Test Center: Sandbox security versus the evil Web
Five products strive to trap drive-by downloads and other threats in a virtual Web browsing space, with mixed resultsFollow @infoworld
All of the products worked by installing one or more monitoring executables and services. Each provided a main executable and a system tray icon. Some of the tray icons changed colors, like a traffic light, to indicate current status (green for everything's OK to red for malware detected). All products displayed an on-screen warning when maliciousness was detected and most created log files. Interfaces ranged from Prevx's all-user elegance to Sandboxie's technical-user sophistication. The install, interface, and alerting for all products was acceptable. Pricing was $29.95 per copy or less.
Only Prevx had any enterprise capabilities, and even that was minimal. Most of the products were obviously intended for home or personal use. You won't find enterprise-wide reporting, logging, or alerting; or the capability to push out or monitor large-scale deployments. Sandbox defenses are first-generation products, sitting where anti-virus scanners were a decade ago.
Overall, this class of protection products does provide additional defense capabilities that could protect a user against unknown threats. In no case was using the vendor's product worthless, although some need to mature a bit to be ready for widespread use. The biggest question is if the additional protection value is worth the additional outlay of money and ongoing support. A fully patched system (OS and applications) where the user cannot install random programs would probably provide as much protection. How well your organization handles those two requirements will determine if sandbox products are worth investigating.
And the winners are…
In the end, the reviewer's favorite products were Prevx and Sandboxie. Prevx provided the best identification of malware and prevented most of the exploits thrown at it, though by no means all. It's nice to be told what was trying to infect your system instead of having to make trust decisions on the fly. Plus, Prevx was the only product able to detect previously installed malware, and its interface was elegant. Sandboxie was a surprise. It provided fairly accurate infection prevention and, in most cases, excellent cleanup. It requires a bit more technical knowledge when picking which changes should and shouldn't be kept, but it's free price tag makes it a winner.
Now on to the individual reviews…
I've been a big fan of Prevx for years. It was one of the first players in the Web security space and tends to be on the cutting edge of browser defense. The product's maturity shows in the end-user interface, operational aspects, and availability in 64-bit and business versions.
Prevx provides a multipronged defense, with heavy reliance on heuristic host-intrusion detection techniques. It provides distinct protection to Internet browsers, e-mail programs, critical file and memory areas, and startup program areas, and it supplies additional defenses against keyloggers, buffer overflow programs, and network connecting malware. Although real-time monitoring and heuristics are certainly its sweet spot, Prevx contains multiple signature-based mechanisms and relies heavily on its community-based malware reporting database, which requires an active Internet connection to utilize.