June 26, 2006 12:55 PM PDT

Border patrol for Internet Explorer

A security start-up is borrowing a technique from the research labs to try to give Internet Explorer PCs relief from Web-based attacks.

GreenBorder Technologies, a venture-backed start-up, plans to release on Tuesday a consumer security tool that puts Microsoft's IE in a virtual sandbox. Called GreenBorder Pro, the product uses virtualization technology similar to what researchers at antivirus companies have been using for years. In a virtual environment, malicious software is allowed to execute, but it can't touch the underlying operating system.

"We provide a safe environment for running IE," said Jim Fulton, vice president of marketing at Mountain View, Calif.-based GreenBorder. "You can literally go to any Web site, even if it is full of exploits, full of nasty stuff, (and) GreenBorder will keep it isolated from your machine."

Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users. However, some security experts have likened it to Swiss cheese, because of the many security flaws in it. The browser has been the target of many cyberattacks, and some Web surfers have switched to alternatives Firefox and Opera.

But GreenBorder sees opportunity in making IE safer. Its security tool is designed to protect against Web-based threats such as surreptitious installations of Trojan horses and other malicious software. Cybercriminals increasingly use information-stealing malicious code in attacks, according to a recent report from the Anti-Phishing Working Group.

If a GreenBorder user visits a site and sets off malicious software there, the code will actually run and can do such things as changing the user's home page.

GreenBorder

But any change will be erased after the person logs out or hits the "Clean and Reset GreenBorder" button in the software. "Then the slate gets wiped clean, instantly," Fulton said.

GreenBorder is not a cure-all for Web-based attacks. It helps if sites try to surreptitiously install keystroke loggers or screen grabbers, but cannot protect people from themselves--often seen as the weakest link in PC security by experts. Cybercriminals often use "social engineering" techniques, or cons, to try to persuade potential victims to download risky software, rather than sneak it onto the PC. And even with the tool installed, an IE user can still install software from the Web and have it run on their PC, if it's outside the virtualized environment.

"If you download something from a place you trust, you can remove GreenBorder's protection from the downloaded file with a click," Fulton said.

The product also has no shield against traditional phishing schemes, which use fraudulent Web sites to trick people into typing in their personal information.

"We keep Internet pickpockets from stealing the wallet out of your pocket. But if you take it out and hand your money over to them, that is not something we can help with," Fulton said.

Indeed, GreenBorder fails to protect against most real threats, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. "The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said. "If you're a frequent shareware or freeware site user, it is not likely to help you."

When the tool is run, a green border is displayed around IE and the PC might run a bit slower. The product will get competition from Microsoft, which is working to fortify IE. The next version of the widely used Web browser also runs in a type of sandbox, where anything that runs in the browser can't touch the rest of the system.

GreenBorder Pro will cost $49.95 per year. A shield for files sent and received via instant messaging or run from USB drives costs an additional $14.95 per year. As a special promotion, the first 10,000 people who download the software will get a year of use at no cost.

See more CNET content tagged:
GreenBorder, malicious software, Microsoft Internet Explorer, attack, environment

56 comments

Join the conversation!
Add your comment
The truth.
"The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.


That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Posted by news_reader (32 comments )
Reply Link Flag
re: The Truth
Come on -- how often does a user INTENTIONALLY invoke malware ("I think I'll give myself a virus or let my password get stolen today")?

Call me crazy but I believe in most cases if a user "invokes" malware they don't realize what they are invoking will have bad consequences. Car accidents happen every day but not because people decide they're going to get into a wreck on their way to work....and car manufacturers still pour money into making safer cars. Why not do the same for the Internet?
Posted by newsscanner (2 comments )
Link Flag
Bologna!
Does someone pay you to write such Boloney?
Posted by Mister C (423 comments )
Link Flag
The truth.
"The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.


That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Posted by news_reader (32 comments )
Reply Link Flag
re: The Truth
Come on -- how often does a user INTENTIONALLY invoke malware ("I think I'll give myself a virus or let my password get stolen today")?

Call me crazy but I believe in most cases if a user "invokes" malware they don't realize what they are invoking will have bad consequences. Car accidents happen every day but not because people decide they're going to get into a wreck on their way to work....and car manufacturers still pour money into making safer cars. Why not do the same for the Internet?
Posted by newsscanner (2 comments )
Link Flag
Bologna!
Does someone pay you to write such Boloney?
Posted by Mister C (423 comments )
Link Flag
Bad idea
because it will make the uninformed less cautious which could end up creating substantially more problems
Posted by volterwd (466 comments )
Reply Link Flag
Bad idea
because it will make the uninformed less cautious which could end up creating substantially more problems
Posted by volterwd (466 comments )
Reply Link Flag
Clarifications
"Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users."

Being the most used does not make something the most popular.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.

If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
Posted by FOSS4evR (25 comments )
Reply Link Flag
Clarifications
"Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users."

Being the most used does not make something the most popular.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.

If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
Posted by FOSS4evR (25 comments )
Reply Link Flag
IE
Attacks on IE? That's why IE is losing marketshare to Firefox.
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/554/42/" target="_newWindow">http://www.techknowcafe.com/content/view/554/42/</a>
Posted by mystereojones (46 comments )
Reply Link Flag
IE
Attacks on IE? That's why IE is losing marketshare to Firefox.
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/554/42/" target="_newWindow">http://www.techknowcafe.com/content/view/554/42/</a>
Posted by mystereojones (46 comments )
Reply Link Flag
This is not a new idea.
I dont know why people would make such a big deal about this "new idea" to virtualization apps. A company called Altiris offers a product called SVS. Instead of just virtualizing Internet Explorer, it will virtualize almost any app. I think it is a far better solution then just virtualizing Internet Explorer.

More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.

<a class="jive-link-external" href="http://juice.altiris.com/svs" target="_newWindow">http://juice.altiris.com/svs</a>

I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I dont think that is one of the things virtualizing is meant for.
Posted by SVSpoweruser (2 comments )
Reply Link Flag
This is not a new idea.
I dont know why people would make such a big deal about this "new idea" to virtualization apps. A company called Altiris offers a product called SVS. Instead of just virtualizing Internet Explorer, it will virtualize almost any app. I think it is a far better solution then just virtualizing Internet Explorer.

More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.

<a class="jive-link-external" href="http://juice.altiris.com/svs" target="_newWindow">http://juice.altiris.com/svs</a>

I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I dont think that is one of the things virtualizing is meant for.
Posted by SVSpoweruser (2 comments )
Reply Link Flag
Nine out of Ten use IE?
Once again another CNET reporter is not up to date with his figures. At one time it was 90% on Windows. That was a long time ago.

It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.

Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.

As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.

On the other hand, there are lots of free products that can do the job just as well:

1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.

2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search &#38; Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
Posted by Maccess (610 comments )
Reply Link Flag
Got link?
&gt;&gt;It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.&lt;&lt;
That's news to me. Where are you getting your information?
Posted by Christopher Hall (1205 comments )
Link Flag
Nine out of Ten use IE?
Once again another CNET reporter is not up to date with his figures. At one time it was 90% on Windows. That was a long time ago.

It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.

Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.

As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.

On the other hand, there are lots of free products that can do the job just as well:

1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.

2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search &#38; Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
Posted by Maccess (610 comments )
Reply Link Flag
Got link?
&gt;&gt;It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.&lt;&lt;
That's news to me. Where are you getting your information?
Posted by Christopher Hall (1205 comments )
Link Flag
What if IE was a car?
This is the equvilant of an auto maker not including crumple zones, seat belts, air bags and list of other safty features in their car when they should. And some third party company making some massive baloon/styrofrom contraption to surround your car so if you get in an accident you won't be injured. Here is an idea, how about getting security minded programmers to fix the issue before it is an issue. Who wants to run extra programs to run one program saftly? This program still won't work for the computer incompitant who won't know how to install or run it.
Posted by TooMuchStout (8 comments )
Reply Link Flag
If IE was a car...
Your post was illogical and incongrous (and you should learn how to spell before criticising others).

Utilising your car analogy, if your car tyres were slashed by a vandal or its windows were broken, would you blame Ford for not making the windows strong enough, or Goodyear for making tyres that could be cut open? Clearly, rational people would not blame the manufacturer for the damage, but the vandal.

Cars, by their very nature are open to vandalism especially when parked in unsavoury neighbourhoods. Similarly, IE (and all other browsers including Firefox and Opera) and ALL operating systems are inherently vulnerable to attack due to the need to exchange data over the internet. No browser and no OS can ever be completely secure, so please stop having a go at Microsoft. Studies have shown, unequivocally, that Microsoft software is not coded any more badly than other software - Mac OS X and Linux are equally as vulnerable. The propensity of exploits available for MS software has arisen through a desire by hackers/virus-writers to cause maximum damage or generate maximum profits.

In conclusion, I would advise that people generally observe your car analogy - vent your anger at the low-life scum who get kicks (or money) out of making other peoples lives a misery (whether that be through vandalising cars or hacking computers) instead of blaming the manufacturers.
Posted by a85 (104 comments )
Link Flag
What if IE was a car?
This is the equvilant of an auto maker not including crumple zones, seat belts, air bags and list of other safty features in their car when they should. And some third party company making some massive baloon/styrofrom contraption to surround your car so if you get in an accident you won't be injured. Here is an idea, how about getting security minded programmers to fix the issue before it is an issue. Who wants to run extra programs to run one program saftly? This program still won't work for the computer incompitant who won't know how to install or run it.
Posted by TooMuchStout (8 comments )
Reply Link Flag
If IE was a car...
Your post was illogical and incongrous (and you should learn how to spell before criticising others).

Utilising your car analogy, if your car tyres were slashed by a vandal or its windows were broken, would you blame Ford for not making the windows strong enough, or Goodyear for making tyres that could be cut open? Clearly, rational people would not blame the manufacturer for the damage, but the vandal.

Cars, by their very nature are open to vandalism especially when parked in unsavoury neighbourhoods. Similarly, IE (and all other browsers including Firefox and Opera) and ALL operating systems are inherently vulnerable to attack due to the need to exchange data over the internet. No browser and no OS can ever be completely secure, so please stop having a go at Microsoft. Studies have shown, unequivocally, that Microsoft software is not coded any more badly than other software - Mac OS X and Linux are equally as vulnerable. The propensity of exploits available for MS software has arisen through a desire by hackers/virus-writers to cause maximum damage or generate maximum profits.

In conclusion, I would advise that people generally observe your car analogy - vent your anger at the low-life scum who get kicks (or money) out of making other peoples lives a misery (whether that be through vandalising cars or hacking computers) instead of blaming the manufacturers.
Posted by a85 (104 comments )
Link Flag
9 out of 10 use IE?
Yeah right!! I am in an extremely competitive field of work doing internet security. I have people that whine and complain about not being able to see certain sites. Knowing what I do about IE, I would be remiss to not warn people about the issues with it. There are other equally cabable browsers with fewer security concerns too. If I wrote an article such as the any of these last ones, I would be laughed at and sent packing. Working with computers is a double edged sword. One wrong glance and suddenly you are not flavour of the month. Kindly REWRITE this article to reflect the real issues and the real statistics. This is not the sixth grade now is it?
Posted by fd359 (3 comments )
Reply Link Flag
others aren't tested enough (unknown flaws?)
I personally put more trust in IE, which is being attacked regularly and feverishly and changed to protect against those attacks, than other browsers that are seldom attacked (put to the test).

My workplace (10,000+ employees) now exclusively uses IE. We don't even code for other browsers. I and everyone I know use IE exclusively.

After reading a rave review of Firefox, I tried that browser and found all the hoopla to unwarranted. There were a few nice features, but overall the browser just felt second rate in comparison to IE. There were several sites that I use regularly that wouldn't even load in Firefox.

Microsoft and Internet Explorer may be far from perfect, but I think fd359 (writer of the post I am responding to) is who needs to check the statistics.
Posted by BengalTigger (36 comments )
Link Flag
9 out of 10 use IE?
Yeah right!! I am in an extremely competitive field of work doing internet security. I have people that whine and complain about not being able to see certain sites. Knowing what I do about IE, I would be remiss to not warn people about the issues with it. There are other equally cabable browsers with fewer security concerns too. If I wrote an article such as the any of these last ones, I would be laughed at and sent packing. Working with computers is a double edged sword. One wrong glance and suddenly you are not flavour of the month. Kindly REWRITE this article to reflect the real issues and the real statistics. This is not the sixth grade now is it?
Posted by fd359 (3 comments )
Reply Link Flag
others aren't tested enough (unknown flaws?)
I personally put more trust in IE, which is being attacked regularly and feverishly and changed to protect against those attacks, than other browsers that are seldom attacked (put to the test).

My workplace (10,000+ employees) now exclusively uses IE. We don't even code for other browsers. I and everyone I know use IE exclusively.

After reading a rave review of Firefox, I tried that browser and found all the hoopla to unwarranted. There were a few nice features, but overall the browser just felt second rate in comparison to IE. There were several sites that I use regularly that wouldn't even load in Firefox.

Microsoft and Internet Explorer may be far from perfect, but I think fd359 (writer of the post I am responding to) is who needs to check the statistics.
Posted by BengalTigger (36 comments )
Link Flag
Browser security
Every broswer has their own set of flaws. Their respective manufacturers do their best to fix these flaws as fast as they can, but in the end, if a user downloads and runs a program that contains spyware/malware, then that's not the fault of the browser, it's the fault of the user.
Posted by thedreaming (573 comments )
Reply Link Flag
Browser security
Every broswer has their own set of flaws. Their respective manufacturers do their best to fix these flaws as fast as they can, but in the end, if a user downloads and runs a program that contains spyware/malware, then that's not the fault of the browser, it's the fault of the user.
Posted by thedreaming (573 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.