- Related Stories
-
PayPal fixes phishing hole
June 16, 2006 -
Online threats outpacing law crackdowns
June 15, 2006 -
Yahoo launches customized IE 7 beta
June 12, 2006 -
Microsoft calls on consumers to test IE 7
April 24, 2006
GreenBorder Technologies, a venture-backed start-up, plans to release on Tuesday a consumer security tool that puts Microsoft's IE in a virtual sandbox. Called GreenBorder Pro, the product uses virtualization technology similar to what researchers at antivirus companies have been using for years. In a virtual environment, malicious software is allowed to execute, but it can't touch the underlying operating system.
"We provide a safe environment for running IE," said Jim Fulton, vice president of marketing at Mountain View, Calif.-based GreenBorder. "You can literally go to any Web site, even if it is full of exploits, full of nasty stuff, (and) GreenBorder will keep it isolated from your machine."
Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users. However, some security experts have likened it to Swiss cheese, because of the many security flaws in it. The browser has been the target of many cyberattacks, and some Web surfers have switched to alternatives Firefox and Opera.
But GreenBorder sees opportunity in making IE safer. Its security tool is designed to protect against Web-based threats such as surreptitious installations of Trojan horses and other malicious software. Cybercriminals increasingly use information-stealing malicious code in attacks, according to a recent report from the Anti-Phishing Working Group.
If a GreenBorder user visits a site and sets off malicious software there, the code will actually run and can do such things as changing the user's home page.
But any change will be erased after the person logs out or hits the "Clean and Reset GreenBorder" button in the software. "Then the slate gets wiped clean, instantly," Fulton said.
GreenBorder is not a cure-all for Web-based attacks. It helps if sites try to surreptitiously install keystroke loggers or screen grabbers, but cannot protect people from themselves--often seen as the weakest link in PC security by experts. Cybercriminals often use "social engineering" techniques, or cons, to try to persuade potential victims to download risky software, rather than sneak it onto the PC. And even with the tool installed, an IE user can still install software from the Web and have it run on their PC, if it's outside the virtualized environment.
"If you download something from a place you trust, you can remove GreenBorder's protection from the downloaded file with a click," Fulton said.
The product also has no shield against traditional phishing schemes, which use fraudulent Web sites to trick people into typing in their personal information.
"We keep Internet pickpockets from stealing the wallet out of your pocket. But if you take it out and hand your money over to them, that is not something we can help with," Fulton said.
Indeed, GreenBorder fails to protect against most real threats, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. "The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.
"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said. "If you're a frequent shareware or freeware site user, it is not likely to help you."
When the tool is run, a green border is displayed around IE and the PC might run a bit slower. The product will get competition from Microsoft, which is working to fortify IE. The next version of the widely used Web browser also runs in a type of sandbox, where anything that runs in the browser can't touch the rest of the system.
GreenBorder Pro will cost $49.95 per year. A shield for files sent and received via instant messaging or run from USB drives costs an additional $14.95 per year. As a special promotion, the first 10,000 people who download the software will get a year of use at no cost.
See more CNET content tagged:
GreenBorder,
malicious software,
Microsoft Internet Explorer,
attack,
environment
That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Call me crazy but I believe in most cases if a user "invokes" malware they don't realize what they are invoking will have bad consequences. Car accidents happen every day but not because people decide they're going to get into a wreck on their way to work....and car manufacturers still pour money into making safer cars. Why not do the same for the Internet?
That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Call me crazy but I believe in most cases if a user "invokes" malware they don't realize what they are invoking will have bad consequences. Car accidents happen every day but not because people decide they're going to get into a wreck on their way to work....and car manufacturers still pour money into making safer cars. Why not do the same for the Internet?
Being the most used does not make something the most popular.
"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.
If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
Being the most used does not make something the most popular.
"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.
If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
http://www.techknowcafe.com/content/view/554/42/
http://www.techknowcafe.com/content/view/554/42/
More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.
http://juice.altiris.com/svs
I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I don?t think that is one of the things virtualizing is meant for.
More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.
http://juice.altiris.com/svs
I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I don?t think that is one of the things virtualizing is meant for.
It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.
Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.
As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.
On the other hand, there are lots of free products that can do the job just as well:
1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.
2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search & Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
That's news to me. Where are you getting your information?
It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.
Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.
As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.
On the other hand, there are lots of free products that can do the job just as well:
1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.
2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search & Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
That's news to me. Where are you getting your information?
Utilising your car analogy, if your car tyres were slashed by a vandal or its windows were broken, would you blame Ford for not making the windows strong enough, or Goodyear for making tyres that could be cut open? Clearly, rational people would not blame the manufacturer for the damage, but the vandal.
Cars, by their very nature are open to vandalism especially when parked in unsavoury neighbourhoods. Similarly, IE (and all other browsers including Firefox and Opera) and ALL operating systems are inherently vulnerable to attack due to the need to exchange data over the internet. No browser and no OS can ever be completely secure, so please stop having a go at Microsoft. Studies have shown, unequivocally, that Microsoft software is not coded any more badly than other software - Mac OS X and Linux are equally as vulnerable. The propensity of exploits available for MS software has arisen through a desire by hackers/virus-writers to cause maximum damage or generate maximum profits.
In conclusion, I would advise that people generally observe your car analogy - vent your anger at the low-life scum who get kicks (or money) out of making other peoples lives a misery (whether that be through vandalising cars or hacking computers) instead of blaming the manufacturers.
Utilising your car analogy, if your car tyres were slashed by a vandal or its windows were broken, would you blame Ford for not making the windows strong enough, or Goodyear for making tyres that could be cut open? Clearly, rational people would not blame the manufacturer for the damage, but the vandal.
Cars, by their very nature are open to vandalism especially when parked in unsavoury neighbourhoods. Similarly, IE (and all other browsers including Firefox and Opera) and ALL operating systems are inherently vulnerable to attack due to the need to exchange data over the internet. No browser and no OS can ever be completely secure, so please stop having a go at Microsoft. Studies have shown, unequivocally, that Microsoft software is not coded any more badly than other software - Mac OS X and Linux are equally as vulnerable. The propensity of exploits available for MS software has arisen through a desire by hackers/virus-writers to cause maximum damage or generate maximum profits.
In conclusion, I would advise that people generally observe your car analogy - vent your anger at the low-life scum who get kicks (or money) out of making other peoples lives a misery (whether that be through vandalising cars or hacking computers) instead of blaming the manufacturers.
My workplace (10,000+ employees) now exclusively uses IE. We don't even code for other browsers. I and everyone I know use IE exclusively.
After reading a rave review of Firefox, I tried that browser and found all the hoopla to unwarranted. There were a few nice features, but overall the browser just felt second rate in comparison to IE. There were several sites that I use regularly that wouldn't even load in Firefox.
Microsoft and Internet Explorer may be far from perfect, but I think fd359 (writer of the post I am responding to) is who needs to check the statistics.
My workplace (10,000+ employees) now exclusively uses IE. We don't even code for other browsers. I and everyone I know use IE exclusively.
After reading a rave review of Firefox, I tried that browser and found all the hoopla to unwarranted. There were a few nice features, but overall the browser just felt second rate in comparison to IE. There were several sites that I use regularly that wouldn't even load in Firefox.
Microsoft and Internet Explorer may be far from perfect, but I think fd359 (writer of the post I am responding to) is who needs to check the statistics.
- Browser security
-
by thedreaming
June 29, 2006 8:57 AM PDT
- Every broswer has their own set of flaws. Their respective manufacturers do their best to fix these flaws as fast as they can, but in the end, if a user downloads and runs a program that contains spyware/malware, then that's not the fault of the browser, it's the fault of the user.
-
Reply to this comment
-
(56 Comments)