Monday, October 02, 2006

Browser Protection Utility

There's a scumware plague at the moment. All it takes is a visit to a pushy web site or a "loaded" shareware install and next minute your Internet Explorer homepage has been changed, your default search setting altered, unwanted ads pop up on your screen and worse.

If you use Windows 2000 or later my top recommendation for safe browsing is a free program called Sandboxie [1] that creates a special contained "sandbox" environment on your PC. While browsing within the virtual sandbox provided by Sandboxie you are totally corralled off from other parts of your PC. So any files you download are isolated to the sandbox. Similarly, any programs that are executed only do so within the sandbox and have no access to your normal files, the Windows operating system or any other part of your PC.

Usage is remarkably simple. To start a sandboxed browsing session you just click the Sandboxie icon from the Quick Launch tray and this will launch your default browser in the sandbox. You can then use it in the normal way to browse to sites or download files.

If you downloaded a file it will install normally but again will be corralled off from your real PC. Anything it writes to your hard drive, any changes to the Windows Registry or changes to the Windows startup will be held in a separate area within the sandbox. Similarly, any new processes running in your computer memory will be sandboxed.

After you have finished browsing you can right click the Sandboxie icon and delete all sandboxed files and processes and your PC will be returned to the same state it was in before the browsing session. If you want retain particular downloaded files you can save them permanently before clearing the contents of the Sandbox.

The advantage is clear: any spyware, trojans, keyloggers or other malware products that infected your PC while browsing will be eliminated.

Sandboxie works fine with all browsers but requires Windows 2000 and later. It can cause problems on some PCs so backup before installing.

Users of earlier Windows versions may want to check out SpywareBlaster [2]. It's is not a sandbox but rather is a program that changes some settings in your computer to help prevent an initial infection. It provides protection against thousands of malevolent products that use ActiveX based exploits, block hostile sites and discards unwanted cookies as well. SpywareBlaster is most effective with Internet Explorer but can be used with Firefox as well. though this may be overkill as Firefox doesn't need to be protected against ActiveX exploits. Once it has changed your setting SpywareBlaster doesn't really need to continuously run on your PC other than to provide automatic updates. These can however be initiated manually. SpywareBlaster is free but the update service costs $9.95 annually.

A companion program to SpywareBlaster is SpywareGuard [3] that provides active protection. It is a monitor that checks programs before they are run for malware behavior and also does some signature checking as well. However of late SpywareGuard seems to have been rather neglected with no new updates for more than a year so I can only give it a qualified recommendation.

An alternative to SpywareGuard is to use one of the free intrusion prevention and detection utilities. These provide active protection against infection and work very effectively in concert with the passive protection provided by SpywareBlaster.


[1] http://www.sandboxie.com Free for personal use, Win2K and later, 310KB
[2] http://www.javacoolsoftware.com/spywareblaster.html Freeware, all Windows version, 2.5MB
[3] http://www.javacoolsoftware.com/spywareguard.html Freeware, All Windows versions, 913KB

No comments: