Internet Security Zone Blog

by Laura Yecies

What’s the difference between a regular browser and a virtualized browser? Not much that you’d notice, and plenty that you won’t. And that’s the way it should be.

Security should require as little intervention as possible from you. It should instinctively deflect attacks quietly in the background while allowing you to go about your everyday business without interruption or interference.

That’s the goal behind the browser virtualization feature we built as the foundation of the new ZoneAlarm ForceField. In some ways, it’s anti-traditional. It doesn’t scan your hard-drive or filter incoming emails. It’s not actually looking for threats. Browser virtualization allows you to be attacked, but at the same time avoid harm.

But to us, this approach *is* traditional…it’s not unlike the firewall. Like the original firewall (which remains super-relevant even after almost a decade), in a way browser virtualization tricks a hacker into believing something. The firewall stealths ports to avoid random probes hackers may have unleashed on the Internet (ie a hacker may run a port scan on a range of IP addresses to find vulnerable PCs connected to the Internet). Similarly, browser virtualization can trick a hacker into believing the files he seeks to infect through Web-based attacks are simply not there, because they’re partitioned away from the Web session.

That provides a bubble of security that allows you to make mistakes, and flush them away simply by closing the browser. It’s security without the hassle.

Why is it important?

Each time you surf the Web, a number of changes — many innocuous — are made to your OS. For example, when you fill out an online form to become a registered user of a Web site, the site’s server may download a “cookie” onto your PC to allow you to be automatically logged in on your next visit.

But some hackers are using Web sites to deliver malicious software to your PC.

For instance, a keylogger could be automatically downloaded from an infected Web server to your PC to record everything you type and transmit it to cybercriminals. Or a Trojan could be hidden in a video you are trying to watch on a social networking site, allowing a hacker to take over control of your PC and turn it into a “zombie” PC.

How does it work?

ZoneAlarm ForceField diverts all automatic reading and writing attempts as you surf the Web to an emulated, or “pretend” part of the operating system, isolating your “real” operating system from automatic drive-by-downloads and Web-based malware. It’s essentially a reverse-trick.

You may have heard of business-focused PC and data center virtualization solutions from companies like VMWare and Citrix. ZoneAlarm ForceField’s virtualization engine is in a way similar in function to “manual virtualization systems” like VMWare™. But instead of virtualizing an entire image of your operating system and partitioning it like an entirely new “second PC” on a single machine,  ZoneAlarm ForceField uses precision emulation, virtualizing only those parts of the operating system that are written to by Web sites. It also automatically maintains the virtual system it creates.

There is no large installation, significantly less system memory use and associated performance degradation, and no need for you to keep track of two separate operating systems (or even two separate filing systems).

The virtualization engine works in two directions, protecting your PC by writing “unsolicited” downloads to the emulation layer (but still allowing you to intentionally download stuff you want), but also protecting the Web session (such as banking, shopping etc). The “bubble” prevents spyware technologies like keyloggers and screenscrapers that may already lurk on your PC from seeing anything you are doing. It’s like blinding the spyware.

This is a new technology, and we’re already working on our next generation of virtualization technologies. Stay tuned…