Slashdot Mirror
Google Buys Anti-Malware Security Startup
J Tomas writes "Google has quietly made its first anti-malware acquisition, snapping up GreenBorder Technologies, a venture-backed company that sells browser virtualization security software. GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook. The early speculation is that Google will add the sandbox technology to the Google Toolbar or release a rebranded version as a standalone download."
Evil or not evil? Hmm...
GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook.
Dear GreenBorder,
Thank you for doing work we should have done years ago.
Unfortunately this level of work requires considerable resources
which would drive down our bottom line and
shareholder confidence.
William Gates III
Microsoft Corporation
Harry Kim: "Borg Attack!"
Janeway: "Raise shields"
Paris: "Its no good, they have adapted, they are firing sunloungers"
liqbase
...proving that corporations aren't evil, but trying to stay on top when you're top dog might corrupt absolutely. This would not have happened in "Lord of the Rings."
I refuse to demonize corporations, because I know that people run them and do the best they can with an often paradoxical set of goals. I remember when one boss I worked for sold his company to a larger technological concern, and suddenly all the rules changed. Image became more important than reality. We did everything we could to inflate figures. And the guy who once spent hours thinking about "the next cool thing we'd all like to use" stayed up late looking over spreadsheets, metrics, indicators and other spaced-out crap that has no relevance to reality.
We might call this time "the devirginization of Google," as they are inducted to the weird malevolent world of corporate politics as the top dog in the Darwinian internet struggle for virtual world domination.
technical writing / development
Shouldn't this really be a 'firewall'?
/pedant
The usages I have seen of the term DMZ refer to where both part 1 and part 2 are considered 'safe' and so there's no need for security measures in between them - so it's an area that's a DMZ, not a wall.
When did Linux steal this innovative technology and rename it chroot.
davecb5620@gmail.com
Is Google the next Enron?
Financially,
Kilgore Trout
So...is it like the plain old Java sandbox?
Hmmm...I guess not. GreenBorder's "sandbox" appears to have some pretty big holes.
Great!
Yet another piece of software that interferes with my network layer, slows my PC, and eats half my CPU cycles just to keep malware from infecting my machine.
When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?
When more than 50% of the CPU cycles in my PC go to security software (Antivirus, Antiphising, Antispyware, Antiadware, Antifraud, heuristics scanning, SPAM filter, personal firewall, strange DMZ browser-thingeys) during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.
I need an Anti-security-bloatware product. And fast!
My security clearance is so high I have to kill myself if I remember I have it...
Now, if only they would filter out the sites that CAUSE the malware and spyware. Not only that, but so many garbage/search sites come up when you search for simple things like drug names and such. You would think they could block out other automated crawlers that clog up bandwidth as well.
"Please, shut up. Just when I think you can't say anything more stupid, you speak again." -Archie Bunker.
1) Install every anti-virus, firewall, virtual sandbox DMZ, and toolbar that you can.
2) Sustain 99% CPU usage.
3) Protected!
Thanks for your timely response.
.....and so on and so forth.
Your grade for this response is: F
Why you received an F:
You need to answer the question rather than to simply pose another question, although it may have been more helpful to rephrase the question as follows:
Is Google the next Enron? Discuss.
ie. Suppose the question is: George W. Bush a war criminal? Discuss.
Example response. To address George W. Bush's guilt as a war criminal, we first need to
address what a war criminal is. Criminality in war is largely a product of the winners and losers in
a war despite the limitations of considering war as a zero-sum game
Help Democracy and Freedom: Imprison This Thug.
"Now, if only they would filter out the sites that CAUSE the malware and spyware"
.. :)
.. 64,300,000 hits ...
That would be the responcibility of the ISPs and the host providers.
"so many garbage/search sites come up when you search simple things like drug names and such"
Try the Product Search
Google search on viagra (the high blood pressure drug formerly knows as sildenafil citrate and remarketed as an aphrodisiac)
was Re:Google...
davecb5620@gmail.com
There IS a way to "sandbox" IE, and iirc, it even works on IE7:
f set=15&rows=30
/user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits"
http://www.osnews.com/comment.php?news_id=9654&of
RUNNING IE in a "runas limited user class" sandbox effect:
"It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.
Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.
Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.
Say the limited account is called "IEuser". Then create a shortcut to "runas
APK
I can't wait for the "All-Seeing Eye" Google toolbar for Firefox!
I am on the road crew. This is my stop sign.
Well I was asked to evaluate this product 2 years ago. At the time it was not very useful as there were some problems. But last year when they did their update it was a good improvement on speed and memory foot print. For what it does the product works well. And with Googles money and resources behind it, it can only get better.
"When more than 50% of the CPU cycles in my PC go to security .. during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.
... :-S
Install DRDOS on Novell Netware circa 1993 and run Netscape off of diskless clients.
Re:Great
davecb5620@gmail.com
Buy a giant ad company, then this? What are they going to do? Poke some holes into it to let their stuff through? I guess I need to make my own crawlers if I want an effective search engine now. The big ones are becoming ever more useless. Can anybody tell me what a toolbar does that a bookmark can't? Besides look all purdy an' stuff? Put enough of them in there, and the web page only has enough space to show one line of text. It's like ESPN with all those stats on the screen completely blocking the action.
What?
"What I was actually referring to is simple searches on interactions or vital information without advertisements"
..
Yea, a lot of hits are to fake pages with nothing but adverts and links to other search results. But that to do with website promotion where they put a lot a fake stuff in the meta tags.
Re:Yea, Google is evil
davecb5620@gmail.com
In soviet russia, google buys you!
Read about this ealier, and as nice as it is, i'll probably stick with Sandboxie. Does the same thing as this, but also protects other programs.
If you donate to the project, you can unlock a few more features that allow you to start any program under sandbox ALL the time, even without it being started before the protected program. (well, the main program, not the service)
Its pretty good, but the file browser that comes with it could do some with some work... tends to lock up sometimes in large directories.
Although, with this, if Google does find malware and crap like that, they could easily tag a site and alert a user/kill connection whenever it comes up, killing a connection only on cases where there isn't really a site to go to.
Still don't want that horrible green border, sorry, that is just plain ugly. (Sandboxie just does [#] Window Title [#] on any sandboxed windows FYI)
...if it will detect the Dell-branded Google toolbar as adware, and remove it?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 SU CK IT MP AA
DAMNATION!
:-/
I forgot the Anti-crapware software! Why did you have to remind me of that!
Aaaawwww....
My security clearance is so high I have to kill myself if I remember I have it...
Hmm, that can be done with Qemu or VmWare and is known as a Kiosk. The trouble is that the machine can still do a lot of damage in between reboots.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
You need a proxy server with a proper filter such as Dan's Guardian or Squidguard with Willowbark or Viralator. Never hook a naked Windoze PC to the internet - Windoze needs to hide behind a penguin.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
"dude, and I thought Linux was hard"
"With all that command line stuff we see Microsoft following in Linux's footsteps *again*"
"If only it was this easy to install Java on windows..... oh wait."
"With your mastery of the command line you are now ready to switch to Linux."
"What's a batch file? Is that like a script?"
Since when do slashdoters need to be informed that DMZ is short for "demilitarized zone".
"When I want your opinion, I'll give it to you." --leonstryker
...this is exacly the way I do (but with opera and other internet related apps as acroread, mail, ...). But simply "runas /user:xxx cmd" is not the best way to achieve process separation. If you have a look at the process tree you will see: system->smss.exe->winlogon.exe->services.exe->cmd. exe->iexplore.exe. A better way is to use the method described in Joannas blog http://theinvisiblethings.blogspot.com/2007/02/run ning-vista-every-day.html, see section: Do-It-Yourself: Implementing Privilege Separation. Using the psexec tool as described results in a "clean" process tree where iexplore.exe will show up directly under the root avoiding beeing a child process.
/D /c start /b Opera.exe"
This is my runopera.bat which runs opera as user internet:
psexec.exe -d -u internet -p p4ssw0rd "cmd" "/d
There are really two problems at the root here. One is the human drive to push all of that crap on anyone and everyone on the internet for some kind of personal gain. And the other is a combination of user stupidity to unknowingly accept it combined with software that doesn't always make it easy for your average user to understand what it is they're accepting.
The way I've solved this problem.
1. Use Firefox as your default browser with adblock and Noscript, ditch IE.
2. Use a router with a firewall and ditch the Windows firewall.
3. Ditch Norton AV or whatever else and use NOD32
4. Switch to webmail system for sending/receiving your email.
5. Don't install any software you get "free" with anything unless you actually intend to use it.
Of course these only work if you're starting with a clean install.... I never see more then a small fraction of my resources being dedicated to background tasks and every few months or so I'll run Ad Aware or Spybot just to see if anything pops up only to find nothing more then a handful of cookies in the browser cache.
Linux is great and so are Macs, I actually have a Linux box, but neither Linux nor Macs can run/don't have viable alternatives to a lot of the applications I use on a day to day basis. If web-browsing, word processing, and media playback were all I needed a computer for then they'd be great. Unfortunately I need it for a lot more then just that.
Collector's Edition
First off, your comment has nothing to do with the article and it seems to gotten modded +5 insightful?.
Secondly am tired of people defaulting to the lowest common denominator. What you described is the exact problem. Why should 'image change'? Google got it's image from the way it has always been, simple, useful, and unobstructive. Why now should it turn to evil? Was their "paradoxical set of goals" to own every piece of information on every person in the entire world in the long run when they started? I doubt it. Or was it to provide a better search to the world? The bottom line is google needs to keep setting a good example, and buying this company that will prevent infectons is doing just that. They censored China because they entire Chinese government was pressuring them to. When entire governments pressure you to do things you sometimes end up doing them, even if it means you look evil. But recently their board of directors voted to un-censor China, which shows google is against censorship unless a court steps in (damn courts). The google guys see having our information to make our lives better to provide us what we need. The general populace sometimes sees that as invasion of privacy, or 'evil'. People have different definitions of evil. They are'nt selling our information are they? And if no one is breaking any laws they are'nt giving our information out to the government right? So why is google going to become so evil? I don't get it. If the stock tanks its not googles fault. It's Joe Stock Markets who does'nt know dick about investing.
Now I know where we are heading to. The ultimate goal is to load your computer with as many anti-virus, anti-spyware,... etc so that the actual virus/spyware won't have any CPU cycles left to infect your computer.
but for pity's sake, please: it's aren't. Because the not is abbreviated. TY.
It has been noted that Google chose not to recognize Memorial Day with an altered logo, as they do with many other holidays.
A reader forwarded the following reply from Google, about their continuing failure to mark Memorial Day; it's the same reply they've given for at least three years running.
Thank you for your note. We appreciate your interest in seeing a Memorial Day Google logo. If we were to commemorate this holiday, we'd want to express reverence; however, as Google's special logos tend to be lighthearted in nature, this would be a particularly challenging design. We wouldn't want to create a graphic that could be interpreted as disrespectful in any way.
We have a long list of holidays that we'd like to celebrate in the future. We have to balance this rotating calendar with the need to maintain the consistency of the Google homepage. We really value your feedback regarding the Google logo, and please be assured that we're actively pursuing ways in which we can acknowledge Memorial Day and other such occasions in the future.
Regards,
The Google Team
By "in the future," they apparently mean sometime in the next century or so.
As for their claim that they want "lighthearted" logos, how "lighthearted" were those melting glaciers they used on Earth Day?
Here was Google's reply in 2005 when people asked why they didn't mark Memorial Day.
We have to balance this rotating calendar with the need to maintain the consistency of the Google homepage.
Furthermore, Google's special logos tend to be lighthearted in nature. If we were to commemorate Memorial Day, we would want to express reverence, rather than mirth. This would be a particularly challenging design. We would not want to, in any way, create a graphic that could be interpreted as disrespectful. In light of the mail we have received about this, we are actively considering designs we could display on this day next year. We welcome any suggestions you may have.
To show you how transparently false this excuse is, here's the logo Google used for Australia's ANZAC Day, the Aussie equivalent of Memorial Day.
And here's their logo for Canada's Remembrance Day, which they've been running for several years:
In truth, Google is willing to honor the fallen of every country--except their own.
I just realized that Microsoft's best weapon against Google is actually Windows' terrible security track record (*): due to that there are botnets out there compromised of hundreds of thousands of Windows machine... And some are used for click fraud.
So botnets of (insecure) Windows machine could actually kill Google's whole business. Quite scary uh!? Google for the recent Google paper "The anatomy of ClickBot.A": they spotted a botnet made of 100.000 Windows machine. This is hurting Google's main revenue line and, suddenly, you start to understand why Google would like Windows users to use a secure system to surf the Internet.
Well, of course I'm exagerating: once Google starts to move to an "CPA" scheme (Cost Per Action), then real transactions backed with real money can (and will) be traced... And suddenly all these clickbotnets go "poof"! (in the end, to cheat on a CPA scheme you must, at one point or another, pay with stolen money... which is way more difficult than simulating fake clicks here and there, not too mention way more illegal).
(*)Insert logical fallacy here concerning the "monocrop" argument blah blah blah" (no, I don't buy the "because Windows is the most used, it is the one with the most security holes". If such an argument was true then it would mean all OSes would be equal with regard to security, which is a broken belief)
"But simply "runas /user:xxx cmd" is not the best way to achieve process separation. If you have a look at the process tree you will see: system->smss.exe->winlogon.exe->services.exe->cmd. exe->iexplore.exe. A better way is to use the method described in Joannas blog http://theinvisiblethings.blogspot.com/2007/02/run ning-vista-every-day.html, see section: Do-It-Yourself: Implementing Privilege Separation. Using the psexec tool as described results in a "clean" process tree where iexplore.exe will show up directly under the root avoiding beeing a child process.
/D /c start /b Opera.exe"" - by Anonymous Coward on Tuesday May 29, @02:46PM (#19312139)
/. mods - mod his reply UP!
.rtf files being hijacked (man, what's next) -> Rich Text Malware
2 007/05/25/rich-text-malware/
.DOC types imo, but lacking the macro virii possible in them), but it is appearing more & more that .txt IS "THE WAY" to be safe @ a 110% level! apk
This is my runopera.bat which runs opera as user internet:
psexec.exe -d -u internet -p p4ssw0rd "cmd" "/d
Very, VERY nice!
(I state that, mainly because I am an Opera user (and, a Joanna R. fan too))!
(His/her technique is probably superior to the one I posted, based on his explanation I quoted above, because it makes 100% sense)
However - Either way, EITHER way: Both SHOULD do the job for folks worried about this stuff & help protect them more!
APK
P.S.=> Now, onto
http://www.avertlabs.com/research/blog/index.php/
Heh, & I use these like mad (to avoid infecting others, & it is as pretty as WORD
1.) Create website for vaporware 2.) Promote it and put lots of google ads on it 3.) Collect google money to fun actual development 4.) Give away product for free to make it popular 5.) Sell company to google for millions 6.) Retire at age 20 :)
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
http://www.osnews.com/comment.php?news_id=9654&of
Note that on Vista this is not necessary, as Vista automatically sandboxes any running IE instance with Protected Mode enabled in Internet Options (or for that matter, any app which uses the protected mode API - Microsoft keep asking the Opera team to implement this).
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Helen Clark didn't get rid of that in NZ? :)
Sorry to go off topic here, but do you or anyone have a link to good resources on DMZ design?
:-)
I've looked aroud, but havn't found anything that comes from a reputable source, but remains simple enough for the network guys at my work to understand
A bit of background - I work for an organisation with several web applications that are accessed by external users by them first logging into our network through a VPN, then separately logging into whichever web app they need. Not the best situation I think you'd agree!
Cheers
Tim
"Note that on Vista this is not necessary, as Vista automatically sandboxes any running IE instance with Protected Mode enabled in Internet Options" - by Kalriath (849904) on Tuesday May 29, @07:18PM (#19315781)
.reg file hacks, + SCW & some other things (good practices in email & browsers, turning off ActiveX/ActiveScripting/Java/Javascripting - and, I don't use IE, but instead Opera).
Interesting, & granted, you are most likely correct on VISTA on this account. Vista does possess many "under the covers" enhancements in those 7,000 new API calls present in it, as well as features for security.
E.G.-> In terms of 'security benchmarks' (for what they're worth, I have YET to find one that is TOTALLY "perfect" in ALL regards (& I have tested ones like BELARC ADVISOR, & CIS TOOL 1.0 (best one yet in this latter one)), I ran CIS Tool 1.0 over VISTA, & it BLEW AWAY Windows XP... as far as "security rating outta the box".
However, iirc, VISTA scores into the mid 60's range out of the box.
By way of comparison - I run a custom-hardened Windows Server 2003 SP# 2 that scores 84.735...
(Via security policies, ip security policies, ip port filtering, software & hardware (true CISCO-LinkSys NAT tech), & customized registry
Still, VISTA via things like Address Space Randomization, WIC, (& more) is a HUGE step in the right direction and improves upon XP, by far.
Even in its version of IE 7 (which is a step above on Windows Server 2003, via its special hardened configuration, which anyone can emulate (turning offs scriptings & ActiveX/Java as noted above on ANY Win32 OS), as YOU pointed out.
"Options (or for that matter, any app which uses the protected mode API - Microsoft keep asking the Opera team to implement this)." - by Kalriath (849904) on Tuesday May 29, @07:18PM (#19315781)
Would be nice to see, & if anyone/software oem/publishing house can do it, it's the folks from OPERA!
APK
P.S.=> Great discussion guys, not a wasted day, as I learned about using psexec to isolate processes, rather than the runas commandline I initially pointed out that CAN isolate IE... apk
Here you go!
Do you even lift?
These aren't the 'roids you're looking for.
Just what we need, Google making unstable security software. I have not used this particular brand, but in general, such programs are irritating at best, unstable and exploitable at worst.
Once, I had a bug in my program that caused my XP development system to bugcheck (BSOD). It puzzled me how a bug in my lowly non-Administrator user-mode program could bring down the entire system. I attached a serial cable to WinDbg it and traced to the system calls. It turns out I was passing a bad pointer to a system call. I traced it further and found that some code in the kernel was doing an unprotected read of my pointer.
But it wasn't Microsoft's. It was a rootkit installed by an "enterprise-level intrusion detection system" that our company makes us all use. Apparently, this vendor doesn't know how to develop NT kernel code, since they weren't using __try let alone ProbeForRead. With code quality like that, I'm sure if someone cared they could find an exploit to get ring 0.
Microsoft decided to make PatchGuard because rootkits like these make Windows appear more unstable than it really is. Helps a bit with DRM too.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Not yet. We're waiting though. She wont want to remind us that we HAD a military force before she came in ;)
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
You are still doing much much better than Canada.
Hmmm... As an Aussie, I quite like the Anzac Day logo. It's simple, shows an image that every Australian and New Zealander can connect with the day and what it represents, and can tastefully show a logo that looks almost joyous.
I'm not familiar enough with US symbols to know what they'd do for Memorial Day, but perhaps you could make some recommendations to them about what would be tastefully appropriate?
I know google is reputedly all powerful, but I'm struck by the thought - after reading your comment - that you could find some use as a solution to this problem... offer your advice. Crank up whatever open source image editor you use and give it a go.
And that kids is how I met your mother.
Google Memorial Day Logo Design Contest
o /
http://www.zombietime.com/google_memorial_day_log
Some of them are rubbish. Some of them are good.
Thanks for the tip, i'll try it out.
For the lazy, here's a link: www.sandboxie.com