Disarm Net Threats

Walled-Off Apps

GreenBorder Pro, which works exclusively with IE, goes a step farther than DropMyRights or 1-Defender by creating a protected "sandbox" for the browser to work in. The utility blocks attempts by malware to write to system folders and perform various other administrator-type activities, and it blocks access to all your documents. It also offers a more-protected Privacy Zone mode (for online banking and the like) that blocks all access to your browsing history and other data. When running, it puts a noticeable green border around IE. If a toolbar or anything else within IE tries to open a file, you get a pop-up asking whether you want to allow it. Downloaded executables can't run until you remove GreenBorder's protection; if it's unknown to you or unexpected, you can research the app before deciding whether to permit installation of it.

Your bookmarks carry over to and from the sandbox without a hitch, but toolbars and other browser add-ins don't. You must start IE unprotected to install a toolbar if you want it to be permanent.

GreenBorder installs and runs smoothly, and a Firefox version is in development. But given its yearly subscription fee, the protection may cost more than it's worth.

Virtual Sandbox, from Fortres Grand, sets up a sandbox, too, but it can do this for any program on your computer. The program scans your system when you install it, and will offer to run all browsers in a sandbox by default. E-mail programs run normally, but any double-clicked attachment runs in a sandbox. It gives you complete control over each program, allowing you to set only the ones you want to run in a sandbox.

Because it works with any program and blocks new apps from running without your permission, Virtual Sandbox affords more protection than GreenBorder. But it's also significantly more demanding. You'll get one or more pop-ups asking how you want to handle any new program, whether you're installing new software or a standard Windows program or process that the utility doesn't know about yet. The configuration menus can be hard to decipher, too.

Users who want added protection but don't want to deal with Virtual Sandbox's complexity may be interested in the free VMWare Player and Browser Appliance. This bundle's two-step installation routine is surprisingly easy, and afterward you'll have Firefox running within a fully distinct Ubuntu Linux operating system (the full download is about 300MB). The combination runs within its own window, completely segregated from the Windows OS. If you come across something that can break through Firefox running under Linux, the malware won't be able to get to anything in Windows. And restoring the isolated browser to a clean state is simple.

It's strong protection for Web surfing, but the player consumes a lot of resources when running--about 300MB of memory with four open tabs in Firefox (after a fresh install). Also, you have to set up a new browser, and you can't simply copy a saved bookmarks file into the virtual player environment.

All of these programs allow you to browse and do e-mail without incident, and all effectively improve your security. But by itself, fixing the admin rights vulnerability stops most current malware cold, according to Joe Stewart, senior security researcher at LURHQ, an Internet security firm. So unless you really need the additional level of protection that sandbox and virtualization apps provide, a rights-limiting tool such as the free DropMyRights may be your best bet.