With GreenBorder Professional 2.7.3, GreenBorder Technologies Inc. takes a novel approach to combating Microsoft Corp. Outlook- or Internet Explorer-borne malware.
Instead of relying on reactive signature-based detection to deter malware, GreenBorder Professional isolates threats from the rest of the operating system. GreenBorder adds a layer of virtualization between the core Windows operating system and Outlook 2002 and 2003 or IE, essentially creating a shadow file system and registry and utilizing protected memory. Any files, services or settings spawned from a GreenBorder-protected application can be easily removed with the click of a button or when the user logs out.
GreenBorder Professional requires administrators to identify trusted IP address ranges or e-mail domains that can safely be accessed without GreenBorder protection. Content from all other Web sites or e-mail domains can be accessed only through the GreenBorder environment.
However, GreenBorder Professional, available this month, is best considered a complement to anti-virus/desktop firewall applications and proper patching strategies , because it cannot protect against network-borne worms or threats brought in through file shares or removable drives.
GreenBorder Professional is sold on a yearly subscription basis, which seems a little unusual because there is no need for ongoing signature updates. For 100 users, GreenBorder Professional costs $39 per seat per year for Outlook and IE protection. The license cost includes the central management and reporting server as well as tech support.
The GreenBorder Professional agent effectively controlled malware infestations on our test systems and remained fairly unobtrusive for users. By stripping IEs administrative permissions within the protected area, GreenBorder Professional thwarted many malware strains from installing at all. Others did install, but the files and services were removed when we logged out.
Some threats are allowed to install within the protected area, so the resulting processes and services will consume system resources until they are flushed. Administrators can centrally control resource utilization dedicated to the protected area to help avoid system crashes or significant performance degradation.
The GreenBorder server installs on Windows 2000 Server or Windows Server 2003 and requires either a Microsoft SQL Server 2000 or an MSDE (Microsoft SQL Server 2000 Desktop Engine) database. From the server, which is managed via a Web console based on IIS (Internet Information Services), we could define policies that describe trusted networks and dictate which information is transitory, and how much control individual users have over untrusted data.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.