Sandbox security versus the evil Web
- — 01 October, 2008 09:02
Although Authentium's SafeCentral attempts to prevent keyloggers, screenscraping software, and malware from silently exploiting systems from Firefox browser sessions, it is most proud of its ability to prevent DNS and Web site spoofing for its 15,000 registered partner Web sites. The SafeCentral Portal site list includes thousands of commonly used banking, financial, and other popular Web sites and will prevent many phishing attacks. This is an opt-in feature, forcing the user to access sites from the SafeCentral Portal in order to ensure site authenticity. If your Web site is not listed or if you are socially engineered into visiting a bogus Web site without going through the portal, you will not get the protection of SafeCentral's redirection.
After you install SafeCentral, which requires a multistep process more complicated than its competitors, it loads a custom version of Firefox and modifies the toolbar in Internet Explorer, if it finds Internet Explorer on your system. Various "elements" are installed to secure and protect the desktop from the custom version of the Firefox browser and vice-versa.
When the user is in a secure Firefox browser session, the rest of the system is dimmed and interaction is restricted in significant ways. If you click any program or desktop area outside of the browser, the secure browser session is paused and dimmed. Every switch between the protected browser session and the desktop took an extra click and often caused slightly uncomfortable latency. It reminded me of Microsoft Windows Vista's "secure desktop" feature that accompanies User Account Control (UAC) protection, except that Microsoft's secure desktop provides significantly more separation and security.
In extensive testing, SafeCentral did not allow a single silent install in Firefox, except for the Adobe Flash clipboard hijack, which every other product missed as well. That's about the only good point I could give this product, and one that would be matched by a fully patched browser as well. In my testing, SafeCentral permitted hundreds of malware downloads, if the site "fooled" the user into downloading and running the program. At no time did SafeCentral stop any malware download initiated by the user, or prevent the subsequent system modification, or ever warn the user of the impending potential damage.
Protection was worse for Internet Explorer. Even though SafeCentral modified the toolbar and offered an indication of alert messages, it allowed nearly every silent malware install I threw at it, without so much as a peep. Clicking the SafeCentral toolbar icon (with Internet Explorer) simply launches the further secured version of the Firefox browser, which doesn't help when visiting the millions of Web sites that require Internet Explorer. Overall, I saw no advantage to using SafeCentral with Internet Explorer and questionable value with Firefox. The strength of this product lies with its DNS and anti-phishing protection. Those who want protection against browser threats should look elsewhere.