what virtualization can and cannot do in an anti-malware context

Ilya is everywhere these days, lol

Maybe I'm biased because I use defensewall, but I know that DW will block malware from accessing important components, whether sensitive documents or system critical files. Ilya also says DW can't be used alone, but in conjunction with a good FW, which will pretty much block most malware and zero-day exploits out there. An AV is optional with this setup, but if you can get a good and light one like avira or NOD32 then its a nice addition. I think there's a distinction between pure sandbox like sandboxie, which only isolates untrusted programs not prevents, and sandbox HIPS like geswall and DW which isolate but also prevent through rules-based.

 

Hello!

Thanks ronjor for that link. It was intresting read.

Kristian

 

It is an old Kurt's post.

 

Regarding Ilya's and Kurt's argument over semantics, basically over the terminology and classification of virtualization versus sandboxing, I agree in part with both of them. Kurt is obviously right that virtualization is more or less the same as sandboxing on a conceptual level, but just because they are incarnations of the same basic concept doesn't mean they are the same in all respects. Obviously their implementation is different, as was pointed out by Ilya below

In this case I agree with Ilya in that the implementation should dictate the definition of the various implementations, as this is most representative of the computer security environment. Kurt's proposed terminology doesn't provide sufficient differentiation between the various implementations and thus doesn't provide a clear and coherent nominal framework upon which to discuss these matters.