Sandboxing - The Future of Internet Security?

Being a computer geek and the default tech support for some of my family and friends, I have had to deal with computer security at the consumer user level. Sure, there´s the usual anti-virus and anti-spyware software installation on every Windows machine I run into, but this isn´t a full-proof way to ensure viruses, spyware, malware, and other don´t make it on a computer. As Leo Laporte says, the user´s behavior is the most important barrier to blocking bad guys from getting into a system. No matter how good anti-anything software is, it can´t stop a gullible user from clicking a false link on a website that downloads malware to said user´s computer. People need to monitor their behavior.

So, what to do when users just won´t change their behavior? How would you handle the computer of someone who just doesn´t care about keeping their computer secure? The solution I have been using lately is the one that I use myself: sandboxing. Check out the short wikipedia here: http://en.wikipedia.org/wiki/Sandbox_(computer_security) . The version of sandboxing I am writing about pertains to virtual machining. With the power of computers increasing as prices drop, most people will be buying more computer than they really need. Dual core processors and 2 GB of RAM are now standard and in a year, quad cores will most likely become standard. With all those cores and RAM, why NOT run a virtual machine?

On my Macbook Pro, I run Windows XP in a virtual machine via VMWare Fusion. If the Windows XP virtual machine gets a virus and I need to wipe the virtual machine, the process is as simple as erasing the virtual machine file and starting from scratch. I don´t have to reformat the hard drive of the laptop, all I need to do is save files from the virtual machine and create a new one. It´s a MUCH easier process than dealing with a ¨real¨ windows machine.

I would like to mention 2 cases in which I used this approach to protect someone from their own bad internet behavior. At the beginning of each case, I´ll list the host computer operating system, virtual machine operating system, and some basic information about the computer which contains both.

1. Sandboxing Windows
Host OS: Xubuntu 8.04
Virtual Machine OS: Windows XP Home
Computer: Toshiba laptop with 1.6 GHz mobile celeron processor, 1 GB RAM

This was done on a cowork´s brother´s laptop because his brother was not security minded at all. The laptop got a virus on it and would not boot up past the Windows XP loading screen. My coworker had to re-install Windows XP Home every year or so because the laptop would get a virus due to the laptop being used for internet gaming and who knows what else (Limewire?). So I presented the idea to my coworker of installing Linux on the laptop, then running XP in a virtual machine, since his brother would still need XP for games. I also mentioned that he would no longer have to reformat the harddrive and simply just delete the virtual windows machine if it got a virus. He thought this was a fantastic idea and we proceeded to set up the laptop.

Because of the speed and age of the laptop, I chose Xubuntu version of Linux as the host operating system. Linux has no viruses, so it made sense that it would be the best host system for my coworker´s brother. The CD/DVD drive was broken, so I had to install Xubuntu with a flash drive. VMWare player was used for running the virtual machine and I set up the virtual Windows XP Home machine (using my coworker´s brother´s installation disk) on my work computer, then copied it over to the laptop using an external hard drive (I allocated 20GB to the virtual machine, but it only ended up taking up 4 GB). Once I copied over the virtual machine, it ran fine on the laptop. I made a hidden copy of the virtual machine in another directory on the laptop so if the virtual machine gets a virus, my coworker will simply have to erase the infected virtual machine, then copy over the clean virtual machine.

2. Sandboxing Linux
Host OS: Windows XP Professional
Virtual Machine OS: Ubuntu 8.04
Computer: Custom built PC, Core 2 Duo Processor (can´t remember the speed), 2 GB RAM

My friend´s computer got a Trojan after letting his neighbor use his computer. We tried wiping the computer and my friend even got the Trojan off (or so we thought) using some anti-virus software, but the symptoms returned after a couple weeks, so he had to re-install windows.

Because of this, I suggested he only use the internet through a virtual machine. This way, if a virus is downloaded from the internet, it would only be on the virtual machine and not on his windows partition. He could still use the internet under windows for updates and for his banking (he uses microsoft money), but for ordinary surfing, the virtual machine would be safer. He agreed with the idea and I went ahead and installed VMWare player and downloading a read-made Ubuntu 8.04 vitual machine. He now uses the virtual machine for his general internet surfing.


I really think sandboxing is a much better way to keep computers secure compared to just using anti-anything software. Why not have a virtual machine as a sacrificial barrier? It´s almost a given that computers will get infected and sandboxing allows users to protect the main host operating system (which would be windows for the majority of users). With the power of computers nowadays, it´s easier than ever for regular consumers to run the powerful software needed to run a virtual machine. Sure, it´s entirely possible to keep computers infection-free with good behavior, but for lots of people, this is just not possible.

The next time you get a infection that forces you to re-install windows or to buy a new computer, consider using sandboxing.

Comments

Popular posts from this blog

It's All About the Sound

My Headphone Soapbox

It's All About Control