Sandbox security versus the evil Web

Five products strive to trap drive-by downloads and other threats in a virtual Web browsing space, with mixed results

SoftSphere DefenseWall HIPS 2.44

Although security is rarely a binary choice, SoftSphere's DefenseWall HIPS separates all applications into just two categories: trusted or untrusted. Applications that can be expected to interface with potentially malicious content should be placed into the untrusted category. Processes started by untrusted programs automatically inherit untrusted status. Automatically downloaded or executed content from an untrusted program is protected from execution and prevented from manipulating protected resources.

Installation of DefenseWall HIPS was simple and quick, and the accompanying help file covered the essentials. The DefenseWall HIPS comes preconfigured with 11 untrusted programs, including Internet Explorer, Firefox, QuickTime, and a few other frequently exploited programs. However, Adobe's Flash Player was not automatically included on this list, and this allowed the clipboard hijack exploit demo to be successful.

Untrusted programs can be launched in a trusted state by choosing the application in the Untrusted applications window and selecting the Run as Trusted button. This is a nice way to end up with both trusted and untrusted browser sessions to handle various Web sites. The untrusted browser sessions are marked in the title bar to help users distinguish between the two.

The SoftSphere program has many customizable options, including the ability to include or exclude specific Windows resources (such as files, folders, registry keys, and so on) as trusted or untrusted. You can roll back any identified resource changes on a per-resource basis, although the program does not always distinguish between legitimate and malicious changes, leaving the final trust decision to the end-user. I especially like that DefenseWall HIPS considers all programs from removable sources to be untrusted by default.

Overall, DefenseWall HIPS stopped most malicious threats from automatically executing, though at times in a disconcerting way. When I browsed to malicious Web sites with an untrusted browser, the DefenseWall HIPS added any further starting programs (in testing, these were always malicious programs) to the untrusted applications list, which prevented much malicious activity. Further, it warned me when a malicious program was trying to modify critical system files.

Auto-downloaded malware is saved to the disk, but in such a way that it is not a threat to your system. You can disable the program, remove it, or, if the program is legitimate, move it to the trusted applications area. If you manually save a file to the desktop, which is often the case with social engineering, DefenseWall HIPS attempts to keep it marked as untrusted, but I found instances where malicious files could escape to trusted areas.

The DefenseWall HIPS includes a Stop Attack window, which allows a user to quickly close all untrusted processes if a malicious attack is suspected. The Adobe Flash clipboard hijack exploit lived through this closing; DefenseWall HIPS did not report any events or modifications, nor did it offer to roll back any changes.

DefenseWall HIPS also had a hard time cleaning up from the XP Antivirus malware, as did many of the competing programs. Although XP Antivirus was executed from within an untrusted browser session, the malware program was able to permanently modify the system and leave remnants of itself behind, even after I instructed DefenseWall HIPS to close all untrusted processes and delete all resource changes. DefenseWall HIPS did a pretty good job in stopping most malware programs, but it wasn't perfect.

Join the PC World newsletter!

Error: Please check your email address.

Tags software applicationsmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Roger A. Grimes

InfoWorld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?