Container virtualization technology has become increasingly popular in 2014, partly because of the meteoric rise of Docker. Yet Docker isn’t the only form of containers, and containers aren’t just for Web servers. Security vendor Comodo is using its own container technology to help secure end-user systems with a platform called SecureBox.
Comodo’s antivirus security products have been leveraging sandboxed containers for some time, Kevin Gilchrist, Comodo vice president of product management, explained to eWEEK. As part of Comodo’s antivirus product, unknown applications are run inside a container in order to prevent a system infection.
The Comodo container technology sits on top of the host operating system and intercepts application calls to sensitive areas of the OS. The new SecureBox technology aims to solve somewhat of a different problem than does Comodo’s antivirus product, Gilchrist said.
In some cases, a user is not trying to clean up an entire machine, or perhaps the user does not own the system, he explained. He gave the example of a financial services company that came to Comodo with a request to help secure its users’ machines but didn’t want the responsibility of actually managing those machines. With SecureBox, a user can have a secured area on the OS that creates a container to execute applications safely.
Applications run within the SecureBox are protected from a variety of common threats, including keyloggers, which are hacker tools that grab user keystrokes in order to steal passwords. The SecureBox technology is also tied to a cloud-based antivirus scan from Comodo to further mitigate the risk of exploitation.
“The optimal SecureBox customer is one that either can’t install a full security suite, or they want something that is easier and lighter to install,” Gilchrist said.
The idea of isolating an area of an operating system for security is not a new one. Security firm Quarri has a technology platform that provides secure sandboxed browsing. Dell has also built a sandboxed browser.
Comodo’s SecureBox isn’t just about the browser; it can be used for any application binary, Gilchrist said. “This is something that can provide security for mission-critical applications,” he said.
As a container technology, SecureBox boots up on top of a host OS. As such, there is still a potential risk from the OS itself to bypass the container security. OS-level bypasses are rare, and when issues are found, they can be fixed, Gilchrist said.
The Comodo cloud antivirus scanner that is integrated with SecureBox can also likely determine if there is any boot-level malware on a system, he added. “We also intercept the keyboard filter at the operating system-level for any keystrokes entered within SecureBox,” Gilchrist said. “Most often, keyloggers tap into the operating system libraries directly, so our innovation allows our application to evade the keyloggers, too.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.