Did anyone already try this new virtualization protection for P2P File Sharing?
(found @ download.com)

looks like this bufferzone virtualization protection allows you to run virus infected files with no risk while your 'actual' pc can never be attacked while no security updates ever needed (is that possible?!!)

http://www.download.com/BufferZone-Security-for-P2P-File-Sharing/3000-8022_4-10597240.html?tag=lst-0-3

looks promising, however need some more professional feedbacks.

thanks,

Steven E.

Your best bet is to start reading here (http://www.wilderssecurity.com/showthread.php?t=146764)

So what's the big deal even if it's virtualized? It still CAN, WILL, and, MIGHT steal personal information( the malware ). The only difference is that it (the malware) never gets to write to the physical drive and can be discarded with a simple reboot of the system. This sort of virtualization security should never be taken for granted and should still be used together with a good security setup.

-{ Quote: "So what's the big deal even if it's virtualized? It still CAN, WILL, and, MIGHT steal personal information( the malware ). The only difference is that it (the malware) never gets to write to the physical drive and can be discarded with a simple reboot of the system. This sort of virtualization security should never be taken for granted and should still be used together with a good security setup." }-

sorry to say, but you are wrong here. they provide a confidential folder where you can keep all your confidential files, so any malware or spyware running inside that bufferzone, can never 'see' or even access these files.

No, just an additional layer of security, see below

When you look at different HIPS, they can be characterised by the basic approaches they use. HIPS often use different approaches in one solution. That is why it is so confusing to understand them.

At the highest level there are 3 main approaches (1, 2 and 3) with each some sub-approaches (the A's and B's).

1) Using signature based reference lists.

A) black list approach
This is common in most AV and anti-spy applications

B) white list apporach
This is common part of classical HIPS applications (like SSM, Antihook, Dynamic Security Agent, ProSecurity, Process Guard, Appdefend, et cetera).

2) Using intelligent pattern recognition

A) heuristics or code patterns recognition:
These actively or passively scanning parts of code for potential malicious activity, the idea is to recognise code patterns in a intelligent way whether the code has good or bad intentions. Heuristics is becoming an important add-on to AV-programs. Some have even artificial intelligent rules engines to eveluate those code patterns.

B) behavior blocking or application/process behavior patterns.
This type of security software recognises potential dangereous behavior (like dll or data injection, or adding a hidden process/registry entry). The intelligence and limitation of this type of security software that an anomaly (strange behavior) is not per se malicious. Most of the classical HIPS also use this as a part of their security approach (e.g Antihook, SSM, PG warn/prevent when software tries to inject dll into another process). Some firewalls (like Comodo) apply this on network level and some innovative AV's have extended their heuristics with behavior blocking.

3) Seperating the execution environment.
These fall into two main classes (with each two sub-approaches). The classification gets 'blurred' because the term Sandbox and virtualisation are used together. Therefore in Netherlands we use this type of classification.

A) access right restrictions ("sand boxing")
This approach is aimed at restricting the rights the user has to perform. This type of protection has two main differences:

- The ones which only affects "privelage restriction" of programs.
Examples are DropMyRights and Amust Defender, this are also called "Sandboxes". The down side of these privelage restriction is that it also limits the user in functionality.

- The ones which also effect the "privelage restrictions" of files which are created by those programs.
Examples are GeSWall and DefenseWall. They remember the trusted or untrusted state of the files created. The advantage of this type of programs is that they use "seamless security": no restriction in functionality and no seperation of file and or operationg system. Seamless is sometimes also called virtualisation (one of the reasons for confusing).

B) Virtualisation.
This approach is aimed to allow the user to make bigger changes in the registry and file system because they do not really affect the underlying system.

- Virtualisation affecting the file system only
This type of programs seperate the virtualised applications from the file systems. So they make the changes in a seperate file layer. The changes can be turned back afterwards. Examples are Sandboxie and BufferZone. This type of programs also apply rights restrictions (in side and out side the virtualised file system).

- Virtualisation also seperating the OS-system
This type of programs seperates the virtualised system including OS from the protected system. Some applications require n another OS in the virtualised system (like VM Ware), others seperate snapshots of the same OS (First Defense ISR).

-{ Quote: "sorry to say, but you are wrong here. they provide a confidential folder where you can keep all your confidential files, so any malware or spyware running inside that bufferzone, can never 'see' or even access these files." }-

Good point. But it seems a little troublesome to me. Reminds me of a virtualization program last time, but I forgotten what it was already.

GesWall also has a confidential folder.

what aigle said :D

but as of now geswall is the only free security program (that i know of) where you can create confidential folders to keep them safe from prying eyes (i made my ENTIRE 'my documents' folder confidential).

i believe bufferzone free doesn't allow you to make a folder confidential (bufferzone home pro does though).

Yes. But the name is too obvious. :P Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else.

Very good summary Kees1958.

-{ Quote: "Yes. But the name is too obvious. :P Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else." }-
Ur point seems valid but I am not expert in this regard to comment anything.

-{ Quote: "Ur point seems valid but I am not expert in this regard to comment anything." }-

Yeah um, does geswall 2.5 still use the name 'Confidential.' ? :D;D8)

-{ Quote: "(i made my ENTIRE 'my documents' folder confidential).
" }-

Any problem by doing so?
As I remember in previous beta while using FF I used to get pop ups that FF is trying to assess confidential files and I had to deleet confidential folder to get rid of these pop ups. I told Brian and they were supposed to fix this matter. I did not get this problem with current beta. But if u put all mu docs folder then I am not sure if u are going to get pop ups again.

-{ Quote: "what aigle said :D

but as of now geswall is the only free security program (that i know of) where you can create confidential folders to keep them safe from prying eyes (i made my ENTIRE 'my documents' folder confidential).

i believe bufferzone free doesn't allow you to make a folder confidential (bufferzone home pro does though)." }-

this bufferzone security p2p file sharing freeware does enable you with a free 'confidential' folder, however in order to get that feature you need to invite 2 friends to download bufferzone as well...

Hi zopzop, as I see u have removed BufferZone, if new version is stripped down, u caould have continued with the previous version. Also I wonder why they have not announced the new version on their site so far?

@steven.edw

thanks i didn't know that. sounds like an odd (but fun) way to expand on the capibilities of the free version of bufferzone.


@aigle

the previous versions of bufferzone have problems with martin's keylogger, the ssm leaktests, killdisk type virii, and slow down. it would defeat the point of having a security app that's up to date if i kept the older version of bufferzone around :D and the current free version of bufferzone is way to limited for my tastes, that's why i didn't bother to keep it installed.

as to why they havent' announced the new version on their site, i have no clue. like stven.edw, i found bufferzone version 2.10-33 for p2p on download.com

-{ Quote: "Yeah um, does geswall 2.5 still use the name 'Confidential.' ? :D;D8)" }-
Yes, same name.

I know virtualization (OS) is great, but when you look at it, doesn't it seem ridiculous?
You run a completely separate OS within an OS because your main OS is insecure.
Why not just make the main OS more secure, or use an OS that is natively more secure?

-{ Quote: "
the previous versions of bufferzone have problems with martin's keylogger, the ssm leaktests, killdisk type virii, and slow down. it would defeat the point of having a security app that's up to date if i kept the older version of bufferzone around :D and the current free version of bufferzone is way to limited for my tastes, that's why i didn't bother to keep it installed.
" }-

As I rmember it used to stop KillDisk virus. MUK is an exception for many security software.

i thought it did too, but i'm not too sure anymore. seems pointless to use the current version of bufferzone free edition when geswall is free, more versitile, and constantly updated.

i really wish they kept bufferzone free edition the way it was before the current update. i mean they've had it that way for months (years?) and apparently they never thought it stepped on the toes of bufferzone home pro edition.

-{ Quote: "I know virtualization (OS) is great, but when you look at it, doesn't it seem ridiculous?
You run a completely separate OS within an OS because your main OS is insecure.
Why not just make the main OS more secure, or use an OS that is natively more secure?" }-

this application virtualization security seems to do exactly what you say - make the main OS more secure...

Seem they have troubles. I notice their forums to be rather inactive. There are spam post and not removed for many days.
Anyway it,s a nice product. I wish it to become more better.

me too i loved BZ. it's always good to have lot's of viable free options in software to choose from. i just hope this new free version is kind of like them testing the waters and seeing user reaction. i told them i don't like it, maybe if more users did the same they'd change it back.

-{ Quote: "this application virtualization security seems to do exactly what you say - make the main OS more secure..." }-
Okay, but why not just use a limited user account so nothing can get installed?

-{ Quote: "Okay, but why not just use a limited user account so nothing can get installed?" }-

why limit, when you can keep working as usual, install anything while keep being protected...? - sounds better to me.

-{ Quote: "why limit, when you can keep working as usual, install anything while keep being protected...? - sounds better to me." }-
They both sound like reasonable solutions to me, just different.
With application virtualization is there a "side door" that things like scripting, plugins, or video codecs could get through?

-{ Quote: "They both sound like reasonable solutions to me, just different.
With application virtualization is there a "side door" that things like scripting, plugins, or video codecs could get through?" }-

as far as I read and understand in bufferzone publisher website (trustware.com) there is no meaning for such threats as anything running in bufferzone 'thinks' it is running in the 'real' pc where it actually runs on a 'dummy' environment that only exactly 'looks' like the 'real' - so if there is a virus or so, it attacks 'dummy' targets, and this whole thing is probably running at the kernel level.

-{ Quote: "as far as I read and understand in bufferzone publisher website (trustware.com) there is no meaning for such threats as anything running in bufferzone 'thinks' it is running in the 'real' pc where it actually runs on a 'dummy' environment that only exactly 'looks' like the 'real' - so if there is a virus or so, it attacks 'dummy' targets, and this whole thing is probably running at the kernel level." }-
Sounds interesting and worth looking into. Thanks.

-{ Quote: "Yes. But the name is too obvious. :P Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else." }-

Correction - they fixed the 'Confidential' folder with their new version, they simply automatically protect 'My Documents' without naming it as 'Confidential'.

-{ Quote: "Did anyone already try this new virtualization protection for P2P File Sharing?
(found @ download.com)

looks like this bufferzone virtualization protection allows you to run virus infected files with no risk while your 'actual' pc can never be attacked while no security updates ever needed (is that possible?!!)

http://www.download.com/BufferZone-Security-for-P2P-File-Sharing/3000-8022_4-10597240.html?tag=lst-0-3

looks promising, however need some more professional feedbacks.

thanks,

Steven E." }-

Already posted that, however, I would like to tell you that I found out in castlecops.com that they run this beta program and you can get their new pro version 2.10 free of charge for beta testers.

http://www.castlecops.com/print-1-164865.html

The link to their beta program was broken so I contacted their support (support@trustware.com), provided my details and got the full version for free...

-{ Quote: "Yes. But the name is too obvious. :P Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else." }-

I may be wrong (I haven't had GesWall installed in a while) but I'm sure you can create or copy and adapt the existing rule to make any folder confidential - that way the folder can be called whatever it was named before.

I'm planning to give the latest version of GesWall a try so I'll see if I'm talking cr*p or not ;D

I really feel Bufferzone is a top notch program and just wish the free version was more flexible, but running various processes, programs, etc can still be done. And it has an advantage over 'ShadowSurfer/ShadowUser' because no reboots are required.

my bro would like to have a look at this

-{ Quote: "I know virtualization (OS) is great, but when you look at it, doesn't it seem ridiculous?
You run a completely separate OS within an OS because your main OS is insecure.
Why not just make the main OS more secure, or use an OS that is natively more secure?" }-

Yes, but some sandboxes/virtualisation programs use only acces resitiction like GeSWall and DefenseWall. Some also have file system virtualisation (SandBoxie and BufferZone). All these programs allow you to use 1 OS.

Only the true OS virtualisation programs (VM Ware) require another OS in the virtualised environment

-{ Quote: "Yes, but some sandboxes/virtualisation programs use only acces resitiction like GeSWall and DefenseWall. Some also have file system virtualisation (SandBoxie and BufferZone). All these programs allow you to use 1 OS.

Only the true OS virtualisation programs (VM Ware) require another OS in the virtualised environment" }-

the problem with true OS virtualization is that it takes a lot of your CPU and it can't communicate with your 'real' OS

-{ Quote: "the problem with true OS virtualization is that it takes a lot of your CPU and it can't communicate with your 'real' OS" }-

I only tried VM and the slow down was so bad I went back to sandboxes using no OS or File virtualisation.

-{ Quote: "Yes. But the name is too obvious. :P Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else." }-

Hi, the solution is very simple. U can change the folder name as u like and then change the name in GesWall rules as well. I tried and it works very well. No isolated( untrusted) application can access this folder. Nice

-{ Quote: "Hi, the solution is very simple. U can change the folder name as u like and then change the name in GesWall rules as well. I tried and it works very well. No isolated( untrusted) application can access this folder. Nice" }-

in bufferzone they use the 'confidential' in 'My documents' folder - they added a 'lock' icon to it