Google buys GreenBorder (soon to be free?)

If someone wants something like Greenborder it is far better to get VMWare. Greenborder was awful IMO. I couldn't stand it or any product like it. It slowed browsing, didn't work on Fx when I tried it, ate lots of resources. I never shut my browsers down, plus, I never shut my computers down either so the concept of discarding everything once the browsing session was over is utterly absurd to most users unless you have dialup. Your browser session is never "over" unless you are forced to reboot and on XP you can go for a month (between Microsoft Tuesdays) without rebooting. Now using VMWare as a sandbox is a good concept and I do that and recommend that to others. I would never recommend something like Greenborder though.

Google buying Greenborder IMO means its death. I don't use or recommend that anyone use Google toolbar or any Google product. In fact, Scroogle is what I recommend.

 

Zero pixel windows and their invisible 'OK' buttons have trained me to constantly close browser processes. I also keep a Sysinternals Process Explorer window open to watch for unusual processes and it shows me the command line for each svchost.exe process. I don't think it's a good idea to keep applications running, they often spawn new processes you may not be aware of.

I've found VMware is unusable as a security tool. It has access to the host computer (network, filesystem, clipbook, possibly DCOM), it's bulky (memory use/boot/shutdown, services still running when shutdown), and it's DHCP service can kill an office network which is hard to track down.

Thos who run multiple security products at one time may not know that Windows kernel limitations can cause slowdown. For example, XP SP3 will include hotfix KB906866 which increases the number of file system filters that can be loaded. This is important because many security products include file system filters (such as AV), and the kernel only has room for two more (Symantec uses two slots).

 

Google spokesman Aaron Zamost formally announces the GreenBorder aquisition.

http://www.infoworld.com/article/07/05/29/Google-buys-into-security_1.html

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1256773,00.html

http://www.washingtonpost.com/wp-dyn/content/article/2007/05/29/AR2007052901529.html

 

Are you referring to web bugs? I've used the Proxomitron for years. It kills web bugs.

I agree though about the possibility of problems with VMWare. If you have plenty of memory and a fast, newer system then it runs fine but I agree that on older systems or those without enough memory there will be problems. The only problem I have encountered is the DHCP one you mentioned. It took me a long time to even realize that VMWare was the culprit in my modem losing synch once every few days. I only now figured out that it is VMWare because the problem has finally become so acute that if I have a VMWare machine open the modem loses synch about every 5-10 minutes. The problem stops as soon as I shut down the VMWare machine. I don't see this as necessarily easy to track down the specifics. Never had any problems like this with VMWare until a couple of months ago. The problem has progressed now to the point where I can't use VMWare until I can get it fixed.

 

Yes, it is hard to track down DHCP problems, it's much harder in a large network where developers and QA types are running multiple VMware images on each workstation, and the MAC address of the DHCP source returns a VMware vendor instead of hardware. Every person will swear innocence, meanwhile laptop users (usually the front office people) can't log in. Since most companies spend a couple hundred dollars on each switch instead of a couple of thousand for a managed switch, the only solution is to physically disconnect switches or workstations and do an 'ifconfig/renew' to see if the rogue DHCP server goes away. Dealing with DHCP issues is livable where VMware is critical, but not acceptable in an office if VMware is just used for browsing the web.

To expand on one of the security issues I mentioned (network), one of the 'big' holes I've found with other sandbox products is they depend on a personal firewall to protect trusted local network services from malware in the sandbox. Personal firewalls usually don't see connections from 'localhost' to 'localhost' as a problem, especially if connections from the sandbox have inherited authentication credentials from the session of the local user (via user shell, COM, etc). Without network protection, sandboxed malware can access unprotected local resources like \\127.0.0.1\c$ or remote registry. A typical home user won't know that for security purposes they shouldn't use VMware NAT, or that they should pick a personal firewall that protects against localhost connections (think quick, mention one). GreenBorder does have a Network Filter which prevents virtualized space (e.g. sandboxed malware) from accessing local network resources.

 

Hello,

How many network aware malware do you know (think quick, mention one).
When you configure VMware (Server) on Windows, it has several services / processes running. Not all need to be allowed access.

Indeed, if you do not set a permanent rule for VMware and you try to access outside the virtualized box from within the guest OS, any normal firewall will alert you.

Apart from being network aware, malware would really have to be sophisticated to defeat VMware in general. All this said, I do agree that VMware products should not be used as a security solution per se, more sort of a feasability, reliability, testing etc product.

If anyone direly needs security, Linux is the answer. All problems simply go away.

Mrk

 

Code red, sql slammer, blaster, nimda, sasser, bug bear. Each uses a different entry point (www, sql, rpc, smb, etc) for infection.

I do like Knoppix boot CDs. Requires a reboot though. Not many home users know how to secure Windows, let alone Linux. I prefer FreeBSD (a real UNIX)over Linux (a collection of software modules by PC guys to be something like UNIX).

 

Hello,
Come on, those are useless. I'm talking something serious.
Mrk

 

Using Vmware as a sandbox is overkill. Its taking the idea of a sandbox to its logical extreme - instead of virtualizing an app inside the sandbox, you virtualize the entire machine. Plus it has a couple of issue -

1. I would not want to run an app I use daily inside a virtual session. It woudl require changing usage patterns about how to access other resources.

2. Its not really safe because you have access to the host, sometimes even more transparently.

Vmware is perfect for trying out those risky apps I'm not sure of. It works better than programs like ISR/ShadowProtect for those since I can blow away a faulty image instantly.

The real solution is OS level virtualization of apps, including address space, file systems, registry/metadata and all resources. Vista does a lot of this under the hood for non-compliant legacy apps. Longhorn Server will have Viridian. There are many such solutions for Linux which I am not so familiar with.

A managed code environment such as Java's JVM or the .NET CLR also goes a long way since it essentially virtualizes the host OS at a higher level and isolates applications. The limitations come when calling into kernel code/drivers because they are still unmanaged.

Sorry for the segue into all the technical stuff I can't help feel there is so much more that can be done towards having a proper elegant approach to security rather than the hacks we have to put up with today.

 

Well, to be honest I couldn´t even get GreenBorder to run correctly on non of my virtual machines so I wasn´t exactly impressed with this software. If Google wanted to buy this kind of tech they could have rather bought Sandboxie which is working a lot smoother. I really wonder what their plans are, not that it matters that much since I don´t trust Google anyways.

 

Not necessarily.

Linux supports cookies as one example. While they're not a huge risk they can still pose a security risk. Also, one of the SQL worms took down thousands of Linux servers, so inherrent security of Linux is also bunk.

 

Not sure of your point there. Servers accept incoming traffic, or simply put, my computer is not a server.
Cookies are supported (huh) by any browser. They can be a privacy issue, yes, but this is the web.º

The Unofficial Cookie FAQ (just found this )

 

A lot of security exploits stem out of originally useful functions. ActiveX is a perfect example. It was done to make things work easier, and malware programmers took advantage of it. Cookies do much less, but in terms of having information about surfing collected about you so you can be targetted with spam, they still pose a potential risk. It's in the annoyance category, but it's not like Linux will solve all your woes.

 

But it's not supposed to solve cookies you see. Cookies can be read, but they won't pwn you! Firefox does solve it, and Opera too. I have no idea about IE7 (the one that uses ActiveX).

 

Being read is more of a concern than pwning. I care more about personal information getting out and abused than I care about my system getting hosed and having to reinstall it. While getting hosed is a pain, I can work with it. Having someone get a bunch of personal information on me and using that for identity theft - that really sucks. Phishing + Cookies can do a great job of identity theft, and Linux is immune to neither. That's the number 1 concern for me, and for a number of other people. That's also the reason I prefer Windows for security purposes, is more people work on security software for Windows, because people actually want it, because in general it has more security holes (that are actually exploited actively). People using Mac OS and Linux think they don't have to worry about security, so if a security solution comes along, they're more likely to scoff at it than to actually use it, so the incentive for programmers to make security software for Linux that benefits the end user is much lower.

 

What does "Linux" have to do with cookies?
This is the question you have to ask yourself.

Cookies are used by browsers!

 

Exactly, Linux does nothing to prevent problems that occur across all browsers. Therefore Linux isn't the solution because it doesn't protect against everything.

 

In that regard:
Phishing - if you fall for it, you deserve it.
Cookies - no threat.
Mrk

 

Oh, please do not think that! That is just one of the gazillion reasons I spend soooo much time here at Wilder's.

That would be very nice, BUT, the human mind is a machine with an infinite amount of good and bad curiosity.

As far as cookies...

I use FF 99.99% of the time, and only allow cookies for less than six sites. If sites other than my six require cookies, they get session cookies.

I have only one site that requires IE.

Both FF & IE are set tn ONLY allow first party cookies.

Session cookies rule!

Mike

 

Probably off topic... do you have any links comparing UNIX vs Linux? ( I am reading FreeBSD vs. Linux vs. Windows 2000 right now. )

I am not trying to bash you, or anything evil, just very curious about your statement, and would like to just learn more about that.

Personally, I use "Cygwin is a Linux-like environment for Windows." with DOS batch files to do lots of command line stuff... searching log files for certain stuff in certain fields, parsing IE trusted sites in the registry and "sdiff"ing with a text file of what stuff I really want trusted, etc...

Mike

 

I hate talking to the air you know. Did you read anything in my post? 1 word, 2?
Do you understand what cookies are? (no)

 

LOL
To be placing cookies and phishing on Linux's "fault" and not control of the browser or the PEBCAK element is like saying guns kill people.

 

Trojans - if you fall for it, you deserve it.
Spyware - no threat.

Go ahead, uninstall some of your security software.

 

Yes I do understand what cookies are. You're not understanding that Linux does nothing to protect you against something that is the browser's fault.

 

Hello,
To which software are you referring to?
Mrk