ForceField beta aims to protect browsers from drive-bys
- — 25 September, 2007 10:04
Check Point Software Monday unveiled a beta of ZoneAlarm ForceField, surfing security software that runs Internet Explorer (IE) and Firefox in a virtualized environment to keep threats such as drive-by downloads at arm's length.
Available now as a free download from the ZoneAlarm site, ForceField runs IE 6 and IE 7, as well as Firefox 1.x and 2.x, in what it's calling a "precision virtualization engine" on Windows XP and Vista. Essentially a stripped-down virtual machine, the engine creates a "sandbox" within which the browser -- and thus the user's PC -- is immune from some kinds of Internet threats.
"We're using the concept of virtualization, but rather than virtualizing the entire machine, we're just doing a precision virtualization," said Laura Yecies, Check Point's consumer division general manager. "It has all the benefits of a full virtual machine."
The technology, which Yecies said the company had been working on "for years," came out of its Belarus-based branch and creates a virtual file system and a virtual Windows registry -- the engine, essentially -- that then hooks into the Windows kernel to redirect calls to the virtualization engine. The result: the PC is protected against malicious code that otherwise would end up on the real system, while the browsing session is also protected against threats, such as keyloggers or other spyware, that may already be on the box.
"Because it's two-way, ForceField also protects the browser from anything bad on the computer," said Yecies.
When a session is closed, so is the virtual engine; any malware that's managed to get by the other defensive layers Check Point includes with ForceField is thus deleted along with the virtualized browser.
Check Point has layered other defenses atop the virtualized browser, including signature- and heuristic-based antiphishing; a tool that checks downloaded files for possible malware; an anti-keylogger that blocks that spyware category; and a site blocker that relies on a blacklist the company keeps up to date. The additional defenses separate ForceField from rivals such as GreenBorder, a virtual machine-based browser sandbox technology that Google acquired in May, and Microsoft's own "protected mode" in Windows Vista, said Check Point.
Unlike GreenBorder, ForceField is not an all-or-nothing virtual machine, said Jordy Berson, ZoneAlarm's group product manager. The user can let downloaded files reach the physical PC's hard drive, and by default, browser settings -- cookies, installed toolbars, browsing history, and the like -- are saved to the real PC so they're available when IE or Firefox is fired up next time.
"It's a usability thing," said Berson. "Most people just aren't technically comfortable with the whole virtualization idea, such as managing two file systems [virtual and real]. If this was totally virtualized [as is GreenBorder], they'd be asking 'How come when I go to Amazon my shopping cart isn't there,' or 'What happened to the toolbar I installed?'" Berson said.
As for IE, Berson downplayed the protected mode available to IE 7 in Windows Vista. "We expect IE to have [vulnerability] issues in the future," he said. "Users need multiple layers to protect their PCs."
Check Point will price ForceField at US$29.95 when it releases the final software early next year.