Security Basics mailing list archives
RE: How to categorize 'desktop application firewalling'?
From: "Bill Stout" <bill.stout () greenborder com>
Date: Thu, 14 Jul 2005 12:00:45 -0700
One difference from a sandbox I forgot to mention: The GreenBorder product uses resource virtualization whereas sandboxes use strict permissions to block access to some local resources. In other words, if both spyware and a web game wants to update the registry, a temporary copy of the registry is updated instead of blocked access and an application crash. Virtualization makes the product more transparent and more palatable to the user. So I suppose it's still sandboxing, but with virtualization added in place of blocking. It's the same but different. ;) Thanks, Bill -----Original Message----- From: Bill Stout Sent: Thursday, July 14, 2005 11:47 AM To: security-basics () securityfocus com Subject: RE: How to categorize 'desktop application firewalling'? Hi Adam and others; After reading the wikipedia and other definitions, I believe you're right. Definitions list four levels of sandboxing: Application (like Java), OS (like chroot), Virtual Machine (VMware), and Capability Systems (HP Polaris). The closest definition that seems to fit is the Java model, but for applications, not applets. My favorite definition is here: http://www.builderau.com.au/program/java/0,39024620,20269115,00.htm "What is a sandbox? An application sandbox is a space in which programs can be run with less access to system resources than would be available under normal circumstances. Modern operating systems run all applications in a sandbox of sorts, which prevents them from accessing and corrupting memory outside of their allotted regions. Java execution sandboxes operate at a much higher level than their operating system counterparts but provide essentially the same role: They prevent applications from making greater use of the system than is necessary." Our marketing team feels that 'sandboxing' has some negative connotations, and avoid associating with sandboxing. However Java sandboxing is proven, so I don't think sandboxing at a higher application level is negative at all. Thanks all for the public and private responses. Bill -----Original Message----- From: Gaydosh, Adam [mailto:GaydoshA () ctc com] Sent: Wednesday, July 13, 2005 1:46 PM To: Bill Stout; security-basics () securityfocus com Subject: RE: How to categorize 'desktop application firewalling'? This sounds like a sandbox to me, like how java applets are executed. http://en.wikipedia.org/wiki/Sandbox_%28security%29
-----Original Message----- From: Bill Stout [mailto:bill.stout () greenborder com] Sent: Tuesday, July 12, 2005 4:49 PM To: security-basics () securityfocus com Subject: How to categorize 'desktop application firewalling'? [I posted this to firewalls as a firewalls question but the moderator asked me to post this in focus-virus, and focus-virus asked me to post to security-basics. - This illustrates the problem I'm trying to solve.] I'm the IT department for our company, and I'm trying to figure out how to simply categorize and describe our software. Here's the complicated description: Our software protects Windows local system resources and the local network from an application process accessing untrusted content. It's like placing latex around the application that opens untrusted content. What it means is, processes launched in our protected environment do not have the ability to; modify the registry, files on disk or the local network. It also adds confidentiality by blocking processes accessing Internet content from read access to 'My Documents', local network shares, etc. Nearly any process can be launched in this space, but it does it automatically for just IE and Outlook. Currently the software automatically detects if IE or Outlook is attempting to access content from outside the defined network and re-launches an application process in the controlled space. The result is that with the software installed, you can purposely attempt to install spyware or viruses through IE or Outlook and it doesn't infect the machine. All the above is really difficult to explain quickly, and we end up describing it as anti-virus/anti-spyware software, although we don't recommend throwing existing software out. Would anyone have a simpler way of explaining something that firewalls desktop applications from local resources? Thanks, Bill Stout IT dept GreenBorder, Inc. www.greenborder.com
Current thread:
- How to categorize 'desktop application firewalling'? Bill Stout (Jul 13)
- Re: How to categorize 'desktop application firewalling'? Ansgar -59cobalt- Wiechers (Jul 18)
- <Possible follow-ups>
- RE: How to categorize 'desktop application firewalling'? Gaydosh, Adam (Jul 18)
- RE: How to categorize 'desktop application firewalling'? Bill Stout (Jul 18)