09.09.2012, 23:42
Wypowiedz nt. dlaczego jednak nie będzie wirtualizacji w auto-sandboxie...nawet to ma sens
oraz
Cytat: Hey Guys,
I am seeing many people to talk about virtualizaiton with autosandboxing. LEt me explain why we dont need it and how practically a user can achieve the same in CIS 6 here.
Case 1: Automatic virtulization has been a case when this ransomware viruses started to atttack users computer. CIS auto-sandbox indeed failed to protect, by default, against modification of photos etc.
So if we had auto-virtualization this would not happen.
Case 2: When certain amlware is executed, CIS protected the infection. However there were still nonsignificnat entires such as temp files, temp registry keys etc. So this created cleaning problem i.e. remnants of malware could be cleaned easily.
if we had auto-virtualization, this would not again be a case.
How does CIS 6 address these issues?
Simple. We provide virtualization where it is relevant to use it. Instead of running every unknown application virtualized(remember we are talking about millions of applications installed in millions of people when we talk about unknown app base), we simply virtualize web browsers where 90+% of the threats come from.
If we virtualize web browsers, we are automatically securing against all drive by download threats, from ransomware to keeping the PC intact and clean.
All we needed to achieve was to provide consumers an accessible and usable virtual internet experience.
CIS 6 achieved this by first of all implementing a completely new sandbox,
Then by providing virtual shortcuts, virtual protocols, we made it accessible transparently to the consumers. To be honest, all my mother needs is to double click on web browser icon as before. No new experience.
We also put some new experiences as well like Virtual Kiosk. Virtual Kiosk is an apple Ipad/iphone shell, for those who love style. The virtualizaiton experience that come with a style. I have successfully installed Microsoft office in my Kiosk and used it in kiosk only!!!
For the rest of the unknown apps, we thought we better focus on behavior blocker which monitors the behavior and reverses the harmful activity.This would successfully solve the cleaning problem, as well as improving dynamic detection. So current autosandbox would fit conceptually better to a behavior blocker and form the basis for the next behavior blocker which tracks and reverse activity of the apps.
oraz
Cytat: You dont need us to implement fully virtulized auto sandboxing. You know why? You will havefully virtualizedweb browsers(Actually any application can be fully virtualized). This means anything you run from those web browser e.g. when you download and run something, will be fully virtualized too. Not to mention Kiosk which is a fully virtualized environment too. But Kiosk is not a mandatory environment.
These new features will address your virtualization needs and hence autosandboxing can focus on behavior analysis and reversal.
Lets see how virtualization will be used and how well it will be received first.
[Aby zobaczyć linki, zarejestruj się tutaj]