Google buys GreenBorder (soon to be free?)

http://googlesystem.blogspot.com/2007/05/google-buys-greenborder-security.html

This is really good news. I don't know how well regarded GreenBorder is compared to other security apps around here. I have no experience with it. I tried a few other Sandbox apps and didn't really like any of them. But if Google do release it for free, as I'm sure will happen, it'll be easier to use, and probably make use of Google phishing filters etc.

 

Hi all,

Google buying and making it freeware is a known marketing technique of companies with deep pockets. Because they generate enough income, they can out compete all smaller competitors (Sandboxie, BufferZone, DefenseWall GeSWall Pro).

This business pattern also learns that a large trusted company is also able to educate average consumers, wich will enlarge the market. What you will see is that the new entrant (Google) will be able to dominate this market (meaning to generate a market share of 40 to 70 percent in that market, but it will leave room for more agile/more innovating players (GeSWall, DefenseWall) when they are able to survive the 'freeware' period.

The reason I mentioned GW and DW is because I only believe in seamless (only policy rights) sandboxes for the general public/mass market. GW has an architectural advantage (being able to follow Microsoft faster) and DW is the absolute easiest to use sandbox (never had a problem with it, while GW sometimes had not accounted for complex user PC usage situations*)

* note: this did not mean GW did not protect, it "over protected" and with Brian's response usually a day later I had the solution.


We will see

 

The other current GB thread: https://www.wilderssecurity.com/showthread.php?t=174733

 

I don't think Google is doing this to compete with other companies in the security area, seeing as they have no products in this area and indeed have only a few desktop apps (Picasa, Google earth etc, all of which have been acquired btw).

I see growing awareness of antivirys/spyware apps, but outside of internet forums, I know maybe 3 people who understand the word HIPS/sandbox. And I write software! So the unwashed masses barely have any idea of this type of security product. If Google pushes it, it will grow the target market which can only be a good thing.

I'd like to continue to believe in their motto 'do no evil'. Lets see what happens.

 

Hello,

I don't think this is necessarily the best thing there is. Google have made a few things recently that sort of slightly pissed me off. I hope they get back to their usual stance of passive world domination.

I don't think their buying and re-branding existing apps is always a positive step. Take Picasa for example. It is an annoying product.

Mrk

 

Yes, that is really great news (I mean, that it is really Google) as it will push the market with their massive PR. I remember the time when Symantec have acquired AtGuard- this made the "firewall" word much more known. I assume, that soon "sandbox HIPS" word will be much more famous that nowadays. JUST GREAT!

 

Defcon,

I am not judging Google. I think Google has a firm hold on the general public, not only PC enthousiasts. This will make them a harder competitor than Netscape (they once had a marketshare of over 70% until MS entered this market) for MS.

Microsoft will be offering paid security services, AOL already offers a free version of Kapersky, so Google acquiring GreenBorder is just providing an answer for these trends/development for the future. I think it is a smart move of Google not to offer a 'me too' solution, in stead they choose for an alternative solution with less operational costs (no updating of blacklists) and higher results (in terms of protection level).

When DefenseWall (despite prejudice of HIPS dislikers) is able to create a very easy to use application, Google with their development power will also be able to create one. This will be good for the sandbox niche market, possibly providing an entry to the general audience (as long as existing players can survive the competition of a free product).

Reg K

 

It is always possible to survive in a free product competition if you offer more and eat less.

 

I remember your post a few days back talking about the lack of public awareness of sandboxing. I replied that things may change when one of the 'big boys' steps in although I had assumed it would have been a security company but at the end of the day they don't get much bigger than Google.

 

This applies to many that I help, and the fact that they are isolated from knowing about HIPS/Sandbox may not be necessarily bad (in my case, anyway).

With a good general knowledge of how malware gets into the system, and good common sense, most people don't need much other than a few basic security products.

Those who do are probably the ones who frequent the forums!

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Rmus, Defcon

Please take the consumer perspective: how many people know how their television works? You do not have to know how a Sandbox works, just what it achieves: protection against malware not (yet) in the blacklist of your AV and problably the best protection against not (yet) known security holes in your operating system.

When DefenseWall would have the known threat gate programs of GeSwall and the community function of PrevX, it would require no configuration and it does not throw any pop-ups at you, so where is the (usage complexity) pain when the PR & Marketing machine of Google will educate the average PC user?

E.M. Rogers has written some criteria for acceptance of innovations. Initially this marketing theory was used for exporting consumer products to different cultures (e.g. Coca Cola to India). Later on the IT-industry discovered that it could also be used to understand the acceptance thresholds of new services.

Answering these questions for a Sandbox (which is a lousy name to market it to general audience):

1. Is there a compelling reason to use this new software?
Yes (helped by general news coverage on new virusses and holes in XP/Vista)

2. Can the benefits easily be communicated?
Yes (the famous 10 seconds elevator pitch: "prevents malware, not known by your Antivirus, to inflict damage by restricting their rights")

3. Is it complex to use?
No (install and operate)

4. What is the first time buyer/user risk?
None, endorsed by Google and free

5. Is it compatible with existing usage behavior?
Yes and no
- Yes: normal operation is seamless
- No: new (installation) programs have to be run as trusted to work properly

6. Are there any limitations/restrictions on usage?
Yes: shoot in the foot errors are not covered. When the customer installs a program themself the Sandbox allows it. The Sandbox prevents unwanted installation of malware.

For Google a 'check validity service' like digitally signed programs or a community database check like PrevX could generate extra income on a pay per use basis. The computer illeterate could upload a new program to check whether this is a bona fide/thrustworthy program (say a check would cost 50 euro cent). This to prevent "shoot in the foot" errors of the PC user.

regards K

 

Here's the wildest of guesses: a new browser with this technology. Not Greenborder per se.

 

Hi, folks: If Google intends to make GreenBorder a very popular freeware, they may still have long way to go. As I understand, GB was not so easy to use. General pc users are average joe/jane, they have no patience to play complicated options after options. They want an app that can be navigated around their pc w/ min brain power; easy as ABC. Fewer options, less help lines and solid performance will facilitate its acceptance by general public. Everything else are talks of wishful thinkings. IMO.

 

Actually, i don't wish for anything. Google will not touch my desktop, not as long as i'm aware of.

I like to sepparate things. Google is online.

 

It is possible to implement only with OS-level development. But who need only secured browser, if people are wildly used e-mail and P2P clients? Nobody- they need universal solutions for all the threat-gate software they use.

This case, people start searching for its replacements with good names. Symantec, for instance...

 

I'm not arguing that; I'm just saying it's not the solution for everyone.

regards,

-rich

 

Common Ilya, you must have tried Opera once!

 

Opear is not common app- there is only mail and BitTorrent clients integrated.

 

I don't think it would be completely worth their while if they released it as a standalone security utility. It would be like selling bricks to condo buyers.

I believe the better application for it would be to wrap mobile desktop applications. I believe next-gen web apps would allow you to drag an icon to your desktop and run an applet offline. Using GB technology you could effectively zip-lock the app (tagged files) and run it in a secure virtual space which protects the OS from the app. The next logical step would be protect the app from the OS.

Often the second company to enter a market does better since the first company who used up most of their funds to create a market. (Sandbox) startups can 'make it' either by creating exactly what a big referable customer wants, or riding the marketing coat tails of a big company. I think the GreenBorder purchase just validated and created a new desktop sandbox security market.

 

Hi Bill,

Innovators do not always get rewarded for their effort. I agree, as said in the other post, when the (windows) OS is protected from web applications the idea of the thin client with browser based aps used on demand will be easier to implement with fat clients.

Reg K

 

Bill:

Agree, this will move the market.

 

Kees1958, I completely agree with you. In fact I made a similar post myself, about the needless complexity of security products (and computers in general).

I don't to see green/red borders. I don't want to configure 5 different apps to cover all the 'vectors of attack' (at this point we have lost 99% of the population). And I especially never ever want to see another damn popup asking me what to do about some security thing and telling me all about it in perfectly unintelligible Klingon. And people complain (rightly so) about Vista's cancel-allow fiasco. They should see some of these firewalls and HIPS.

Now I know some people like to know what's going on and want to know about every single byte being sent to every port. But they only do so because software today is not smart enough to just do its job without help from us. Imagine if we didn't have preemptive multitasking, address space protection or any of the modern OS conveniences. You'd have a popup asking you every 5ms - "Hey, is it ok for me to timeslice away to thread #242427" !!!

I don't think security software is going to go in this direction anytime soon. They're always going to emphasize added control for power users, which means more dialogs, more tickboxes and more options to configure.

 

Defcon, you do a good job summarizing the direct user feedback that we've received! Users hate splash screens, pop-up alerts, borders, useless alert messages and dialog boxes. Three reasons these things appear are; 1) Checkboxes in magazine comparison charts, 2) Branding efforts on the desktop, 3) Product meetings in unheated conference rooms.

 

Here we go ahead again. Another in another list of epedimic buy outs. Time only will tell what comes of this one too.

 

To me, what would be a useful and simple to an end user is have an normal/expert option when installing this theoretical application. After installation , you double click your browser to start it and a pop-up appears asking you if you want to run with "Google Protection" (or insert your own trendy name)? The browser runs normally and upon closing the browser, the "Sandbox" asks you if you want to save your files that your created. When you select yes, they are automatically scanned by an online scanner like VirusTotal and if safe, then they are saved on your computer.

I have never used GreenBorder, but I am very new to Sandboxie and in my opinion, these are some of the features that are missing that I have to do manually. I don't mind personally, but to a common user, features like those above are deal breakers when it comes to using an app like a sandbox. Heck, if Google made their own browser, the only pop-up needed would be the one that asks if you want to save your created files.