lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu Jun  8 19:00:54 2006
From: bill.stout at greenborder.com (Bill Stout)
Subject: Want to test this desktop barrier?
	(Unauthorized offer) 0day protection

Hi Joxean,

I can open any spyware, virus, or other malware in my browser and not
infect my computer.  This is as a local administrator, with
Active-X/Java/Javascript enabled in the browser.  Also, I can open any
infected downloaded file (as long as it's in the GreenBorder files
directory) and not infect my computer.  The next version will have
activity lights which indicate attempts to modify registry, filesystem,
etc. depending on what the product manager (and feedback) decides, which
is useful for determining what the heck some particular application is
attempting.

The advantage is that this is proactive protection, this effectively
provides 'gloves' for handling internet content, whereas AV or AS, since
they're detection-based, are like 'flu shots'.  If you see a toddler
about to touch a dead animal, it's best they're wearing gloves rather
than being up to date on their shots.

Virtualizing at the application level is not as intrusive as sandboxing
techniques.  Virtualization provides the ability to enumerate or read
selected real resources, and the protection is more transparent to the
user.

Bill Stout

-----Original Message-----
From: Joxean Koret [mailto:joxeankoret@...oo.es] 
Sent: Thursday, June 08, 2006 10:57 AM
To: Full Disclosure
Cc: Bill Stout
Subject: [Full-disclosure] Want to test this desktop barrier?
(Unauthorized offer) 0day protection

Hi,

>We don't determine what application running in the virtual environment
>is malicious or not, so therefore this is not a replacement for
>signature based protection systems.  Most anything can run in the
>environment, it just can't modify local resources.  This is great
>protection for 0-day exploits, and lets administrators wait to apply
>patches off-hours.

So it is a propietary application like the Open Source Winpooch
(http://winpooch.free.fr/home/) that can't be use with an antivirus to
have real protection as Winpooch does.

Sorry but, Is there any advantage?

-- 
Zer gutxi balio duen langileen bizitza

Powered by blists - more mailing lists