Vista & Internet Explorer 7

IE7 can already function in protected mode (AKA lorie)

This only works in Vista but works very well.

In order to escape the virtual sandbox of 'lorie' only the user of the machine can knowingly allow this to happen.

If an online app needs to write to a directory then it gets a

virual enviroment all in the temporary internet files folder which gets flushed anyway.

Vista then gives the user another 3 levels of protection.

MIC- Mandatory Integrity Control, UIP-User Interface priviledge & of course that big anoying thingy the UAC.

Even if a user is a member of the admin group and tried to run an application. It will always run as if they were in a limited account- this prevents write to places such as the registry, program files, windows folder.

It will also isolate applications from each other in memory therby reducing the risk of syphening data.

Any applcations that do run and want to embed themselves in Vista through registry entries and file plants are also restricted by the principle of least priviledge.

Finally if a virus does happen to get past all this and try to embed itself in Vista it will probably get stuck in a virtual enviroment anyway since the PCA will redirect protected write requests to a virtualstore.

Although playing dice with backward compatibility ("Microsoft's Biggest asset"-Bill Gates, March 2006)

MS are trying to enter a world where people opting for admin rights is a thing of the past & reduce the need for apps to embed themelves in the core makeup of MS Windows.

If you read this far then you are a pure geek!!!!

Sandboxes - a start.

Well it's a start.

Sandboxes can work, but it takes more than virtualizing the environment and putting the browser in the virtual space.

If the sandbox contains persistent storage for use inside the sand box, then although it's a smaller universe, malware can still inhabit it.

If the sandbox has a mechanism to allow items to be moved through a gate to the real environment, that's an exploit waiting to happen.

Phishing inside the sandbox environment can still obtain information useful to hack the system outside the sandbox. People commonly use the same password for everything. Oops.

Safe browsing requires a few things. A secure sandbox is one of them. By secure I mean that there is a practical air-gap around the sand box. The virtual environment has to be locked so well that it isn't possible for things to be transferred from within. Nothing, not even a screen-shot. There can be no persistent storage within the sandbox, persistent storage attracts malware and phishing attempts.

What else? Ah, commercial transactions. We need to use transaction based card numbers that are valid only during the one specific transaction. Several card companies already do something like this. The number if valid only for a very short time. It's like being issued with a new credit card for each transaction, and that card expiring as soon as it's used. That way it's more or less impossible for someone to capture your card number, since you never give it.

Downloads. I hate downloads. I hate auto installing extensions and controls, everyone should hate these horribly dangerous things. We assume that they will do as they say. What if they don't? While it's impossible to catch and prevent every attempt at malware distribution since you don't know it's there until it's there. Requiring executable files to be sent as encrypted files that need a key to decrypt, makes it easier to know who you are getting something from, and makes it harder for a black hat to replace your happy extension with an unhappy one. The key requirement has either a second session to retrieve the correct key, or an email from the source of the download with the key. It's not as convinient as say, one click installing, but it will prevent my father in law from getting another 1500 viral infections from all those wonderful clicks he performs.

Email? Email is perfectly OK as long as it's not possible to send an email that results in the autoexecution of anything. So, out goes almost all the HTML crap in emails, perhaps something nice and passive like Rich Text format with a few passive HTML extensions would suffice? If people must send attachments, they can be automatically tagged with the execute disable bit when downloaded to the client.

Yeah, I know this all sounds very painful, but so are the effects of viral infection, phishing, malware and ID theft. Which pain do we prefer? It's not possible to continue the unfettered access model, it's just too damn easy for people to do bad things. We need to completely re-evaluate how we use the 'Net, and what the 'Net is for.

The true and fundamental problem is that ant data storage and retrieval system can be hacked. Even a system with a physical air gap is vulnerable to the insider. We have to find a way to make systems secure enough to deter all but the most well financed and persistent attackers. And that is a moving target. What is possible today was impossible yesterday. WEP can be cracked in about 60 seconds today. When WEP was first mooted, it could not be. However being based on weak encryption and poorly thought out security measures, WEP now has all the security value of wet tissue paper. It might be a good example of a bad standard, but it's also a good example of how security is temporary and we cannot rely on the same countermeasures forever.

Perhaps the most beneficial security measure would be to change the mid set of every user on the 'Net. Oh, wait, perhaps I can turn back the tides first, it might be easier.

Mmmm - Google - Safe browsing

Is this software designed that so people can't steal personal information and store it for 2 years plus?

Oops sorry, thats Googles policy, not a hackers....