Virtual Sandboxing - Safe Testing of Web Applications
With increasing browser flaws and exploits based on (intended to capitalize on the flaws), a new process was introduced for the protection of users employing execution-based malware detection. This development was achieved by security boffins at the Usenix Security Symposium, Boston on, August 8, 2007.
Alexander Moshchuk, a graduate student from University of Washington, led a demonstration. He is also a member of the research team which developed SpyProxy, a tool to filter out malevolent programs. He said that the use of 'virtual sandboxing' is effective for testing the Web applications for dubious behavior before these applications make their way to end-user's browsers, according to PC WORLD on August 9, 2007.
Daily expansion of the danger of drive-by strikes and zero-day exploit is occurring with malware authors making their attacks more sophisticated. Security experts are increasingly downplaying the ability of conventional signature-based anti-virus technologies in putting a check on several online attacks. Therefore, many researchers are using technological means, including Virtualization, in a bid to tackle the problem.
SpyProxy creates a virtual machine which is identical to the one used by the user running the tool. It fully provides any page or application being accessed to detect an attack contained in the URL.
In the view of the researcher, despite the delays in Web page delivery due to the process, for approximately three seconds per URL in an unmodified state, the reward of doing away with many zero-days and drive-bys makes the technology preferable for some end-users.
The UW team conducted a test of around 2,000 Website requests over 124 individual URLs. The researchers detected almost 27 active browser exploits and 73 spontaneous downloads capable of representing malware, adware and other undesirable programs. SpyProxy, as the group claims, identified and blocked each of the threats.
Moshchuk revealed the hopes of the UW team for other security researchers to adopt similar measures in tackling malware with active detection and the promise that expansion and improvement of SpyProxy would continue.
Moshchuk refutes the purpose of creating a perfect security tool, insisting on a genuine concern for further exploration of the technique. He, however, added that the tool is already ready for people to use without a drastic impact on the end-user experience.
Related article: Virtual Cyber Attack finds Flaws in Cyber Security
» SPAMfighter News - 27-08-2007