RE: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection

Hi Joxean,

I can open any spyware, virus, or other malware in my browser and not
infect my computer. This is as a local administrator, with
Active-X/Java/Javascript enabled in the browser. Also, I can open any
infected downloaded file (as long as it's in the GreenBorder files
directory) and not infect my computer. The next version will have
activity lights which indicate attempts to modify registry, filesystem,
etc. depending on what the product manager (and feedback) decides, which
is useful for determining what the heck some particular application is
attempting.

The advantage is that this is proactive protection, this effectively
provides 'gloves' for handling internet content, whereas AV or AS, since
they're detection-based, are like 'flu shots'. If you see a toddler
about to touch a dead animal, it's best they're wearing gloves rather
than being up to date on their shots.

Virtualizing at the application level is not as intrusive as sandboxing
techniques. Virtualization provides the ability to enumerate or read
selected real resources, and the protection is more transparent to the
user.

Bill Stout

-----Original Message-----
From: Joxean Koret [mailto:joxeankoret@xxxxxxxx]
Sent: Thursday, June 08, 2006 10:57 AM
To: Full Disclosure
Cc: Bill Stout
Subject: [Full-disclosure] Want to test this desktop barrier?
(Unauthorized offer) 0day protection

Hi,

We don't determine what application running in the virtual environment
is malicious or not, so therefore this is not a replacement for
signature based protection systems. Most anything can run in the
environment, it just can't modify local resources. This is great
protection for 0-day exploits, and lets administrators wait to apply
patches off-hours.

So it is a propietary application like the Open Source Winpooch
(http://winpooch.free.fr/home/) that can't be use with an antivirus to
have real protection as Winpooch does.

Sorry but, Is there any advantage?

--
Zer gutxi balio duen langileen bizitza

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Making Outpost work
    ... > I am finding it quite hard configuring this firewall. ... > my Opera browser gets blocked whenever my third-party clipboard ... > worse i don't know how to prevent Outpost blocking the browser at ... protection - others are: a good antivirus program, ...
    (comp.security.misc)
  • Re: Making Outpost work
    ... > I am finding it quite hard configuring this firewall. ... > my Opera browser gets blocked whenever my third-party clipboard ... > worse i don't know how to prevent Outpost blocking the browser at ... protection - others are: a good antivirus program, ...
    (comp.security.firewalls)
  • Re: Making Outpost work
    ... > I am finding it quite hard configuring this firewall. ... > my Opera browser gets blocked whenever my third-party clipboard ... > worse i don't know how to prevent Outpost blocking the browser at ... protection - others are: a good antivirus program, ...
    (alt.computer.security)
  • Can the Recycler File be deleted
    ... History eraser solved my IE History problem.. ... further protection installed FireFox Browser... ... Ran House calls, it found a virus, which all the other programs including ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Spam vs. virus
    ... as MS Blaster and other worms that can infect without opening a file on your ... > The worst part of all this is that some computer experts ... > via the built in Windows Messenger Service, ... > virus/ad protection? ...
    (microsoft.public.security.virus)