RE: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
- From: "Bill Stout" <bill.stout@xxxxxxxxxxxxxxx>
- Date: Thu, 8 Jun 2006 11:02:37 -0700
I can open any spyware, virus, or other malware in my browser and not
infect my computer. This is as a local administrator, with
infected downloaded file (as long as it's in the GreenBorder files
directory) and not infect my computer. The next version will have
activity lights which indicate attempts to modify registry, filesystem,
etc. depending on what the product manager (and feedback) decides, which
is useful for determining what the heck some particular application is
The advantage is that this is proactive protection, this effectively
provides 'gloves' for handling internet content, whereas AV or AS, since
they're detection-based, are like 'flu shots'. If you see a toddler
about to touch a dead animal, it's best they're wearing gloves rather
than being up to date on their shots.
Virtualizing at the application level is not as intrusive as sandboxing
techniques. Virtualization provides the ability to enumerate or read
selected real resources, and the protection is more transparent to the
From: Joxean Koret [mailto:joxeankoret@xxxxxxxx]
Sent: Thursday, June 08, 2006 10:57 AM
To: Full Disclosure
Cc: Bill Stout
Subject: [Full-disclosure] Want to test this desktop barrier?
(Unauthorized offer) 0day protection
We don't determine what application running in the virtual environment
is malicious or not, so therefore this is not a replacement for
signature based protection systems. Most anything can run in the
environment, it just can't modify local resources. This is great
protection for 0-day exploits, and lets administrators wait to apply
So it is a propietary application like the Open Source Winpooch
(http://winpooch.free.fr/home/) that can't be use with an antivirus to
have real protection as Winpooch does.
Sorry but, Is there any advantage?
Zer gutxi balio duen langileen bizitza
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
- Next by Date: [Full-disclosure] NewsForge Article: Can the malware industry be trusted?
- Previous by thread: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
- Next by thread: [Full-disclosure] [SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service