Unique approach to desktop security -- allowing content to execute in virtual space -- requires accepting a measure of risk
GreenBorder Professional Edition is designed to protect against malicious content arriving in Internet Explorer and Outlook -- but it gives the traditional virtual environment security paradigm a nifty 180-degree twist.
GreenBorder forces untrusted content to execute in a virtualized protection “sandbox” environment where it can do no persistent harm to the local host or trusted network. Where GreenBorder differs is that most untrusted content, malicious or not, is allowed to execute and reside in the seamless virtual environment, but any subsequent host modifications can be discarded.
The goal of this is to prevent malware from permanently modifying the local host and from attacking other trusted hosts and networks, similar to what might be accomplished by resetting a VMware or Virtual PC session. Content arriving from untrusted networks is hosted in a controlled virtual environment indicated by a green border surrounding Outlook and IE.
GreenBorder removes this untrusted content when the user decides to remove it or when the user logs off. All content from any untrusted network is removed regardless of whether it is in fact malicious. So, while malware, worms, and spyware changes won’t be saved, neither will legitimate content such as patches from Microsoft Windows Update or Amazon.com cookies -- unless the sites are added as trusted locations.
GreenBorder was nearly flawless in its attempts to prevent manipulation of the underlying host environment. But in my tests, some minor spyware modifications, such as desktop shortcuts and new menus, did make it to the underlying host. GreenBorder says this is because the malware mimicked a normal user’s modifications too closely, as compared with most malware’s programmatic accesses. Still, the fact that malware can modify the host desktop at all means there are other potential weaknesses.
That doesn’t mean GreenBorder lacks innovation. For example, when a user saves a file from an untrusted source, the file is given a new header and then “wrapped” with a proprietary, nonconfidential encryption routine -- a process GreenBorder calls “mangling.” If users without GreenBorder attempt to access the file, they will be unable to open it.
When a GreenBorder user opens the file, however, the mangling is undone, and the original file is served up in the protected virtual environment. In a sense, content from an untrusted resource remains untrusted by default.
As interesting as this is, most security vendors have forsaken directly modifying files because doing so may elicit unforeseen operational consequences; for this reason, GreenBorder users can save files unmodified without the added protection. (A centralized management console, which I did not test, is available to configure GreenBorder settings across the enterprise.)
Adopting GreenBorder’s defense strategy has practical consequences. For example, any worm or virus launched will be allowed to modify the virtual environment, take up real CPU cycles (slowing the host machine), and interact with and attack other untrusted networks and hosts. Phishing e-mails and URL tricks will get through; script worms and macro viruses will still execute.
Because of its approach, however, GreenBorder works across a wider selection of malware and prevents unknown attacks without the need for daily signature updates. The ability to reset a session is akin to a quick reset of the user’s entire environment: no more system restores or re-ghosting machines. Administrators will have to decide whether the risk in allowing malware to execute is worth the instant reset payback.
Overall Score (100%)
|GreenBorder Professional Edition 2.7.2||7.0||7.0||8.0||9.0|
Windows 7 is suddenly telling users it isn't genuine -- and it has nothing to do with Windows being...
Windows users are reporting significant problems with four more October Black Tuesday patches
The larger design is very welcome, but there's much more to the iPhone 6 than a bigger screen
Sponsored by Rackspace
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
InfoWorld picks the best hardware, software, development tools, and cloud services of the year
Microsoft CEO Satya Nadella is showing the same kind of leadership that Steve Jobs used to rescue Apple...
If you’re doing one or more of these things, it might be time to step away from the IDE and take a...
Black Duck presents its Open Source Rookies of the Year -- the 10 most exciting, active new projects...