Test Center: Sandbox security versus the evil Web
Five products strive to trap drive-by downloads and other threats in a virtual Web browsing space, with mixed resultsFollow @infoworld
After the initial licensed-based install, Prevx did a scan of some of the critical system components and checked for program updates. Prevx has the best user interface in this roundup review (see Figure 1). There wasn't a part of it I did not like. It looks good, displays what the user needs when required to make a decision, and hides when it is not in play. There are three operation modes: ABC, which is the default for beginners, and two expert modes.
When the user surfs to a malicious Web site, Prevx notes any system modifications it detects while the related files are identified and compared to a local database or sent to the larger community-based database. If identified as malware (see Figure 2), the malicious programs and system modifications are removed and the system rebooted. Suspicious programs are placed in "jail" (see Figure 3), where the user can restore or tell Prevx to quarantine or delete. Cleaning always results in a mandatory reboot, followed by an additional rescanning of critical areas and an uploading of any found changes to the community database. I especially liked this feature because it can find modifications missed on the first pass. Nice touch.
Sadly, Prevx didn't always keep my system clean. On just the fifth malware Web site, a password-stealing Trojan was able to infect the test system. Prevx had noted system changes and uploaded multiple files to the community database, but it completely missed one of the Trojan files, even after the reboot and second scan (see the program called SSUUDL in Figure 4, Figure 5, and Figure 6). In further testing on the same site, Prevx removed every infectious file nearly all of the time, but not every time. And although it detected and prevented the XP Antivirus malware program, it did not stop the Adobe Flash clipboard hijack. If Prevx could improve its accuracy, it would easily be the best product in this review.
Although Authentium's SafeCentral attempts to prevent keyloggers, screenscraping software, and malware from silently exploiting systems from Firefox browser sessions, it is most proud of its ability to prevent DNS and Web site spoofing for its 15,000 registered partner Web sites. The SafeCentral Portal site list includes thousands of commonly used banking, financial, and other popular Web sites and will prevent many phishing attacks. This is an opt-in feature, forcing the user to access sites from the SafeCentral Portal in order to ensure site authenticity. If your Web site is not listed or if you are socially engineered into visiting a bogus Web site without going through the portal, you will not get the protection of SafeCentral's redirection.
[ View the companion video, "SafeCentral vs. the Adobe Flash clipboard hijack." Download the QuickTime version. ]