Full Disclosure mailing list archives
RE: Want to test this desktop barrier? (Unauthorized offer) 0day protection
From: "Bill Stout" <bill.stout () greenborder com>
Date: Thu, 8 Jun 2006 11:02:37 -0700
Hi Joxean, I can open any spyware, virus, or other malware in my browser and not infect my computer. This is as a local administrator, with Active-X/Java/Javascript enabled in the browser. Also, I can open any infected downloaded file (as long as it's in the GreenBorder files directory) and not infect my computer. The next version will have activity lights which indicate attempts to modify registry, filesystem, etc. depending on what the product manager (and feedback) decides, which is useful for determining what the heck some particular application is attempting. The advantage is that this is proactive protection, this effectively provides 'gloves' for handling internet content, whereas AV or AS, since they're detection-based, are like 'flu shots'. If you see a toddler about to touch a dead animal, it's best they're wearing gloves rather than being up to date on their shots. Virtualizing at the application level is not as intrusive as sandboxing techniques. Virtualization provides the ability to enumerate or read selected real resources, and the protection is more transparent to the user. Bill Stout -----Original Message----- From: Joxean Koret [mailto:joxeankoret () yahoo es] Sent: Thursday, June 08, 2006 10:57 AM To: Full Disclosure Cc: Bill Stout Subject: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection Hi,
We don't determine what application running in the virtual environment is malicious or not, so therefore this is not a replacement for signature based protection systems. Most anything can run in the environment, it just can't modify local resources. This is great protection for 0-day exploits, and lets administrators wait to apply patches off-hours.
So it is a propietary application like the Open Source Winpooch (http://winpooch.free.fr/home/) that can't be use with an antivirus to have real protection as Winpooch does. Sorry but, Is there any advantage? -- Zer gutxi balio duen langileen bizitza _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Want to test this desktop barrier? (Unauthorized offer) 0day protection Bill Stout (Jun 08)
- Re: Want to test this desktop barrier? (Unauthorized offer) 0day protection Thierry Zoller (Jun 08)
- Re: Want to test this desktop barrier? (Unauthorized offer) 0day protection Anders B Jansson (Jun 08)
- RE: Want to test this desktop barrier? (Unauthorized offer) 0day protection Bill Stout (Jun 08)
- Re: Want to test this desktop barrier? (Unauthorized offer) 0day protection neil davis (Jun 09)
- <Possible follow-ups>
- Want to test this desktop barrier? (Unauthorized offer) 0day protection Joxean Koret (Jun 08)
- RE: Want to test this desktop barrier? (Unauthorized offer) 0day protection Bill Stout (Jun 08)
- Re: Want to test this desktop barrier? (Unauthorized offer) 0day protection Thierry Zoller (Jun 08)