what virtualization can and cannot do in an anti-malware context

Discussion in 'sandboxing & virtualization' started by ronjor, Jun 22, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Kurt Wismer
     
  2. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    Ilya is everywhere these days, lol

    Maybe I'm biased because I use defensewall, but I know that DW will block malware from accessing important components, whether sensitive documents or system critical files. Ilya also says DW can't be used alone, but in conjunction with a good FW, which will pretty much block most malware and zero-day exploits out there. An AV is optional with this setup, but if you can get a good and light one like avira or NOD32 then its a nice addition. I think there's a distinction between pure sandbox like sandboxie, which only isolates untrusted programs not prevents, and sandbox HIPS like geswall and DW which isolate but also prevent through rules-based.
     
  3. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Hello!

    Thanks ronjor for that link. It was intresting read.

    Kristian
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is an old Kurt's post.
     
  5. walking paradox

    walking paradox Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    234
    Regarding Ilya's and Kurt's argument over semantics, basically over the terminology and classification of virtualization versus sandboxing, I agree in part with both of them. Kurt is obviously right that virtualization is more or less the same as sandboxing on a conceptual level, but just because they are incarnations of the same basic concept doesn't mean they are the same in all respects. Obviously their implementation is different, as was pointed out by Ilya below
    In this case I agree with Ilya in that the implementation should dictate the definition of the various implementations, as this is most representative of the computer security environment. Kurt's proposed terminology doesn't provide sufficient differentiation between the various implementations and thus doesn't provide a clear and coherent nominal framework upon which to discuss these matters.
     
Loading...
Thread Status:
Not open for further replies.