Security Software Slaps IE In "Sandbox" To Ward Off Threats

A California company better known for "sandbox"-style security aimed at enterprises on Tuesday launched consumer software that puts Internet Explorer in a protected virtual machine. The approach blocks some malware from reaching the operating system and lets users "wipe" the browser slate clean to return IE to a pristine state.

GreenBorder Technologies' same-named GreenBorder Pro uses virtualization-like technologies to separate IE from the rest of the system, so that if malicious software does execute, it doesn't actually touch the computer. Instead, it runs only within the "sandbox," which can be "dumped" with a click.

"But this is much more than just virtualization," argued Bernard Harguindeguy, GreenBorder's chief executive, as he cited other security provisions in the product, such as a feature that scrubs the system of personal data after an online transaction. The software also blocks keyloggers from capturing keystrokes, and cloaks all files and system resources so that they're invisible to attacks, and thus safe from remote access or modification.

The software, which is based on the Mountain View, Calif. developer's GreenBorder for the Enterprise product, is a better security solution, said Harguindeguy, than Windows Vista's upcoming User Account Control (UAC) feature, which also has a goal of making silent, drive-by malware downloads less dangerous.

"There's a trade-off in usability [with UAC]," he said. "But GreenBorder doesn't sacrifice the user experience. It never puts a question or a pop-up in front of users, and doesn't make them change their browsing behavior in any way."Changes made by malicious code during an IE session are automatically erased when the user logs off or clicks the "Clean and Reset GreenBorder" button. During an Internet session with GreenBorder engaged, a small green frame encloses IE.

But GreenBorder Pro isn't a security panacea, as even Harguindeguy admitted. Socially-engineered attacks -- such as the cons typically run by phishers to get users to bogus sites where they're duped into divulging bank or credit account numbers -- are as effective as ever.

"We're like a bodyguard," said Harguindeguy. "We'll stop someone from stealing your wallet. But if you take your wallet out yourself and hand over cash, we can't do much about it."

Security analyst Richard Stiennon of IT-Harvest agreed, and then some. "It'll stop Web attacks, and those that 'bleed over' into other vulnerable applications, but it can't do anything against phishing attacks," said Stiennon.

"Virtualization like this has been a common [security] approach," he went on, "especially in high-security applications like the military. But it's never caught on in the enterprise or with consumers."It's just easier not to use Internet Explorer rather than use something like this."

GreenBorder picked IE to support straight out the gate for obvious reasons: new vulnerabilities are frequently added to Microsoft's list, and even with competition from Mozilla's Firefox, it remains the leading browser by a mile. But Harguindeguy said that support for IE rivals will be quick in coming, with Firefox next on the list.

GreenBorder Pro is sold in an annual subscription of $49.95, but the company will give away a year's sub to the first 10,000 copies downloaded from its Web site.

The program requires Microsoft Windows XP SP1 or SP2, or Windows 2000 SP4, and Internet Explorer 6.0 or later.