June 26, 2006 12:55 PM PDT

Border patrol for Internet Explorer

By Joris Evers
Staff Writer, CNET News

Related Stories

PayPal fixes phishing hole

 June 16, 2006

Online threats outpacing law crackdowns

 June 15, 2006

Yahoo launches customized IE 7 beta

 June 12, 2006

Microsoft calls on consumers to test IE 7

 April 24, 2006
A security start-up is borrowing a technique from the research labs to try to give Internet Explorer PCs relief from Web-based attacks.

GreenBorder Technologies, a venture-backed start-up, plans to release on Tuesday a consumer security tool that puts Microsoft's IE in a virtual sandbox. Called GreenBorder Pro, the product uses virtualization technology similar to what researchers at antivirus companies have been using for years. In a virtual environment, malicious software is allowed to execute, but it can't touch the underlying operating system.

"We provide a safe environment for running IE," said Jim Fulton, vice president of marketing at Mountain View, Calif.-based GreenBorder. "You can literally go to any Web site, even if it is full of exploits, full of nasty stuff, (and) GreenBorder will keep it isolated from your machine."

Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users. However, some security experts have likened it to Swiss cheese, because of the many security flaws in it. The browser has been the target of many cyberattacks, and some Web surfers have switched to alternatives Firefox and Opera.

But GreenBorder sees opportunity in making IE safer. Its security tool is designed to protect against Web-based threats such as surreptitious installations of Trojan horses and other malicious software. Cybercriminals increasingly use information-stealing malicious code in attacks, according to a recent report from the Anti-Phishing Working Group.

If a GreenBorder user visits a site and sets off malicious software there, the code will actually run and can do such things as changing the user's home page.

GreenBorder

But any change will be erased after the person logs out or hits the "Clean and Reset GreenBorder" button in the software. "Then the slate gets wiped clean, instantly," Fulton said.

GreenBorder is not a cure-all for Web-based attacks. It helps if sites try to surreptitiously install keystroke loggers or screen grabbers, but cannot protect people from themselves--often seen as the weakest link in PC security by experts. Cybercriminals often use "social engineering" techniques, or cons, to try to persuade potential victims to download risky software, rather than sneak it onto the PC. And even with the tool installed, an IE user can still install software from the Web and have it run on their PC, if it's outside the virtualized environment.

"If you download something from a place you trust, you can remove GreenBorder's protection from the downloaded file with a click," Fulton said.

The product also has no shield against traditional phishing schemes, which use fraudulent Web sites to trick people into typing in their personal information.

"We keep Internet pickpockets from stealing the wallet out of your pocket. But if you take it out and hand your money over to them, that is not something we can help with," Fulton said.

Indeed, GreenBorder fails to protect against most real threats, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. "The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said. "If you're a frequent shareware or freeware site user, it is not likely to help you."

When the tool is run, a green border is displayed around IE and the PC might run a bit slower. The product will get competition from Microsoft, which is working to fortify IE. The next version of the widely used Web browser also runs in a type of sandbox, where anything that runs in the browser can't touch the rest of the system.

GreenBorder Pro will cost $49.95 per year. A shield for files sent and received via instant messaging or run from USB drives costs an additional $14.95 per year. As a special promotion, the first 10,000 people who download the software will get a year of use at no cost.

See more CNET content tagged:
GreenBorder, malicious software, Microsoft Internet Explorer, technique, security

Add a Comment (Log in or register) 56 comments (Showing first 20 comments)
The truth.
by news_reader June 26, 2006 1:14 PM PDT
"The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.


That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Reply to this comment View all 2 replies
The truth.
by news_reader June 26, 2006 1:14 PM PDT
"The vast majority of infections happen because the individual chooses to invoke the malware," or malicious software, he said. Cooper added that silent installations of such programs by bad Web sites are far less prevalent than sometimes portrayed in the media.


That pretty much says it all. IE isn't the problem - I can download and run malicious code with any browser.
Reply to this comment View all 2 replies
Bad idea
by volterwd June 26, 2006 2:04 PM PDT
because it will make the uninformed less cautious which could end up creating substantially more problems
Reply to this comment
Bad idea
by volterwd June 26, 2006 2:04 PM PDT
because it will make the uninformed less cautious which could end up creating substantially more problems
Reply to this comment
Clarifications
by FOSS4evR June 26, 2006 2:38 PM PDT
"Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users."

Being the most used does not make something the most popular.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.

If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
Reply to this comment
Clarifications
by FOSS4evR June 26, 2006 2:38 PM PDT
"Microsoft's IE is by far the most popular Web browser, used by about nine out of every 10 Web users."

Being the most used does not make something the most popular.

"So, if you are a gullible individual who is likely to think that some Nigerian really does have $450 million to give you, GreenBorder isn't likely to help," Cooper said.

If you actually think some Nigerian has $450 million for you, no software is going to help. At this point it's time to unplug the computer.
Reply to this comment
IE
by mystereojones June 26, 2006 3:47 PM PDT
Attacks on IE? That's why IE is losing marketshare to Firefox.
http://www.techknowcafe.com/content/view/554/42/
Reply to this comment
IE
by mystereojones June 26, 2006 3:47 PM PDT
Attacks on IE? That's why IE is losing marketshare to Firefox.
http://www.techknowcafe.com/content/view/554/42/
Reply to this comment
This is not a new idea.
by SVSpoweruser June 26, 2006 6:33 PM PDT
I don?t know why people would make such a big deal about this "new idea" to virtualization apps. A company called Altiris offers a product called SVS. Instead of just virtualizing Internet Explorer, it will virtualize almost any app. I think it is a far better solution then just virtualizing Internet Explorer.

More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.

http://juice.altiris.com/svs

I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I don?t think that is one of the things virtualizing is meant for.
Reply to this comment
This is not a new idea.
by SVSpoweruser June 26, 2006 6:33 PM PDT
I don?t know why people would make such a big deal about this "new idea" to virtualization apps. A company called Altiris offers a product called SVS. Instead of just virtualizing Internet Explorer, it will virtualize almost any app. I think it is a far better solution then just virtualizing Internet Explorer.

More about Altiris "SVS" can be found on their sort of community site link below. SVS is free for personal use.

http://juice.altiris.com/svs

I agree though with the article on the point that virtualizing an app will not provide a secure enough environment for programs like browsers. I don?t think that is one of the things virtualizing is meant for.
Reply to this comment
Nine out of Ten use IE?
by Maccess June 26, 2006 10:52 PM PDT
Once again another CNET reporter is not up to date with his figures. At one time it was 90% on Windows. That was a long time ago.

It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.

Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.

As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.

On the other hand, there are lots of free products that can do the job just as well:

1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.

2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search & Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
Reply to this comment View reply
Nine out of Ten use IE?
by Maccess June 26, 2006 10:52 PM PDT
Once again another CNET reporter is not up to date with his figures. At one time it was 90% on Windows. That was a long time ago.

It's around 60% today, there are more browsers around today, and more computing platforms that don't have IE access the web.

Also many browsers have the ability to emulate IE, i.e. tell the server it's IE even if it isn't, so an IIS hosted site delivers the web site properly.

As for Green Border, it's the nature of Capitalism that someone will always try to create a good product and make money with it.

On the other hand, there are lots of free products that can do the job just as well:

1) Stop using naked IE. Use Maxthon if you want to use IE's engine, or use firefox for the Gecko engine. Use opera if you need a third alternative engine.

2) Install free anti-malware software: Spyware Blaster is a great free product that autmatically blocks sites known to host ActiveX malware. Spybot Search & Destroy with its resident TeaTimer will bock attempts to add items to your registry. ClamWin AV provides basic virus protectition. ZoneLabs provides port protection. There may be better products, but all of the above are free.
Reply to this comment View reply
What if IE was a car?
by TooMuchStout June 26, 2006 10:55 PM PDT
This is the equvilant of an auto maker not including crumple zones, seat belts, air bags and list of other safty features in their car when they should. And some third party company making some massive baloon/styrofrom contraption to surround your car so if you get in an accident you won't be injured. Here is an idea, how about getting security minded programmers to fix the issue before it is an issue. Who wants to run extra programs to run one program saftly? This program still won't work for the computer incompitant who won't know how to install or run it.
Reply to this comment View reply
What if IE was a car?
by TooMuchStout June 26, 2006 10:55 PM PDT
This is the equvilant of an auto maker not including crumple zones, seat belts, air bags and list of other safty features in their car when they should. And some third party company making some massive baloon/styrofrom contraption to surround your car so if you get in an accident you won't be injured. Here is an idea, how about getting security minded programmers to fix the issue before it is an issue. Who wants to run extra programs to run one program saftly? This program still won't work for the computer incompitant who won't know how to install or run it.
Reply to this comment View reply
9 out of 10 use IE?
by fd359 June 27, 2006 6:42 AM PDT
Yeah right!! I am in an extremely competitive field of work doing internet security. I have people that whine and complain about not being able to see certain sites. Knowing what I do about IE, I would be remiss to not warn people about the issues with it. There are other equally cabable browsers with fewer security concerns too. If I wrote an article such as the any of these last ones, I would be laughed at and sent packing. Working with computers is a double edged sword. One wrong glance and suddenly you are not flavour of the month. Kindly REWRITE this article to reflect the real issues and the real statistics. This is not the sixth grade now is it?
Reply to this comment View reply
9 out of 10 use IE?
by fd359 June 27, 2006 6:42 AM PDT
Yeah right!! I am in an extremely competitive field of work doing internet security. I have people that whine and complain about not being able to see certain sites. Knowing what I do about IE, I would be remiss to not warn people about the issues with it. There are other equally cabable browsers with fewer security concerns too. If I wrote an article such as the any of these last ones, I would be laughed at and sent packing. Working with computers is a double edged sword. One wrong glance and suddenly you are not flavour of the month. Kindly REWRITE this article to reflect the real issues and the real statistics. This is not the sixth grade now is it?
Reply to this comment View reply
Browser security
by thedreaming June 29, 2006 8:57 AM PDT
Every broswer has their own set of flaws. Their respective manufacturers do their best to fix these flaws as fast as they can, but in the end, if a user downloads and runs a program that contains spyware/malware, then that's not the fault of the browser, it's the fault of the user.
Reply to this comment
Browser security
by thedreaming June 29, 2006 8:57 AM PDT
Every broswer has their own set of flaws. Their respective manufacturers do their best to fix these flaws as fast as they can, but in the end, if a user downloads and runs a program that contains spyware/malware, then that's not the fault of the browser, it's the fault of the user.
Reply to this comment
 See all 56 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Outside the Lines

    EIC Squared: Chrome, iPods, and a Dell-Salesforce union

    On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    In NFL deal, an extra point for Adobe's Flash

    Football fans will get to see live streaming of NBC's Sunday night games via Flash--not NBC's Olympic teammate, Silverlight.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Webware

    At the TechCrunch50, an unfair advantage?

    Inside baseball: How Webware and other blogs can compete with TechCrunch in covering the TechCrunch50 event.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET