Google Buys Anti-Malware Security Startup

J Tomas writes "Google has quietly made its first anti-malware acquisition, snapping up GreenBorder Technologies, a venture-backed company that sells browser virtualization security software. GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook. The early speculation is that Google will add the sandbox technology to the Google Toolbar or release a rebranded version as a standalone download."

Thanks...

[by Anonymous Coward]

GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook.

Dear GreenBorder,

Thank you for doing work we should have done years ago.
Unfortunately this level of work requires considerable resources
which would drive down our bottom line and
shareholder confidence.

William Gates III
Microsoft Corporation

Re:

[empaler (130732)]

Well, I bet we've all read /. summaries with abbreviations that we've wondered about. The summary just courteously saved those people a lookup, even if just to brush up.

ALERT! ALERT!

[LiquidCoooled (634315)]

Harry Kim: "Borg Attack!"
Janeway: "Raise shields"
Paris: "Its no good, they have adapted, they are firing sunloungers"

Google is the new Microsoft, etc. etc.

[athloi (1075845)]

...proving that corporations aren't evil, but trying to stay on top when you're top dog might corrupt absolutely. This would not have happened in "Lord of the Rings."

I refuse to demonize corporations, because I know that people run them and do the best they can with an often paradoxical set of goals. I remember when one boss I worked for sold his company to a larger technological concern, and suddenly all the rules changed. Image became more important than reality. We did everything we could to inflate figures. And the guy who once spent hours thinking about "the next cool thing we'd all like to use" stayed up late looking over spreadsheets, metrics, indicators and other spaced-out crap that has no relevance to reality.

We might call this time "the devirginization of Google," as they are inducted to the weird malevolent world of corporate politics as the top dog in the Darwinian internet struggle for virtual world domination.

Re:

[palewook (1101845)]

or the new yahoo. in a few years we'll be using something else for a search engine. google is buying so much crap and utilizing so little of it. example: google buys dodgeball and leaves it for dead, along comes twitter. so now google buying doubleclick then buys an anti malware company. go figure. theres a few kids in school at the moment that will be millionaires in a few years after they start a new search engine that doesnt have bloat and doesnt sell listing results. google gets to join yahoo in the a

Re:Google is the new Microsoft, etc. etc.

[Paulrothrock (685079)]

Corporations aren't evil in the same way that sharks aren't evil. They're just doing what comes naturally. Sharks eat furry little sea lions; corporations make money. If either stopped doing what came naturally, they'd die.

The key is to harness the corporation in such a way that it improves the lives of individuals without running roughshod over society. And that is the point of regulation. Well, that *should be* the point of regulation.

You make a good point, [offtopic]

[empaler (130732)]

but for pity's sake, please: it's aren't. Because the not is abbreviated. TY.

virtualization DMZ..

[rs232 (849320)]

When did Linux steal this innovative technology and rename it chroot [onlamp.com].

Marketingspeak: DMZ vs. Sandbox...

[xxxJonBoyxxx (565205)]

GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook. The early speculation is that Google will add the sandbox technology to the Google Toolbar or release a rebranded version as a standalone download.

So...is it like the plain old Java sandbox?

"But in my tests, some minor spyware modifications, such as desktop shortcuts and new menus, did make it to the underlying host. GreenBorder says this is because the malware mimicked a normal user's modifications too closely, as compared with most malware's programmatic accesses. Still, the fact that malware can modify the host desktop at all means there are other potential weaknesses." --http://www.infoworld.com/article/05/03/18/12TCgr eenborder_1.html

Hmmm...I guess not. GreenBorder's "sandbox" appears to have some pretty big holes.

Re:

[rs232 (849320)]

I thought Vista had User Account Control (formerly known as LUA) and Internet Explorer ran in Protected Mode, so why do you need this again?

How about running the whole OS in virtualization mode, that gets flushed at each boot.

Re:

[misleb (129952)]

How about running the whole OS in virtualization mode, that gets flushed at each boot.

Wouldn't that suck.

For fuck's sake, just stop using Windows. This is ridiculous. I can't believe things are getting to the point where people start to seriously consider what is essentially a fresh install of the OS at every boot.

-matthew

Re:Marketingspeak: DMZ vs. Sandbox...

[rs232 (849320)]

Wouldn't that suck .. For fuck's sake, just stop using Windows

Well yea, but the average Windows wouldn't notice. And the average non technical user flies in to a technological panic when confronted with anything new. For instance a writer who is still on Wordperfect on Windows 98. She copies and pastes into her email prog to send, otherwise her clients can't read the doc .. :)

Did I mention the one who has msWord set at 75% zoom and the fonts at 20, as she never learned to adjust the font size. At print out she selects 'reduce by 60%' ..

Re:

[misleb (129952)]

Wouldn't that suck .. For fuck's sake, just stop using Windows

Well yea, but the average Windows wouldn't notice.

They wouldn't notice that all their documents the apps and they installed are gone? Do you think the "average WIndows user" is an Alzheimer's sufferer or something?

-matthew

Re:

[99BottlesOfBeerInMyF (813746)]

They wouldn't notice that all their documents the apps and they installed are gone? Do you think the "average WIndows user" is an Alzheimer's sufferer or something?

I do run Windows in a VM and do revert to a clean version once a day. Windows has read/write access to a version controlled directory for storing data, but it cannot delete the history thereof.

Re:

[misleb (129952)]

So what does it take to install applications and have them around when you "revert?" Sounds like a huge, unnecessary pain the ass to me. The question becomes: "Is it worth it?" I find using Windows annoying enough WITHOUT the hoops you need to jump through to keep it clean.

-matthew

Re:

[99BottlesOfBeerInMyF (813746)]

So what does it take to install applications and have them around when you "revert?" Sounds like a huge, unnecessary pain the ass to me.

If I want a new application I install it and save a new VM image, then make that my default. It only takes a minute or so more than it normally would. There could be an issue if I was compromised by malware after I started the session but before I installed the new app, but I generally will restart the session from a know good copy before I install anything.

Sounds like a huge, unnecessary pain the ass to me.

Security is not my primary motivation. I'm running Windows on top of OS X. I only use Windows for a handful of applications, mostly for compatibili

Re:

[misleb (129952)]

Security is not my primary motivation. I'm running Windows on top of OS X. I only use Windows for a handful of applications, mostly for compatibility testing and for one old, irreplaceable specialty app.

So basically your situation is relatively unique and has very little relevance to regular Windows users. But thanks for sharing.

-matthew

Re:

[99BottlesOfBeerInMyF (813746)]

So basically your situation is relatively unique and has very little relevance to regular Windows users. But thanks for sharing.

Anyone looking to run Windows securely is a huge exception. People with a clue as to how to go about it are even rarer. Running the entire OS in a VM is one way, probably one of the very few ways a normal or slightly above average user could do it and still have all the functionality they expect. It is quite a bit better than simply "don't run Windows" as that is not a viable option for a great many of us.

Re:

[Some_Llama (763766)]

"WITHOUT the hoops you need to jump through to keep it clean."

Why is it so hard to keep your windows box clean? I run XP semi updated (every so often i check for updates, not regularly) and don't have "MASSIVE" problems that i hear people like you complaining about all the time...

Maybe it is because i am careful? I use firefox (because i prefer it over IE), I scan anything i download or get emailed with online scanners and i use a lot of game/program cracks, i don't scour the net for pron, and i have my bo

Qemu

[flyingfsck (986395)]

Hmm, that can be done with Qemu or VmWare and is known as a Kiosk. The trouble is that the machine can still do a lot of damage in between reboots.

Great ... :-S

[SplatMan_DK (1035528)]

Great!

Yet another piece of software that interferes with my network layer, slows my PC, and eats half my CPU cycles just to keep malware from infecting my machine.

When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?

When more than 50% of the CPU cycles in my PC go to security software (Antivirus, Antiphising, Antispyware, Antiadware, Antifraud, heuristics scanning, SPAM filter, personal firewall, strange DMZ browser-thingeys) during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.

I need an Anti-security-bloatware product. And fast!

Re:

[by Anonymous Coward]

A fantastic solution exists -- it's called "not using Microsoft products".

Re:

[apathy maybe (922212)]

Lynx (or Links) on GNU/Linux (or OpenBSD, or FreeBSD or whatever) (forget X, who needs it?). You get rid of the vast majority of (if not all) attacks made through the browser. The platform is more secure then Windows, and isn't used much, thus not getting much attention by Malware makers.

Of course, it doesn't protect you from stupid acts, such as downloading scripts, 'chmod +x'ing them and running them.

But then again, having GNU/Linux (or whatever) enables you to use chroot (or whatever) to test these u-beu

Re:Great ... :-S

[apathy maybe (922212)]

I know, it is just an added bonus of using a more secure browser (because of less functionality) with a more secure OS.

As I said, you have the choice of security or functionality, and in many cases you can't even have either (the scenario of having all the anti-malware products eat up your CPU time, but still doing a crappy job).

If you want real security, you unplug your computer from the network and remove all other forms of accessing it (including the keyboard). It just depends on what you are willing to put up with.

Of course, it is perfectly possible to have a functioning MS Windows PC connected to the Internet and even have a decent browser and have no worries. You just need to have security culture and a firewall the rejects all connections from outside (except those related to web browsing, so that would be everything except port 80, and maybe whatever port FTP is on).

A security culture is the most important thing, and comes from not randomly downloading and installing everything, deleting spam, not opening executable attachments in emails (including in some cases such things as Word Documents!),or at least verifying that the person who sent them to you, really did.

My mother has managed to only (I think) get one virus (or worm, I'm not sure what it was actually) for years. Yet she runs MS Windows XP (SP1 I think). She has a firewall (outdated ZoneAlarm free I think), and she doesn't use IE (rather Mozilla, again outdated). No worries, because she practices security culture (to the best of her ignorant ability). She has an anti-virus, except because the signatures take so long to download (only slow dial up, no broadband in the country) it doesn't get updated so often. No worries though, because she doesn't run random stuff, doesn't go to random websites and doesn't use IE.

Security culture will get you everywhere.

(Also important if you are an anti-state activist. Got to watch out for them police...)

Re:

[gad_zuki! (70830)]

Heaven forbid after another virus/spyware clean up, geeks begin migrating their parents and friends to user accounts instead of letting them run as admin the whole time. I'd rather waste 30 minutes doing this and explaining how runas works then visiting again in a couple months.

Re:

[misleb (129952)]

Hmm... With all respect, "sequrity by obscurity" (using an obscure OS with an obscure browser) doesn't really get any better by using an opensource OS. It is still not real security,

So what? If it works, it works. Why does it have to be "real" security? Is the security ideal worth more than your personal comfort and/or sanity?

You don't even need to go so far as using lynx in a text console. Simply running OS X or Linux is generally enough to sidestep the vast majority of nastiness that is out there. As fo

Re:

[grub (11606)]

When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?

You would have to ask Microsoft that. These bandaids fix a lot of MS' screwups. Or you could switch operating systems and use Windows only when necessary (games, etc.)

Re:

[grub (11606)]

It's still pretty lame though...

Yeah, absolutely. However Mom & Pop will still run down to BestBuy and buy a new "Norton IntraTubes MegaDefender 2008 Plus" for $69.99 instead of learning something new and refreshing. It's that kind of inertia that keeps a lot of the clowns in greasepaint and goofy wigs.

Re:

[SplatMan_DK (1035528)]

Actually they don't. Thats half of the problem. They expect me to come fix things when they stop working - but spend 69.99$ on a security app that really "does nothing" as far as they are concerned? Never!

So to make matters worse, *I* am the one going down to BestBuy to pick up the latest Trend Micro Take-A-Pill PCCillin (Superinfused edition) because I get tired of saving their machine from the software pests they collect online... :-S

Re:

[spikedvodka (188722)]

try AVG Free edition... I love it, and it does everything that an Anti-Virus program should do (And doesn't do what an AntiVirus program shouldn't do)

http://free.grisoft.com/ [grisoft.com]

Re:

[Ngarrang (1023425)]

Just add another processor! Soon, all home PCs will effectively have 8 processors (or, cores, if you prefer that terminology). Then all of those extra processes won't even make a tick on the usage scale.

Re:

[drinkypoo (153816)]

When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?

We have a solution. It's called capabilities, and it's implemented on Linux through an Open Source system called SElinux, developed by the NSA and released to the public. It's available for a number of Linux implementations, including Ubuntu [ubuntu.com] (although no implementation of SElinux seems to have a decent userland/interface.)

Re:

[99BottlesOfBeerInMyF (813746)]

When will we see a REAL solution to these problems, and stop implementing obscure security work-arounds that eat more resources than the applications themselves? Anyone?

When will we elect politicians who are not so easily bribed and who will break up MS's abusive monopoly and restore competition to the desktop OS market? When will people educate themselves and vote the bums out? When will there be a level playing field for desktop OS's so vendors have to rely upon competing for our dollars by giving us the features we want and need instead of relying upon the fact that users are locked in?

Maybe the EU will solve the problem for the US. I'll consider it payback for the h

Re:

[bvankuik (203077)]

You don't need any of it. Just work with a user account (not administrator/root), use firefox, thunderbird and don't install all that crapware.

Re:

[bvankuik (203077)]

Yah that stuff smells Danish PCs then craps all over the registry. Or /etc but only if you run the evil penguin OS.

a REAL solution ..

[rs232 (849320)]

"When more than 50% of the CPU cycles in my PC go to security .. during the display of a simple HTML page in a browser i would say that our current approach is broken. Totally.

Install DRDOS on Novell Netware circa 1993 and run Netscape off of diskless clients.

Re:Great ... :-S

Re:

[idonthack (883680)]

Looking at top right now, ktorrent is running between 4% and 10%, amarokapp is running under 4% pretty much constantly, and konqueror spikes to as much as 16%, but only when rendering a page. Earlier, with it open but not doing anything, it didn't even make the top 17 processes, most of which actually list 0.0% as their CPU usage. Total CPU usage hovered around 10% and never went higher than 20%.

Re:

[idonthack (883680)]

I forgot to mention, my processor runs at 1.2GHz.

Squid, SpamAssassin and ClamAV

[flyingfsck (986395)]

You need a proxy server with a proper filter such as Dan's Guardian or Squidguard with Willowbark or Viralator. Never hook a naked Windoze PC to the internet - Windoze needs to hide behind a penguin.

Two Problems

[twistedsymphony (956982)]

There are really two problems at the root here. One is the human drive to push all of that crap on anyone and everyone on the internet for some kind of personal gain. And the other is a combination of user stupidity to unknowingly accept it combined with software that doesn't always make it easy for your average user to understand what it is they're accepting.

The way I've solved this problem.
1. Use Firefox as your default browser with adblock and Noscript, ditch IE.
2. Use a router with a firewall and d

Google...

[Mockylock (1087585)]

Now, if only they would filter out the sites that CAUSE the malware and spyware. Not only that, but so many garbage/search sites come up when you search for simple things like drug names and such. You would think they could block out other automated crawlers that clog up bandwidth as well.

Yea, Google is evil ..

[rs232 (849320)]

"Now, if only they would filter out the sites that CAUSE the malware and spyware"

That would be the responcibility of the ISPs and the host providers.

"so many garbage/search sites come up when you search simple things like drug names and such"

Try the Product Search [google.co.uk] .. :)

Google search on viagra (the high blood pressure drug formerly knows as sildenafil citrate and remarketed as an aphrodisiac) .. 64,300,000 hits ...

was Re:Google...

Google spam ..

[rs232 (849320)]

"What I was actually referring to is simple searches on interactions or vital information without advertisements"

Yea, a lot of hits are to fake pages with nothing but adverts and links to other search results. But that to do with website promotion where they put a lot a fake stuff in the meta tags.

Re:Yea, Google is evil ..

Neo-security Methodology

[Nymz (905908)]

1) Install every anti-virus, firewall, virtual sandbox DMZ, and toolbar that you can.
2) Sustain 99% CPU usage.
3) Protected!

Test

[setrops (101212)]

Well I was asked to evaluate this product 2 years ago. At the time it was not very useful as there were some problems. But last year when they did their update it was a good improvement on speed and memory foot print. For what it does the product works well. And with Googles money and resources behind it, it can only get better.

Sandboxie

[Nappa48 (1041188)]

Read about this ealier, and as nice as it is, i'll probably stick with Sandboxie. Does the same thing as this, but also protects other programs.

If you donate to the project, you can unlock a few more features that allow you to start any program under sandbox ALL the time, even without it being started before the protected program. (well, the main program, not the service)
Its pretty good, but the file browser that comes with it could do some with some work... tends to lock up sometimes in large directori

Re:The term DMZ

[Volante3192 (953645)]

A firewall, however, would block it. DMZs are areas inside the first firewall to keep the majority of the intruders out, but outside the second, more locked down, firewall that protects the internal network. Technically the area inside the first firewall isn't "safe," it's just "safer." DMZs can still be subject to malicious traffic because boxes inside DMZs, like webservers, by design have to keep certain known ports open.

I think the ideal term for what Google picked up is sandbox, where stuff can run and it doesn't impact the rest of the system so you can see what it is beforehand, but DMZ looks like it could apply.

Interesting idea if it does what I think, at least. Would have figured a sandbox for a plugin was rather intensive processor wise.

Re:

[pla (258480)]

Interesting idea if it does what I think, at least. Would have figured a sandbox for a plugin was rather intensive processor wise.

You can already run your browser (and email, if not Outlook) in a very effective sandbox with virtually no CPU overhead - Run them as a separate user with only guest privilages.

That does have a down-side, of course (most notably, it takes a herculean effort to print from such a session, at least under XP), but works very well at preventing malicious sites and plugins from do

Re:

[Lord Faust (858859)]

Interesting idea if it does what I think, at least. Would have figured a sandbox for a plugin was rather intensive processor wise

One thing however, is that on Vista you already have Internet Explorer running in a sandbox (most of the core system services appear virtualized, according to Task Manager), isolated from the kernel. I'd imagine a virtualized virtual machine is a pretty nasty beast on performance.

Definitely a neat idea; especially on an XP box where you don't have the innate ability to run a

Re:

[russ1337 (938915)]

Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE explo