-{ Quote: "there seems to be some mismatched expectations about the protective capabilities of keeping untrusted behaviours/applications/etc confined to a virtual machine... essentially what we're talking about here is a sandbox for untrusted things like web browsing and email... the general idea is that if you can keep the bad stuff from the internet away from your physical system and confidential information then you should be fine... unfortunately it's not that simple..." }-Kurt Wismer (http://anti-virus-rants.blogspot.com/2006/12/what-virtualization-can-and-cannot-do.html)

Ilya is everywhere these days, lol

Maybe I'm biased because I use defensewall, but I know that DW will block malware from accessing important components, whether sensitive documents or system critical files. Ilya also says DW can't be used alone, but in conjunction with a good FW, which will pretty much block most malware and zero-day exploits out there. An AV is optional with this setup, but if you can get a good and light one like avira or NOD32 then its a nice addition. I think there's a distinction between pure sandbox like sandboxie, which only isolates untrusted programs not prevents, and sandbox HIPS like geswall and DW which isolate but also prevent through rules-based.

Hello!

Thanks ronjor for that link. It was intresting read.

Kristian

-{ Quote: "Ilya is everywhere these days, lol" }-
It is an old Kurt's post.

Regarding Ilya's and Kurt's argument over semantics, basically over the terminology and classification of virtualization versus sandboxing, I agree in part with both of them. Kurt is obviously right that virtualization is more or less the same as sandboxing on a conceptual level, but just because they are incarnations of the same basic concept doesn't mean they are the same in all respects. Obviously their implementation is different, as was pointed out by Ilya below
-{ Quote: "As about virtualization- there are hardware, file system and registry ones. And we have three main streems of it:

1. VMWare, VirtualPC- harfdware virtualization tool, no sandboxing, supports registry and file system virtualization.

2. SandboxIE, GreenBorder, BufferZone- no hardware virtualization, policy-based restrictions (sandboxing), file system and registry virtualization.

3. DefenseWall HIPS, GeSWall- no hardware virtualization, policy-based restrictions (sandboxing), no file system virtualization, limited registry virtualization." }-
In this case I agree with Ilya in that the implementation should dictate the definition of the various implementations, as this is most representative of the computer security environment. Kurt's proposed terminology doesn't provide sufficient differentiation between the various implementations and thus doesn't provide a clear and coherent nominal framework upon which to discuss these matters.