New Software Stops Malware Before It Starts
A newcomer to the computer-security game, Bromium, thinks it's got the solution to computers' biggest vulnerability: user error.
The Cupertino, Calif., and Cambridge, U.K.-based company's first software offering runs apps in their own operating systems, stopping attacks before they can begin.
Whenever a new task is created, such as browsing the Internet, the new software unveiled today (Sept. 19), called vSentry, creates a micro-virtual machine (micro-vm), in effect a separate installation of Windows 7, in which all processes from the browsing session run.
If the user clicks on a bad link, or malware tries to hop on board, the malicious data will be stopped in the isolated operating system before it can even touch the trusted side. The same thing applies when a user downloads something or opens an email, attachment or file from a USB drive.
"When you close the browser tab, the whole thing is automatically discarded. So we have a PC that magically discards malware by design," Simon Crosby, the co-founder and chief technology officer of Bromium, told CNET.
The key difference between vSentry and traditional virus protection is its ability to stop unknown viruses. Most antivirus software relies on a constantly updating library of known malware which, inevitably, won't catch everything.
On the other hand, vSentry stops all processes that try to access privileged functions before they're even able to do so.
This takes the application-isolation method of sandboxing one step further. Micro-vms create an entire "guest" version of Windows 7 for the processes to run in, with severely limited access to the network and primary OS.
Although vSentry is designed to keep cyberattacks out of sight and out of mind, it has the capability to visualize and analyze attacks in real time — a boon for security researchers and developers.
"This design makes real-time defense against undetectable malware possible, while also providing in-depth forensic capabilities to study the intent of the attack without risk of exposure," said Bromium senior principal analyst, Jon Oltsik.
As TechCrunch points out, where Bromium falls short is in market reach. At present, vSentry only runs on Windows and Intel x86 chips and only works for Internet Explorer 8 and 9, but the company has plans to expand its compatibility.
Crosby is a veteran of Citrix, where he worked extensively on virtualization technologies before starting Bromium; the company operated in secret for more than a year before unveiling vSentry.