February 6th, 2002, 11:48 AM
Sandboxing is how Java work, you create a virtual machine on your computer and you run the program on it. The virtual machine have only limited rights to the OS and the filesystem to prevent malicious code from doing damage.
To transfer this to anit-virus thinking, how about if you could make a virtual machine in real-time that somehow would simulate support for alle the function in your OS. Then you could run a program on it, and if something bad happened eg. there was a virus in the program, you would just not run the program on your pc.
I don't know if this is possible, but I've heard there's someone who's working on such a project. I just can't remember who. I think it would take one fast computer to actually do something like this, so I don't believe it's implemented in any of the excisting anti-virus softwares.
Well, I think it's good thinking though. I mean the ultimate way to guard yoursel from virus attacks, is that whenever you want to do something on your computer, you make an image of your disk. The disk you insert into another computer and do the work there. If everything goes OK, you can do the work on your own computer, knowing nothing bad is gonna happen. If someone could do this on one singel computer, it would be great!
What do you think, is this possible to accomplish?
February 6th, 2002, 12:07 PM
There is a company that has been attempting something along the same line. Finjan.
Before I went to Linux and XP. I had a program from them called Surf and Guard Pro. It was a personal version of the enterprise software they offered. It worked good. It made a virtual sand trap on your drive that it cuaght scripts in to run. They have a mail gateway, server gateway and desktop versions. This may be where AV solutions will come from in the future. It stops them before they execute on you puter.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
February 6th, 2002, 12:50 PM
that is an interesting discussion line proactive. I was wondering something similar when running a vm honeynet.
Here was the thoughts - if I can emulate these os and get morons who are trying to get my real stuff to coact with these phony machines (which ran webservers, answered pings and telnets etc) why not the full nine yards. Antivirus and trojan programs would be suffused into this pit and realtime recording could be done.
What a concept - I hope someone is working on it.
February 6th, 2002, 05:53 PM
The sandbox for homeusers are maybe not so far away?
McAfee and Symantec are also developing their own sandboxes, its probably their only way to detect "unknown" smart viruses, and at the same time in a safe environment study all harm the virus would do on a "real" computer.
Norman Develops New Sandbox Technology to Identify New Viruses!
Norman’s simulated computer can detect new viruses independent of the operating system of the machine running the scan, you can view the full story at http://www.norman.com/US/news/020124.shtml
February 6th, 2002, 06:00 PM
I like that kind of thinking. It would be a better way to secure your computer than AV solutions of today.
[shadow]uraloony, Founder of Loony Services[/shadow]
Visit us at
February 7th, 2002, 09:05 AM
Related information to "sandboxing".
You can also read these related AO threads:
TINY SOFTWARE ANNOUNCES TROJAN TRAP SOFTWARE
Tiny Software announced the release of Trojan Trap, a security tool designed to prevent malicious applications and code from entering a network. The program consists of a series of executables, DLLs, and kernel-level drivers--each protecting a different aspect of an OS. Trojan Trap creates a closed sandbox environment in which code can execute. The software monitors the code to protect against unwanted access to system drivers, services, the registry, system files, and network ports.
Tiny Trojan Trap