Results 1 to 6 of 6

Thread: Virus Sandboxing

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    472

    Virus Sandboxing

    Sandboxing is how Java work, you create a virtual machine on your computer and you run the program on it. The virtual machine have only limited rights to the OS and the filesystem to prevent malicious code from doing damage.

    To transfer this to anit-virus thinking, how about if you could make a virtual machine in real-time that somehow would simulate support for alle the function in your OS. Then you could run a program on it, and if something bad happened eg. there was a virus in the program, you would just not run the program on your pc.

    I don't know if this is possible, but I've heard there's someone who's working on such a project. I just can't remember who. I think it would take one fast computer to actually do something like this, so I don't believe it's implemented in any of the excisting anti-virus softwares.

    Well, I think it's good thinking though. I mean the ultimate way to guard yoursel from virus attacks, is that whenever you want to do something on your computer, you make an image of your disk. The disk you insert into another computer and do the work there. If everything goes OK, you can do the work on your own computer, knowing nothing bad is gonna happen. If someone could do this on one singel computer, it would be great!

    What do you think, is this possible to accomplish?
    ---
    proactive

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    882
    There is a company that has been attempting something along the same line. Finjan.
    http://www.finjan.com/
    Before I went to Linux and XP. I had a program from them called Surf and Guard Pro. It was a personal version of the enterprise software they offered. It worked good. It made a virtual sand trap on your drive that it cuaght scripts in to run. They have a mail gateway, server gateway and desktop versions. This may be where AV solutions will come from in the future. It stops them before they execute on you puter.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    that is an interesting discussion line proactive. I was wondering something similar when running a vm honeynet.

    Here was the thoughts - if I can emulate these os and get morons who are trying to get my real stuff to coact with these phony machines (which ran webservers, answered pings and telnets etc) why not the full nine yards. Antivirus and trojan programs would be suffused into this pit and realtime recording could be done.


    What a concept - I hope someone is working on it.
    Trappedagainbyperfectlogic.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    The sandbox for homeusers are maybe not so far away?

    Norman Develops New Sandbox Technology to Identify New Viruses!

    Norman’s simulated computer can detect new viruses independent of the operating system of the machine running the scan, you can view the full story at http://www.norman.com/US/news/020124.shtml
    McAfee and Symantec are also developing their own sandboxes, its probably their only way to detect "unknown" smart viruses, and at the same time in a safe environment study all harm the virus would do on a "real" computer.

  5. #5
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514
    I like that kind of thinking. It would be a better way to secure your computer than AV solutions of today.
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at
    [gloworange]http://www.loonyservices.com/[/gloworange]

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Related information to "sandboxing".

    TINY SOFTWARE ANNOUNCES TROJAN TRAP SOFTWARE
    Tiny Software announced the release of Trojan Trap, a security tool designed to prevent malicious applications and code from entering a network. The program consists of a series of executables, DLLs, and kernel-level drivers--each protecting a different aspect of an OS. Trojan Trap creates a closed sandbox environment in which code can execute. The software monitors the code to protect against unwanted access to system drivers, services, the registry, system files, and network ports.

    Source: Secadministrator
    You can also read these related AO threads:

    DeepFreeze
    Tiny Trojan Trap

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •