Google acquires 'sandbox' technology for secure browsing
Dips toe into security market
Google is acquiring GreenBorder, a Silicon Valley startup that helps protect web users against malware.
Word of the acquisition comes a week after Google inaugurated a blog devoted to online security, indicating the search king's growing interest in fighting the malware scourge.
GreenBorder claims to work with both Internet Explorer and Firefox to form a protective barrier to prevent malicious code from installing programs or accessing sensitive files on a PC. Web content is shunted into a secluded area - or "sandbox" - where files can be flushed away. This is similar to the way temporary files are disposed of once a user closes the application they are associated with.
It's unclear exactly how Google plans to use the new technology. The most likely option is to make it available as a download for users to run on their machines, in much the way Google users now use Google Desktop to manage and index files located on local hard drives. Under this scenario, Google could be seen to be elbowing its way into turf for desktop security that is now dominated by the likes of Symantec and McAfee. (Google might also add the software to its toolbar.)
Security has long been a high priority at Google. Unlike some of its competitors, the site already provides warnings when users click on links believed to lead to websites that attempt to install malware. It remains possible that Google will bake GreenBorder technology into its search engine to further insulate users from rogue URLs. ®
Vista & Internet Explorer 7
IE7 can already function in protected mode (AKA lorie)
This only works in Vista but works very well.
In order to escape the virtual sandbox of 'lorie' only the user of the machine can knowingly allow this to happen.
If an online app needs to write to a directory then it gets a
virual enviroment all in the temporary internet files folder which gets flushed anyway.
Vista then gives the user another 3 levels of protection.
MIC- Mandatory Integrity Control, UIP-User Interface priviledge & of course that big anoying thingy the UAC.
Even if a user is a member of the admin group and tried to run an application. It will always run as if they were in a limited account- this prevents write to places such as the registry, program files, windows folder.
It will also isolate applications from each other in memory therby reducing the risk of syphening data.
Any applcations that do run and want to embed themselves in Vista through registry entries and file plants are also restricted by the principle of least priviledge.
Finally if a virus does happen to get past all this and try to embed itself in Vista it will probably get stuck in a virtual enviroment anyway since the PCA will redirect protected write requests to a virtualstore.
Although playing dice with backward compatibility ("Microsoft's Biggest asset"-Bill Gates, March 2006)
MS are trying to enter a world where people opting for admin rights is a thing of the past & reduce the need for apps to embed themelves in the core makeup of MS Windows.
If you read this far then you are a pure geek!!!!
Sandboxes - a start.
Well it's a start.
Sandboxes can work, but it takes more than virtualizing the environment and putting the browser in the virtual space.
If the sandbox contains persistent storage for use inside the sand box, then although it's a smaller universe, malware can still inhabit it.
If the sandbox has a mechanism to allow items to be moved through a gate to the real environment, that's an exploit waiting to happen.
Phishing inside the sandbox environment can still obtain information useful to hack the system outside the sandbox. People commonly use the same password for everything. Oops.
Safe browsing requires a few things. A secure sandbox is one of them. By secure I mean that there is a practical air-gap around the sand box. The virtual environment has to be locked so well that it isn't possible for things to be transferred from within. Nothing, not even a screen-shot. There can be no persistent storage within the sandbox, persistent storage attracts malware and phishing attempts.
What else? Ah, commercial transactions. We need to use transaction based card numbers that are valid only during the one specific transaction. Several card companies already do something like this. The number if valid only for a very short time. It's like being issued with a new credit card for each transaction, and that card expiring as soon as it's used. That way it's more or less impossible for someone to capture your card number, since you never give it.
Downloads. I hate downloads. I hate auto installing extensions and controls, everyone should hate these horribly dangerous things. We assume that they will do as they say. What if they don't? While it's impossible to catch and prevent every attempt at malware distribution since you don't know it's there until it's there. Requiring executable files to be sent as encrypted files that need a key to decrypt, makes it easier to know who you are getting something from, and makes it harder for a black hat to replace your happy extension with an unhappy one. The key requirement has either a second session to retrieve the correct key, or an email from the source of the download with the key. It's not as convinient as say, one click installing, but it will prevent my father in law from getting another 1500 viral infections from all those wonderful clicks he performs.
Email? Email is perfectly OK as long as it's not possible to send an email that results in the autoexecution of anything. So, out goes almost all the HTML crap in emails, perhaps something nice and passive like Rich Text format with a few passive HTML extensions would suffice? If people must send attachments, they can be automatically tagged with the execute disable bit when downloaded to the client.
Yeah, I know this all sounds very painful, but so are the effects of viral infection, phishing, malware and ID theft. Which pain do we prefer? It's not possible to continue the unfettered access model, it's just too damn easy for people to do bad things. We need to completely re-evaluate how we use the 'Net, and what the 'Net is for.
The true and fundamental problem is that ant data storage and retrieval system can be hacked. Even a system with a physical air gap is vulnerable to the insider. We have to find a way to make systems secure enough to deter all but the most well financed and persistent attackers. And that is a moving target. What is possible today was impossible yesterday. WEP can be cracked in about 60 seconds today. When WEP was first mooted, it could not be. However being based on weak encryption and poorly thought out security measures, WEP now has all the security value of wet tissue paper. It might be a good example of a bad standard, but it's also a good example of how security is temporary and we cannot rely on the same countermeasures forever.
Perhaps the most beneficial security measure would be to change the mid set of every user on the 'Net. Oh, wait, perhaps I can turn back the tides first, it might be easier.
Mmmm - Google - Safe browsing
Is this software designed that so people can't steal personal information and store it for 2 years plus?
Oops sorry, thats Googles policy, not a hackers....