lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 8 19:00:54 2006 From: bill.stout at greenborder.com (Bill Stout) Subject: Want to test this desktop barrier? (Unauthorized offer) 0day protection Hi Joxean, I can open any spyware, virus, or other malware in my browser and not infect my computer. This is as a local administrator, with Active-X/Java/Javascript enabled in the browser. Also, I can open any infected downloaded file (as long as it's in the GreenBorder files directory) and not infect my computer. The next version will have activity lights which indicate attempts to modify registry, filesystem, etc. depending on what the product manager (and feedback) decides, which is useful for determining what the heck some particular application is attempting. The advantage is that this is proactive protection, this effectively provides 'gloves' for handling internet content, whereas AV or AS, since they're detection-based, are like 'flu shots'. If you see a toddler about to touch a dead animal, it's best they're wearing gloves rather than being up to date on their shots. Virtualizing at the application level is not as intrusive as sandboxing techniques. Virtualization provides the ability to enumerate or read selected real resources, and the protection is more transparent to the user. Bill Stout -----Original Message----- From: Joxean Koret [mailto:joxeankoret@...oo.es] Sent: Thursday, June 08, 2006 10:57 AM To: Full Disclosure Cc: Bill Stout Subject: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection Hi, >We don't determine what application running in the virtual environment >is malicious or not, so therefore this is not a replacement for >signature based protection systems. Most anything can run in the >environment, it just can't modify local resources. This is great >protection for 0-day exploits, and lets administrators wait to apply >patches off-hours. So it is a propietary application like the Open Source Winpooch (http://winpooch.free.fr/home/) that can't be use with an antivirus to have real protection as Winpooch does. Sorry but, Is there any advantage? -- Zer gutxi balio duen langileen bizitza
Powered by blists - more mailing lists