If you are a security conscious or have to spend some time on less reputable web sites a great option is to use either Linux or OS X. Because the high majority of security threats which we are exposed to are designed to compromise Windows, by moving to a non-Windows operating system those threats no longer matter. This is not true all the time, especially for spam and phishing, but the possibility of a virus or spyware is greatly decreased. The problem is, of course, that people are reluctant to move to a new operating system, even a free one. A solution to this is virtualization, or basically running one of these non-Windows operating systems from within Windows.
Safer Surfing Through Virtualization
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
And it is called application virtualization as this article points out:
http://www.securityfocus.com/columnists/410
TrustWare BufferZone creates a virtualized environment for applications and you control what interaction with the OS is allowed. And they have a free version that wraps Firefox:
http://www.trustware.com/freeware.php
While I am sure using VMware and Linux works, it also looks like something that only a geek or advanced computer user can do. Never mind the amount of resources necessary for this solution. At least TrustWare’s product runs native on Windows and doesn’t require understanding another OS and VMware, perfect for Joe Six Pack, which is essentially who you are trying to protect anyhow.
Yes, VMWare + OS is resource intensive, but as for the rest: to borrow a phrase, Welcome to 2006, you’ll enjoy it here.
IE7 beta3 would be a better choice for “Joe Six Pack”.
It has good phishing filter as well, unlike the one in Firefox 2.0 beta.
If only for surfing, personal firewall and anti-virus is more than enough.
If I had the choice of either using a festering pile of Viruses and security holes as my main OS or another one which would be fairly secure I’d make the latter my main system and run the less secure OS in the virtual environment. That way if Windows would get hosed it wouldn’t compromise my main system.
This premise is fundamentally flawed. The vast majority of people would not switch to an alternative OS partly out of fears over compatibility, and partly out of laziness. If someone is too lazy to install and learn a new operating system, then they will be too lazy to install a different OS on a virtual machine for the sole purpose of web surfing. You might be able to convince someone to try it, but after a couple instances of waiting for a VM to boot up just to check their e-mail, they’ll go back to surfing on Windows. As Wowbagger said, the only people that would be that would be concerned enough about security to consider surfing from within a VM are the same people that would choose to run Linux or OS X as their primary OS anyway. In that case, they would do all their surfing natively, and run Windows on a VM if they need it.
Virtualization is a great concept, but it still has little utility for the average person. The future is in application virtualization, as Robert pointed out. The virtualization of each application would be transparent to the user, which would not be the case when running entirely different OS on a VM.
> Virtualization is a great concept, but it still has
> little utility for the average person. The future is in
> application virtualization, as Robert pointed out. The
> virtualization of each application would be transparent
> to the user, which would not be the case when running
> entirely different OS on a VM.
Application virtualization is already one of the key concepts of Unix. Separating processes into different, isolated address spaces is exactly what virtualization is about. The difference is that virtualization tries to simulate an existing real achine, while Unix tries to simulate an as-simple-as-possible and highly abstract machine (a real machine would not know of things such as a file system).
But it’s exactly things like file systems that are *needed* by most applications, because it makes little sense to browse your emails in a simulated environment and then be unable to copy attached files to your working environment. Attachments often contain important files. They also often contain viruses and trojans. I can’t really see how virtualization would fix this problem.
But it’s exactly things like file systems that are *needed* by most applications, because it makes little sense to browse your emails in a simulated environment and then be unable to copy attached files to your working environment. Attachments often contain important files. They also often contain viruses and trojans. I can’t really see how virtualization would fix this problem.
You have a point, but there are methods of providing user intervention regarding access to file systems and system devices. Microsoft has already started working in this direction. Applications for the .NET Platform can be granted or denied specific permissions, including File IO, Isolated Storage, Socket Access, Web Access, Registry, etc. By default, applications deployed with ClickOnce have a limited trust level, and are denied certain permissions (like File IO) unless otherwise specified by the user. Unfortunately, I can’t imagine that much malware is written for the .NET platform and deployed this way. However, Windows Vista also has User Account Control (UAC), which prompts the user to grant or deny Administrative access whenever a program attempts to perform a restricted operation. Whether or not this works or ends up being circumvented is anyone’s guess.
Education and a little bit of common sense will go further than an anti-virus program or spyware remover ever will.
Absolutely correct. I primary run and develop for Windows, and I have never had a problem with any kind of malware. All those pop-up ads that mimick Windows dialog boxes don’t fool power users like us, nor would we ever open an e-mail attachment from someone that we don’t know. Unfortunately, the average user is less informed (if not naive) and probably has no idea how all that malware ends up on their computer. I stopped doing tech support for anyone outside of my immediate family a couple years ago, when I got tired of removing boatloads of malicious crap off people’s computers.
Edited 2006-08-17 13:31
The next step after awareness is prevention. All the security news over the past few months has pushed a number of people from Microsoft’s Internet Explorer (IE) to alternative browsers, predominantly Firefox, but also Opera and others. This is a great first step for people who are want to protect themselves without losing functionality or performance. Combining a secure browser with a reliable anti-virus and an adware/spyware program is probably the single most important step the typical consumer can take in order to keep their computer clean.
I use Opera full-time at home, and I have not found it necessary to run any type of adware or spyware program. Every few months or so, I’ll download a spyware remover and scan my system, and they never find anything but cookies, which I never bother to delete anyway. Therefore, I see running a web browser via virtualization in an alternate OS to be complete overkill. But then again, I happen to be computer-literate, so maybe that’s where the problem lies
A friend of mine uses the same setup as I do, except he doesn’t even run an anti-virus program resident, and has had no problems so far.
Education and a little bit of common sense will go further than an anti-virus program or spyware remover ever will.
Edited 2006-08-17 12:58
http://www.cosmopod.com/
Much simpler than setting up a virtual environment. It is free and provides access to firefox and konqueror on a remote linux desktop (I am using it now).
Much simpler than setting up a virtual environment. It is free and provides access to firefox and konqueror on a remote linux desktop (I am using it now).
But with that you’re implicitly trusting the people that run Cosmopod. They *could* snoop on anything you do there, so it’s not the place to do your online banking.
If you’re really paranoid, patient, and disciplined, running a VM and using (VMware’s) non-persistent disk is a really good idea. Every time you reboot, you return to your known configuration. You just have to turn it off when you do patching.