PC’s today are mostly victims of infections caused by visiting infected websites that drop malware codes. Even though we have website reputation checks implemented by all anti-malware software, there is always a slight chance that the user may visit a newly infected website that has not yet been classified as ‘infected’ in the reputation database. This results in a need for another layer of protection to effectively filter and block these rapidly growing web threats.
There are chances of your computer picking infections from a newly infected website that is using specially crafted malware that goes undetected even by up-to-date or latest security software. The reason being, these new Trojans that are dropped by the infected websites try to use a new undocumented vulnerability in Windows or in your browser or other products like Adobe Reader to take control of your PC.
In this scenario, ‘Browser Sandboxing’ provides the much needed extra layer of protection from such infections. Browser Sandboxing is a technique that creates a virtual environment and executes your Internet browser within this virtual environment inside your PC. When you are surfing the Internet through the browser that is executed in the virtual environment, it protects your real PC from any infection that you catch when you visit infected an website. If you visit an infected website and it tries to infect your PC, the infection is restricted to the virtual environment and the malware will be unable to affect your real PC. When you exit the browser and close the virtual environment, all the changes done in the virtual environment are deleted and do not leak into your real PC. This way your actual PC remains unaffected.
This technique of running a browser in a sandbox has been around for quite some years now. Google Chrome provides a sandbox feature and Internet Explorer also has a feature called ‘Protected mode execution’ that provides a similar environment. However, there are limitations to these features as defined by the browser developers. First of all, the sandbox feature is not turned ON by default; the user has to switch it ON to use it. More so, the virtualization achieved by these security features is partial and one can still get infected by more advance malware.
This leaves a lot of scope for working on evolving a more secure sandbox environment for popular browsers that is ON by default and prevents every threat from entering the PC while visiting infected websites. Mr. Rajesh Nikam, Senior Researcher, at Quick Heal Technologies, will be presenting his research findings and an in-depth approach to Browser Sandboxing in his paper presentation at AVAR 2011 International Conference at Hong Kong on 11th November 2011. For more details of AVAR 2011 conference please visit: http://www.aavar.org/avar2011/