UNIX land for 30+ years.

    Nothing is really new nowadays. Especially my coat!

  11. Anonymous Coward
    Thumb Down

    @DrewHew

    "this could very well spell the death of malware?" ... not while IE exists in a windows environment, full stop.

    This is fixing the symptom not the cause, poor system security patched by running a virtualised sandbox. Did they get this idea from the iPod 'jailbreak' concept perhaps.

  12. Danny
    Paris Hilton

    I think this is a great idea

    This sounds great to me for one reason - admin access. Have a program that refuses to work without admin access? No problem, user logs on with their own limited credentials and the admin access program runs riot quite happy in its own sandbox.

    Paris, her sandbox often runs riot.

  13. Joe Montana
    Flame

    Sounds familiar

    This just sounds like a chroot, something unix systems have had and taken for granted for years...

    Why is windows always last to get features that were basic and standard in any other os? and even then often implemented by a third party...

  14. Anonymous Coward
    Flame

    At last

    ...some real protection for the PC. The OS has been so piss poor in the past at protecting the PC (except in the early days). I guess the fact that all these stupid modern browsing features that allow access to plug-ins and worse still, write to files is the real problem. Lets hope HP open sources it so we can all benefit.

  15. Ivana Chagalot

    Firefox is great, turfers are shite

    "HP is telling me here that they don't trust Firefox to play nicely. "

    If Internet Explorer is safer then why didn't HP offer Internet Explorer as their safe solution? Your logic is of the same quality as the logic used to design Internet Explorer, take that how you will. :)

  16. Anonymous Coward
    Stop

    Thinstall

    Thinstall have been doing this for years... and Symantec/HP think it's news? App virtualisation arrived a long time ago. Get with the program, HP.

  17. Anonymous Coward
    Anonymous Coward

    not a particularly new concept.

    One of my friends, who ran a cyber cafe, used to have everything running in a virtual machine. No matter what was done to them by the customers, they would revert back to a pristine state every time they were restarted.

  18. Anonymous Coward
    Anonymous Coward

    excellent

    sandbox apps are going to be the shape of things to come

    web based apps were always going to be a non starter for the simple reason that it gave no consumer advantage, sandboxing however, particularly connected apps. now this has real potential

    punctuation? no thanks!

  19. Name
    Paris Hilton

    ..and everything under the sun

    Not new- some existing implementations are:

    http://www.sandboxie.com/

    http://www.trustware.com/

    doesn't mean it's not a good idea, though :)

  20. WhetPhish
    Go

    Sounds good to me.

    Sounds good to me. Well done HP for making up for MS's shortcomings.

    I agree with Ed that the OS should be protecting itself from the user, but the average home Windows user runs as administrator anyway and even restricted Windows users seem to be able to install things they shouldn't (my old man managed to install a questionable dial up connection from his restricted XP account!)

    I've not used SVS but have used OS virtualisation products and the only thing I'd be worried about is if the virtual app was running a lot slower than the 'native' version and hogging excessive memory.

  21. Henry
    Thumb Down

    Sandboxie

    I've been using www.sandboxie.com to do this sort of thing for ages.

  22. Matt Bryant Silver badge
    Happy

    RE: Gordon Fecyk

    Agreed, this is the lazy answer which tech people will laugh and point at. But, you are forgetting that many of the HP "corporate PCs" end up being sold to smaller businesses and the public via such websites as Amazon and DABS. And most of those small businesses and private users don't have a clue about M$ security. I have seen small businesses with a dozen desktops/laptops, no central fileservers so no centralised management, and everyone their own XP login as an administrator account. For companies like those, anything that automates or adds security without requiring an invetsment in time and resource in learning better techniques is a boon. Susprised that Symantec/Mozilla let HP use it as an exclusive but then it has given it some nice publicity.

  23. Thomas

    So the main trick is virtualisation of the registry?

    Have I understood that correctly? If so then it sounds like a neat trick (I guess it amounts to running one user's applications on another's desktop?), but a bit Windows specific. Would a similar approach be useful on OS X or whatever, or is it mostly to address the manifold issues with the Windows registry?

  24. Anonymous Coward
    Anonymous Coward

    @Gordon Fecyk

    "SVS seems to reinvent what user accounts already do on Windows. At least, what non-admin accounts already do on Windows, that is, isolate the app from the operating system itself. Even the Explorer shell and IE are isolated from the OS in this manner. "

    You seem to be missing the point somewhat. If your HKCU hive is fooked then it's not just one app that's fooked, potentially it could be all your apps. The solution to this could be deleting the whole user profile, and then restoring all the bits you need to keep. Hardly something your average end user would want to do frequently.

    "Want new settings? Log on with a different non-admin account." Great solution. Your average non technical user will be perfectly happy setting up multiple user accounts and switching between them at will, while still managing to share things like the My Documents folder between these accounts.

    It's not a flawless solution, however it does go some way to addresses the problems inherent in Windows and it's horrible, horrible, horrible registry.

  25. Anonymous Coward
    Anonymous Coward

    Admin rights...

    As already mentioned, this is a job for admin rights.

    Even though, I run in Admin all the time using windows, too much hassle to mess around every time I need something, and at the end of the day, reinstalling a machine (I got better options for that, cloning) takes very little time.

    Will this help us when checking them dodgy downloads? (virtual box, its free)

  26. David Cornes
    Thumb Down

    Non-existent?

    It sounds funny, but your categarisation of virtualised applications and machines as non-existent is a bit of a misnomer surely? Since ALL software is really just bits of data in transit, running those in a virtual layer instead of within the host operating system isn't really fundamentally changing their state of existence is it??

  27. Random Noise
    Flame

    News?

    Perhaps the headline should be 'large company copies some software which has been around for ages'

    I've been using a program called Sandboxie for a while now which does exactly the same. You can run any app you want in a sand box & it can only read files from your hard drive. All new files which are written go in to the sand box. If you want to keep a file you have to go in to the sand box and move it out yourself.

    So Symantec have finally copied it & HP are installing it as standard on a new laptop, whoop-de-do. I bet like all toher Symantec crap it's bloated & slow to run.

  28. Ewen Bruce
    Linux

    Spin spin spin!!!!

    An application in a sandbox? that would be local application streaming then. Hardly news is it? Nice work by the marketing department though

  29. Marvin the Martian
    Coat

    Can we combine it with the Dell offer?

    Can we mebby not get Firefox but in Spanish for only 0.01euro?

  30. Anonymous Coward
    Linux

    For Windows Only !

    For other OS's: not required.

  31. Rick
    Thumb Up

    need a consumer version now

    as a user of norton 360 2.0 they need to create a module for the home pc that would be great!!

  32. Anonymous Coward
    Flame

    Perfect for an Anti-MS dig!

    Right lets get this in before anyelse.

    "Why did they pick FF? Oh yes, the source is available to POC this little idea, unlike closed source IIE!"

    Fantastic idea, sounds like a great way to stop little Johnny from click-click-clicking Mum and Dad's PC into malware oblivion. Of course they could run Linux/MAC to stop it in it's tracks....

  33. Iain
    Thumb Up

    This is wicked!! 2.0

    I agree with DrewHew, this seems like a very sound idea. I am not uber-tech so I may not be following this correctly, but this must mean that all the Web 2.0 crap shiny nothingness so beloved of FBook and it's kin can run safely. I for one welcome our crap shiny nothingy overlords so long as they don't screw us from behind with malware et al and reduce browsing speed to a crawl.

  34. stu

    thinstall

    title says it all. owned by vmware now. I use it all the time for the same reason and/or portability of apps.

    stu

  35. Mark Flingstone

    sandbox

    HP engineers finally let world+dog know where they kept their heads while sandboxie got up to release 3.30.

    Yeah, you got it. In the sandbox.

    On the other hand, since it's already been available for a while, there are ample margins for early birds to be granted a patent for it by USPTO.

  36. Dave

    So basically....

    It's running in a chroot..... so whats new about that? You could also single serve the app from an isolated RDP/Citrix/SeamlessRDP/X11 server and just have it auto-format every night.

    You could run your workstations on live CDs....or heaven forbid...thin clients!

  37. Anonymous Coward
    Anonymous Coward

    @ DrewHew

    Yes, you are. As long as stupid people are allowed to use computers, there will be malware, viruses and phishing.

  38. Jason

    Is it not the same as

    just using Portable Firefox on a USB Stick? Or even using Portable Firefox in a Folder on a PC?

    Maybe I am just missing something

  39. Tom

    This is revolutionary!

    Wait a sec! ...

    man 4 jail

  40. Harry Stottle

    I too use Sandboxie

    And I have had about 2 dozen of my users and clients using it without major incident for about 3 months. What I particularly like about it is the configurability (like being able to give access rights selectively to trusted programs) and the option to run ANY program inside the sandbox - which means you can test for nasty side effects before it screws up your system.

    Only last night, ferinstance, I used it to test what RealPlayer 11 wanted to install on my system before I let it do so for real. (Answer: 1217 files in about 100 new locations, most of which were utterly unnecessary)

  41. A. Lloyd Flanagan
    Pirate

    So now we know what it takes

    ... to fix the problems of the Windows registry. What a engineering disaster that thing is. Somebody had one good idea and then implemented it just as poorly as they possibly could.

This topic is closed for new posts.

Other stories you might like