In a recent news article, McAfee revealed its McAfee Threat Report for the third quarter of 2010, in which it states, “average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007″. Another news article in November 2010 states that Security company Dasient released a study indicating that the number of Web sites infected in with malware and malvertisements in the third quarter of 2010 to be 1.2 million, double its estimate from the same time period last year. These studies by security companies clearly indicate that malware is at all time high.

According to Dasient, while other methods of spreading malware—such as spreading viruses via e-mail, continue to grow, drive-by-downloads and rogue antimalware attacks eclipse other methods of malware distribution. Attackers lure users to click on malicious links, and even a single visit to an infected web site enables download a multitude of malware binaries on user’s system. Drive-by-download is Automatic installation of a malware binary on victims system. The installed malware often enables an adversary to gain remote control over the compromised computer system and can be used to steal sensitive information such as banking passwords, to send out spam or to install more malicious executables over time.

Why antivirus is not the best solution?

Signature based detection is the most common method that antivirus softwares use to identify malware. When antivirus software scans a file for viruses, it checks the contents of a file against a dictionary of virus signatures. This method is somewhat limited since it can only identify a limited amount of emerging threats. Because new viruses are being created each day, the signature based detection approach requires frequent updates of the virus signature dictionary, and hence anti-virus solutions are cannot prevent zero-day attacks.

What is Sandbox?

According to the definition in Wikipedia, In computer security, a sandbox is a security mechanism for separating running programs.A sandbox is a security mechanism used to run an application in a restricted environment. The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization. Browsers are dealing with malicious attacks on a regular basis. The sandbox security mechanism is designed to protect the user’s PC and files against malicious attacks. If there is an attack that exploits the browser vulnerabilities and an arbitrary code is being executed on the machine, it will be executed in an isolated environment and the user’s PC will not be harmed.

Popular Sandboxes

[1] Sandboxie
[2] Google Chrome Sandbox
[3] Adobe
[4] Dell Kace Secure Browser
[5] Microsoft Web Sandbox
[6] ADSandbox
[7] Kaspersky Safe Run
[8] Comodo Firewall
[9] Avast Antivirus
[10] Trustware Bufferzone
[11] iCore Virtual Accounts
[12] Returnil Virtual System

Reference

[1] http://en.wikipedia.org/wiki/Sandbox_(computer_security)
[2] Practical Windows Sandboxing
[3] Protected View in Office 2010
[4] Five sandboxing apps to protect your Windows computer

 

Comments are closed.

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 48933 items have been purified.