Does sandbox security really protect your desktop?

Tests question vendor claims of meaningfully improved security, though not everyone agrees

Two years ago, GreenBorder, one of the early "sandbox" browsers, received mighty applause from Wall Street Journal tech guru Walt Mossberg. The sandbox browser -- basically, a browser running in a virtual container -- promised to keep nasty code from spilling into a computer's operating system and wreaking havoc.

Tests showed a year earlier that such sandbox technology didn't really work, at least not then. This year, to see if anything had changed, a new version of this technology was tested, in the form of Check Point's ZoneAlarm ForceField. Same result: it didn't do the job. "Within less than a minute, by clicking only my third test malicious Web site link, my test system was silently compromised without so much as a chirp out of ForceField," wrote security guru Roger Grimes.

The problem, then and now, is the sandbox wall remained permeable, so Trojans and other forms of malware can slip through the virtual sandbox into your desktop.

Grimes believes the technology approach of the sandbox browser, which he calls virtual red-green computing because the browser is the unsafe red zone and the operating system is the safe green zone, is fundamentally flawed -- and so he debunks the entire product category. Virtual red-green computing is the decades-old practice of creating separate safe and unsafe zones on a computer using virtualization techniques.

Sandbox browsers are largely aimed at consumers and small businesses. Products include ForceField (which claims to protect more than 60 million PCs), Sandboxie, Trusteer, and (Google bought GreenBorder a year ago, and it seems to have since disappeared as a product.)

Grimes' gripe: blurring red and green lines

The problem with sandbox browsers, Grimes says, is that eventually a browser and the operating system have to talk because they are so heavily integrated in the desktop environment -- that is, the red and green areas of a computer must co-mingle. It's nearly impossible to isolate one from the other, given browser plug-ins, JavaScript, and ActiveX controls that need to run code on the operating system.

In Grimes' ForceField test, for example, he visited known malicious Web sites with an unpatched Windows XP computer running ForceField and, again, with a fully patched computer sans ForceField. He did this to single out ForceField's capabilities. The fully patched computer foiled all attacks, whereas the non-patched computer with ForceField was breached on the third Web site Grimes visited.

The breach occurred when Grimes clicked on a malformed Flash file that caused a buffer overflow, sending an executable string of code into the computer's memory. "The malformed file used an API that was unexpected by ForceField to install itself as a service," he says. "Most of these limited emulation products cover dozens of the most popular APIs, but malware uses hundreds. Unless you cover every API call, [malware] is going to get around it."

In other words, "if the browser needs to launch an application, then all bets on the sandbox are off," says Doug Dineley, executive editor of the Test Center. "The application has to interact with the OS."

Page Break

Another Grimes gripe concerned the reset button. Sandbox browsers have a reset button that the user can push if he suspects that the browser has been compromised. The button resets the browser to a clean state, often to a snapshot of the virtual browser before the Web session started. Of course, if the virtual browser is infected with something that can get to the operating system, the reset button option may be too late to protect you.

These reset buttons don't actually fully reset the browser; they leave some user settings alone, such as bookmark lists, between sessions. But ForceField's reset button kept resetting Grimes' home page. That's an annoyance compared to GreenBorder, which didn't actually reset its browser, so malware remained even after he triggered the reset button, Grimes recalls. "E-mail worms would start spamming other people on your network until you reset it -- and a reset wouldn't even get rid of it all."

Check Point fires back: a flawed test?

Check Point has been trying to replicate Grimes' ForceField test (and results) without success. "We're just not sure how the product was actually tested," says Jordy Berson, product manager of ZoneAlarm ForceField. "There are cases with ForceField where a threat is stopped -- it never hits the computer but is captured in the virtualized layer -- and it may appear to the tester that it's actually been successful."

Moreover, the sandbox browser was never meant to run on a system without patches, firewalls, or anti-virus software. ForceField simply adds another layer of protection and has never claimed to be full-proof, contends Berson. Indeed, Grimes' test didn't show whether or not ForceField could improve security of a fully patched system.

Sky King, product leader at ForceField, admits that the underlying virtual red-green computing model requires trade-offs. "We are virtualizing the core browser, but there are some exceptions you have to make for usability," he says. Users will want to download Web browser plug-ins like Beatnik, QuickTime, RealPlayer and Shockwave, as well as cookies and other software files, that need to tap into the computer's file system to be used regularly.

Here's how the trade-off works: ForceField's decision engine looks at every downloading file to determine whether the user solicited it. If the engine decides that the user solicited the file, it will likely allow the file to pass through the virtualization layer. "But if something comes down from the browser that the user has not solicited, then it goes straight to virtualization to die," Berson says.

For user-solicited files, ForceField offers some protection. When a user clicks a link to download a file, ForceField analyzes the file and runs it against a database of millions of good and bad applications. "If we detect it to be a known bad application, we'll warn the user to prevent it from crossing the virtualization layer," King says.

Grimes agrees that ForceField provides good value in these cases. "In my test, I found that a fully patched system prevented all attacks but didn't alert you about the attacks," he says. "[Sandbox browsers] at least alert you a lot of the time, just not perfectly."

Page Break

Web surfing for dummies

The tradeoff -- or the blurring of red and green zones -- lies at the heart of the controversy. "Part of the quandary is trying to make that compromise between usability and functionality," says Charles Kolodgy, research director of secure content and threat management products at market researcher IDC. "People are going to want to download items, so you can either block all of it or warn them."

And it's a dubious proposition to put control in the hands of everyday Web surfers. For instance, many people believe that they can download files with impunity on a reputable site. Both Mossberg and Grimes tested products at known malicious Web sites, yet most malware today infects people through legitimate Web sites. "There's a good chance a popular site has been exploited in the last year or two," Grimes says.

Even when ForceField warns people that they're about to download potentially malicious code, this may not stop them. A Microsoft security intelligence report released in May showed some incredulous behavior: 88 percent of users chose to ignore a warning about BearShare, a software bundler, and continued to download the file; 68 percent ignored a warning about adware ZangoSearch Assistant; and 23 percent ignored a warning about a Trojan downloader.

"I guess they really wanted that [revealing] picture of Britney Spears," Grimes says. "You just can't leave trust decisions with end users."

Even security pros get duped. A couple of years ago, Kolodgy clicked on a link after conducting a Google search and -- wham! -- got hit by a drive-by Web attack. This attack requires the user to merely visit a malicious Web site. "It took me a while to clean the spyware off my machine," Kolodgy says. "I think ForceField would have protected me because the [spyware] never would have gotten to my registry."

Getting your head out of the sand

Unlike Grimes, Kolodgy believes virtual red-green computing holds promise. Because security analysts often go to nefarious Web sites, Kolodgy now uses a VMware Workstation virtual machine to visit them. Afterwards, he wipes the computer clean by punching the reset button.

"If you can do [virtual red-green computing] in a browser, it saves a step," Kolodgy says. "Desktop virtualization is going to be a benefit for security, and we're going to see more and improved products." In fact, security software vendors report that some malware will not execute if they detect they're running in a virtual machine. That's because many vendors use VMS for testing the exploits.

Regardless of virtual red-green computing's future, sandbox browsers today are not the secure products that many vendors make them out to be, Grimes says. "Security products in general are over-hyped, but these products seem to be much more so."

Judge for yourself. ForceField's promotional copy reads: "A protective layer around your browser, shielding you from drive-by downloads, browser exploits, phishing attempts, spyware and keyloggers. So your passwords, your confidential information, and your financial data remain protected."

Is this hyperbole aimed at the foolish consumer? The Test Center thinks so. "These new-fangled security client software products clearly don't work on the level that the vendors claim," Test Center's Dineley says. "They're basically asking you to flirt with disaster under the illusion that disaster can be averted."