Saturday, March 31, 2007

snake oil based lubricants should not be used with your browser condom

thanks to alex and paperghost for bringing my attention to the hilariously named browser condom...

browser condom is basically application virtualization/sandbox technology like sandboxie, bufferzone, and green border but something struck me about some of the quotes i was seeing, something distasteful...

right at the top of vappware's product page we have:
It's and advanced technology that allow you to run any kind of software in your computer without a risk of be infected with any kindof virus, spyware, trojan and any kind of malware. (VTD) , Virtually Transmitted Diseases.
are you thinking what i'm thinking? yes, apparently the folks at vappware are unfamiliar with the halting problem and it's implications with regards to any technology being able to stop all viruses (let alone all malware), hence i'm calling it snake oil...

now to be fair (who me?) it occurred to me that maybe i should take a look at some of the competitors to compare them to vappware with respect to snake oil and was disappointed to find that similar claims are made about both bufferzone (which boasts "complete safety") and green border (which "frees you from ever worrying about clicking the wrong link")... sandboxie was the only one i looked at that didn't seem to have such outrageous claims (or at least if they do have one it's not as easy to find)... sandboxie also seemed to be less flashy and more informative right off the bat, almost like they were hoping people would choose their free product based on it's actual merits (how refreshing)...

6 comments:

S3S!OW said...

Hi my friend.
First of all, hope u are fine, and i wish you a nice and long life.

But now, after my wishes, i ll introduce myself.
Im mswiczar a fellow of Vappware.
I ll try to explain our technology, if you think that is not all secure, please contact me to mswiczar@vappware.com to chat with me and tell me your ideas and complaints. whatever,

The way that our technology works is issolate the programs running inside the condom.

So if you have virus, and this virus are inside the condom, they could propagate, but, they cant infect programs nor archives outside the condom. Because we have a firewall between the programs running inside the Condom and the other programs.

If you get a virus from and email o just browsing the web, it will trash, when you trash the condom.


Feel free to contact me to ask more question regards our technology.
or just read this those links

Our technology mechanism
http://www.vappware.com/vapp/index.php?option=com_content&task=view&id=20&Itemid=65

Our Changelog.
http://www.vappware.com/vapp/index.php?option=com_content&task=view&id=36&Itemid=71

kurt wismer said...

"I ll try to explain our technology, if you think that is not all secure"

when i say someone is peddling snake oil, it's not a matter of there being something wrong with their product, it's a matter of there being something wrong with the claims made about the product...

the claims made about browser condom are that it completely eliminates the risk posed by malware (direct quote "... run any kind of software in your computer without risk of being infected ...") - and since it is theoretically impossible to do so (and mathematically proven more than 20 years ago) i therefore label such a claim as snake oil...

S3S!OW said...

OK, could you tellme how the claims must be?

And please could you refer me to a link to read this thesis of the the halting problem theoretically proven.

Meanwhile i try to understand what you say, please could you rewrite the claims to be acurate as you think in the Vappware Web Pages.

Then i could discuss to you.
But now, you are right i dont know nothing about it.

Thanks in advance.
i hope have u in my customers

Bye

kurt wismer said...

hmmm... looks like maybe i should have tagged this post with "halting problem" so that it would be easier to find other references to that on this blog... i've added that tag now, but visiting here and/or here might give you a little more background on what it is...

as for vappware's claims - fixing them is really quite easy... just modify them so that they don't imply browser condom is perfect... for example, instead of saying you can run any software without risk of infection, say you can run most software with a greatly reduced risk of infection... i don't know if that's actually true (maybe browser condom isn't that good, i haven't tried it) but at least it's a more reasonable claim...

S3S!OW said...

Hi kurt,

Thanks for the data about the halting problem, but what i could understood, is this:

This is not applicable to win32 usermode architecture.

When you run a program in windows you are running inside a subsystem called win32.

So there are only few ways well documented or undocumented for accessing to raw devices. like memory, and disk.
And ofcourse we are Vappware, monitor this calls.

So the halting problem is not aplicable for this subsystem. (win32 usermode)
because there are few ways to achieve things.

In kernelmode, you are right and the halting problem its possible but in usermode, is not.

The Browser Condom, like other sandboxes approach, and do not permit load any kernel mode module.


Whatever, i will use your suggested claims to the product, because are reasonable.

Thanks again, and again i wish you nica and long life.

kurt wismer said...

well, i'm glad you think the more reserved claims are reasonable...

as for the applicability of the halting problem, it actually applies everywhere (including win32 usermode)...

i think there are a number of misconceptions here - i think, first and foremost that you have too narrow a definition of both program and execution... you assume that malware acquired through browsing from a sandboxed environment will also run in the sandboxed environment and that's not necessarily true...

i think there's also a misconception about the scope of the threat that malware can pose to a system... i'm sure you've heard of the CIA triad (confidentiality, integrity, and availability)... assuming the barrier that your sandbox erects between the sandboxed environment and the host environment is perfect (and we all know nothing is perfect) it still only protects the integrity of the data on the host environment, it does not protect the confidentiality of that data (a keylogger running within the sandboxed environment can still capture keystrokes and communicate them to a 3rd party)... furthermore, when operating within the sandboxed environment, both the availability and integrity of the host environment's data can seem to be compromised and sometimes in unnoticeable ways (imagine a trojan that modifies your bookmarks/favourites so that the link that used to point to your bank now points to a phishing site - your real bookmarks are unaltered but within the sandboxed environment you see forged bookmarks)...

finally, as you yourself pointed out, a virus running inside the sandboxed environment can propagate... whether or not it can get from the sandbox to the host system is immaterial as it can still spread from your sandbox to other systems...

fundamentally, if the malware can run at all then you're not protected from it... a sandbox protects the integrity of the host system, but there are other threats malware can pose that don't affect integrity...