Click to see screenshots
An often-discussed technique for protecting systems from Internet-based malware is the concept of a sandbox. In the sandbox model, Web-based applications run in a protected shell that prevents them from accessing operating system resources and from adding programs or making changes to the host system. While it isn’t a perfect solution, it does go a long way toward improving Internet security.
This security model has been in use for years, with Java using a form of it, as well as other Internet programs, but it hasn’t shown up too much in the most obvious area, namely Web browsers. Today probably the biggest implementation of a sandbox-style security model is the protected mode Internet Explorer 7 runs under in Vista.
Attempting to fill this gap is a new product from ZoneAlarm called ForceField, which recently went into beta. ZoneAlarm ForceField currently works on Windows XP systems running Internet Explorer or Firefox. When installed it adds several layers of security to a Web browsing session, including what ZoneAlarm calls virtual surfing, which adds a virtualization layer to seal the Web browser (and any scripts or malware that might try to run in it) off from the Windows operating system.
In tests of the beta I found it to be fairly unobtrusive, especially compared with other browser-based security tools I’ve tested. It also didn’t appear to add too much overhead to my browsing session, even on one test machine whose hardware is far from state of the art. When the system is activated the browser windows have a shield-like aura around them.
One of the nicer features in ZoneAlarm ForceField is that it will automatically block files that try to run or download automatically but will give users the option to download content that they have chosen to download. In these cases though, ForceField will scan the files to see if they are some form of malware and will warn the user if a problem is detected in the file. ForceField also includes features designed to prevent keyloggers or screengrabbers from functioning within the browser.
Among the standard security tools in ForceField are automated checks to see if a site that is being visited is a known phishing or spyware site. If such a site is loaded ForceField shows a prominent warning about the dangers of the site and makes it easy for users to back away from the site (though it still does provide an option for users to continue if they so choose).
ZoneAlarm ForceField also includes a privacy option that prevents any cookies, history or other data from a surfing session from being saved.
In general I found a lot to like in ZoneAlarm ForceField, especially in the virtualization and download protections. Most of the anti-phishing and privacy features are already included in current-generation browsers, though they were well-implemented in ForceField.
One feature in the beta that I found questionable was a button for Site Status. When clicked this button provides information on a site, usually saying something like “Safe: You are free to move about this site as you wish.”
However, I clicked this button on several sites that I knew to be extremely untrustworthy (sites known for providing spyware and other forms of malware) and got that exact same “Safe” message.
Hopefully this is just a quirk of the beta and the shipping version will be more careful about what sites it labels as “safe.”
To download the beta of ZoneAlarm ForceField, go to www.zonealarm.com/forcefield/