Virtualization security - the end for security updates?

Did anyone already try this new virtualization protection for P2P File Sharing?
(found @ download.com)

looks like this bufferzone virtualization protection allows you to run virus infected files with no risk while your 'actual' pc can never be attacked while no security updates ever needed (is that possible?!!)

http://www.download.com/BufferZone-...Sharing/3000-8022_4-10597240.html?tag=lst-0-3

looks promising, however need some more professional feedbacks.

thanks,

Steven E.

 

Your best bet is to start reading here

 

So what's the big deal even if it's virtualized? It still CAN, WILL, and, MIGHT steal personal information( the malware ). The only difference is that it (the malware) never gets to write to the physical drive and can be discarded with a simple reboot of the system. This sort of virtualization security should never be taken for granted and should still be used together with a good security setup.

 

sorry to say, but you are wrong here. they provide a confidential folder where you can keep all your confidential files, so any malware or spyware running inside that bufferzone, can never 'see' or even access these files.

 

No, just an additional layer of security, see below

When you look at different HIPS, they can be characterised by the basic approaches they use. HIPS often use different approaches in one solution. That is why it is so confusing to understand them.

At the highest level there are 3 main approaches (1, 2 and 3) with each some sub-approaches (the A's and B's).

1) Using signature based reference lists.

A) black list approach
This is common in most AV and anti-spy applications

B) white list apporach
This is common part of classical HIPS applications (like SSM, Antihook, Dynamic Security Agent, ProSecurity, Process Guard, Appdefend, et cetera).

2) Using intelligent pattern recognition

A) heuristics or code patterns recognition:
These actively or passively scanning parts of code for potential malicious activity, the idea is to recognise code patterns in a intelligent way whether the code has good or bad intentions. Heuristics is becoming an important add-on to AV-programs. Some have even artificial intelligent rules engines to eveluate those code patterns.

B) behavior blocking or application/process behavior patterns.
This type of security software recognises potential dangereous behavior (like dll or data injection, or adding a hidden process/registry entry). The intelligence and limitation of this type of security software that an anomaly (strange behavior) is not per se malicious. Most of the classical HIPS also use this as a part of their security approach (e.g Antihook, SSM, PG warn/prevent when software tries to inject dll into another process). Some firewalls (like Comodo) apply this on network level and some innovative AV's have extended their heuristics with behavior blocking.

3) Seperating the execution environment.
These fall into two main classes (with each two sub-approaches). The classification gets 'blurred' because the term Sandbox and virtualisation are used together. Therefore in Netherlands we use this type of classification.

A) access right restrictions ("sand boxing")
This approach is aimed at restricting the rights the user has to perform. This type of protection has two main differences:

- The ones which only affects "privelage restriction" of programs.
Examples are DropMyRights and Amust Defender, this are also called "Sandboxes". The down side of these privelage restriction is that it also limits the user in functionality.

- The ones which also effect the "privelage restrictions" of files which are created by those programs.
Examples are GeSWall and DefenseWall. They remember the trusted or untrusted state of the files created. The advantage of this type of programs is that they use "seamless security": no restriction in functionality and no seperation of file and or operationg system. Seamless is sometimes also called virtualisation (one of the reasons for confusing).

B) Virtualisation.
This approach is aimed to allow the user to make bigger changes in the registry and file system because they do not really affect the underlying system.

- Virtualisation affecting the file system only
This type of programs seperate the virtualised applications from the file systems. So they make the changes in a seperate file layer. The changes can be turned back afterwards. Examples are Sandboxie and BufferZone. This type of programs also apply rights restrictions (in side and out side the virtualised file system).

- Virtualisation also seperating the OS-system
This type of programs seperates the virtualised system including OS from the protected system. Some applications require n another OS in the virtualised system (like VM Ware), others seperate snapshots of the same OS (First Defense ISR).

 

Good point. But it seems a little troublesome to me. Reminds me of a virtualization program last time, but I forgotten what it was already.

 

GesWall also has a confidential folder.

 

what aigle said

but as of now geswall is the only free security program (that i know of) where you can create confidential folders to keep them safe from prying eyes (i made my ENTIRE 'my documents' folder confidential).

i believe bufferzone free doesn't allow you to make a folder confidential (bufferzone home pro does though).

 

Yes. But the name is too obvious. Why can't it be named something else instead of 'Confidential'. It's like telling people: "Hey, I've got confidential stuff inside here! Don't touch it!"

It makes it a more attractive target for crackers. All the more they want to see what's so 'Confidential' in that folder. You know aigle, it's not security-wise providing people with a confidential folder and then calling the folder 'Confidential'. It's just too obvious! They could have given it a more innocent-looking name. I will see if the folder can be renamed to something else.

 

Very good summary Kees1958.

 

Ur point seems valid but I am not expert in this regard to comment anything.

 

Yeah um, does geswall 2.5 still use the name 'Confidential.' ?

 

Any problem by doing so?
As I remember in previous beta while using FF I used to get pop ups that FF is trying to assess confidential files and I had to deleet confidential folder to get rid of these pop ups. I told Brian and they were supposed to fix this matter. I did not get this problem with current beta. But if u put all mu docs folder then I am not sure if u are going to get pop ups again.

 

this bufferzone security p2p file sharing freeware does enable you with a free 'confidential' folder, however in order to get that feature you need to invite 2 friends to download bufferzone as well...

 

Hi zopzop, as I see u have removed BufferZone, if new version is stripped down, u caould have continued with the previous version. Also I wonder why they have not announced the new version on their site so far?

 

@steven.edw

thanks i didn't know that. sounds like an odd (but fun) way to expand on the capibilities of the free version of bufferzone.


@aigle

the previous versions of bufferzone have problems with martin's keylogger, the ssm leaktests, killdisk type virii, and slow down. it would defeat the point of having a security app that's up to date if i kept the older version of bufferzone around and the current free version of bufferzone is way to limited for my tastes, that's why i didn't bother to keep it installed.

as to why they havent' announced the new version on their site, i have no clue. like stven.edw, i found bufferzone version 2.10-33 for p2p on download.com

 

Yes, same name.

 

I know virtualization (OS) is great, but when you look at it, doesn't it seem ridiculous?
You run a completely separate OS within an OS because your main OS is insecure.
Why not just make the main OS more secure, or use an OS that is natively more secure?

 

As I rmember it used to stop KillDisk virus. MUK is an exception for many security software.

 

i thought it did too, but i'm not too sure anymore. seems pointless to use the current version of bufferzone free edition when geswall is free, more versitile, and constantly updated.

i really wish they kept bufferzone free edition the way it was before the current update. i mean they've had it that way for months (years?) and apparently they never thought it stepped on the toes of bufferzone home pro edition.

 

this application virtualization security seems to do exactly what you say - make the main OS more secure...

 

Seem they have troubles. I notice their forums to be rather inactive. There are spam post and not removed for many days.
Anyway it,s a nice product. I wish it to become more better.

 

me too i loved BZ. it's always good to have lot's of viable free options in software to choose from. i just hope this new free version is kind of like them testing the waters and seeing user reaction. i told them i don't like it, maybe if more users did the same they'd change it back.

 

Okay, but why not just use a limited user account so nothing can get installed?

 

why limit, when you can keep working as usual, install anything while keep being protected...? - sounds better to me.