by Laura Yecies
What’s the difference between a
regular browser and a virtualized browser? Not much that you’d notice, and
plenty that you won’t. And that’s the way it should
be.
Security should require as little
intervention as possible from you. It should instinctively deflect attacks
quietly in the background while allowing you to go about your everyday business
without interruption or interference.
That’s the goal behind the browser virtualization feature we built as the foundation of the new ZoneAlarm
ForceField. In some ways, it’s anti-traditional. It doesn’t scan your hard-drive
or filter incoming emails. It’s not actually looking for threats. Browser
virtualization allows you to be attacked, but at the same time avoid harm.
But to us, this approach *is*
traditional…it’s not unlike the firewall. Like the original firewall (which
remains super-relevant even after almost a decade), in a way browser
virtualization tricks a hacker into believing something. The firewall stealths
ports to avoid random probes hackers may have unleashed on the Internet (ie a
hacker may run a port scan on a range of IP addresses to find vulnerable PCs
connected to the Internet). Similarly, browser virtualization can trick a hacker
into believing the files he seeks to infect through Web-based attacks are simply
not there, because they’re partitioned away from the Web session.
That provides a bubble of security
that allows you to make mistakes, and flush them away simply by closing the
browser. It’s security without the hassle.
Why is it
important?
Each time you surf the Web, a
number of changes — many innocuous — are made to your OS. For example, when you
fill out an online form to become a registered user of a Web site, the site’s
server may download a “cookie” onto your PC to allow you to be automatically
logged in on your next visit.
But some hackers are using Web
sites to deliver malicious software to your PC.
For instance, a keylogger could be
automatically downloaded from an infected Web server to your PC to record
everything you type and transmit it to cybercriminals. Or a Trojan could be
hidden in a video you are trying to watch on a social networking site, allowing
a hacker to take over control of your PC and turn it into a “zombie”
PC.
How does it
work?
ZoneAlarm ForceField diverts all
automatic reading and writing attempts as you surf the Web to an emulated, or
“pretend” part of the operating system, isolating your “real” operating system
from automatic drive-by-downloads and Web-based malware. It’s essentially a
reverse-trick.
You may have heard of
business-focused PC and data center virtualization solutions from companies like
VMWare and Citrix. ZoneAlarm ForceField’s virtualization engine is in a way
similar in function to “manual virtualization systems” like VMWare™. But instead
of virtualizing an entire image of your operating system and partitioning it
like an entirely new “second PC” on a single machine, ZoneAlarm ForceField uses
precision emulation, virtualizing only those parts of the operating system that
are written to by Web sites. It also automatically maintains the virtual system
it creates.
There is no large installation,
significantly less system memory use and associated performance degradation, and
no need for you to keep track of two separate operating systems (or even two
separate filing systems).
The virtualization engine works in
two directions, protecting your PC by writing “unsolicited” downloads to the
emulation layer (but still allowing you to intentionally download stuff you
want), but also protecting the Web session (such as banking, shopping etc). The
“bubble” prevents spyware technologies like keyloggers and screenscrapers that
may already lurk on your PC from seeing anything you are doing. It’s like
blinding the spyware.
This is a new technology, and
we’re already working on our next generation of virtualization technologies.
Stay tuned…
