With more and more people performing more and more everyday activities online, cyber-crime has become a major growth industry. However, while the criminals’ methodology continues to evolve, in terms of both ingenuity and sophistication, the majority of home computer users are still relying heavily on traditional and antiquated antivirus technology.
Computer security has always been a hot topic and one which is purely subjective. That’s largely because the level of protection required is specific to each individual user and generally commensurate with the user’s level of computer savvy. An advanced computer user, for example, will not only be computer savvy but also security savvy – the two, more often than not, going hand in hand. Consequently, most advanced users tend to require only a basic form of protection– their primary defense being what’s between the ears.
At the other end of the scale, novice users, or those who have not managed to come to grips with the technology, are far less security savvy and usually require greater levels of protection. One thing is for certain– there has never been and never will be any antivirus product which can protect users from themselves. That said, there are security technologies available which have the potential, in my opinion, to provide far more effective protection.
Sandboxing and Light Virtualization
Sandboxing: a technology whereby data associated with the user’s computer activity, including online, is selectively isolated into a special folder (or sandbox) thereby eliminating any changes to, or effect upon, the system. When the user has finished whatever they are doing, they simply empty the Sandbox and everything is gone, including any malware or nasties picked up along the way– Sandboxie being a typical example.
Pretty much any program can be run in a sandbox, and users can quite easily choose to retain any data they want to keep. Sandboxing technology firmly places the emphasis on security. For example; Sandboxie’s product page describes the software thus:
Sandboxie uses isolation technology to secure your favorite web browser and block malicious software, viruses, ransom-ware and zero day threats by isolating such attacks in the Sandbox, leaving your system protected.
There are two types of virtualization: full and light. Full virtualization refers to a virtual machine running an operating system as a separate entity within the host (or existing) operating system.
Light virtualization is when a specific type of software is used to place the existing operating system in a virtual environment, or sandbox. I guess it could be described as system-wide sandboxing. In simplistic terms, light virtualization works by first creating a system snapshot which is then restored upon reboot, thereby discarding any changes. ToolWiz Time Freeze is a typical example of light virtualization software.
While quite a few light virtualization programs have been released over the years, they haven’t exactly set the world on fire, with several going by the wayside. Largely because, to date, none have proven to be entirely issue free. Also, the consensus among most experts is that, in their current form, these types of programs do not provide 100% protection against certain types of malware, and there have been instances in the past which confirm this view. Furthermore, these programs do not generally include ‘discard changes’ or ‘retain changes’ options at the point of rebooting. While there are generally options included to selectively retain data, the process can be quite complex for novice users.
That said, even though this type of software has proven to be somewhat problematic, it clearly has the potential to provide optimum protection and I wonder why major security companies have not invested in further research and development. I’m pretty sure they’d have the necessary resources, financial and otherwise, to iron out the wrinkles. Maybe the security companies are not prepared to forego all the time and resources already poured into their traditional antivirus solutions. Who knows!
I’ve long been an advocate for sandboxing techniques, often suggesting that some sort of sandboxing facility should be an integral part of all operating systems. It could, if done properly, provide the ultimate protection for all users, and especially for the average Joe users out there who are the most vulnerable. Imagine novice users being able, at the click of a button, to lock down the entire operating system in a sandbox. Browse, download, do whatever they like, and at the end of the session, with another click of a button, choose to retain any wanted data/changes and discard all the rest, including malware.
Of course, regularly creating full system images is on a par. However, convincing novice users to backup anything can be an exercise in futility. Provide them with a simple, one-click solution which all but guarantees total protection while requiring zero expertise, and I reckon a lot of cyber-criminals might end up seeking legitimate employment.
Frightening Malware Statistics
According to a recent report by the G DATA security company, in 2016, G DATA experts counted 6,834,443 new digital malware strains, representing an increase of 32.9 percent compared to 2015. And the trend continued in Q1 2017 with 1,852,945 new malware strains, meaning that a new malware strain was identified every 4.2 seconds – a 72.6% increase over the same period in 2016. <source>
In my opinion, with the ever increasing proliferation and variety of threats in an expanding cyber-world, traditional definition-based antivirus is fighting a losing battle of catch up. What is required is a future-proof solution which covers every conceivable threat, known and unknown, instantly and effectively. A solution which is entirely proactive and not at all reactive. Maybe I am being unrealistic, however, I have little doubt that, some day, traditional antivirus will be supplanted by a far more comprehensive and effective solution.
What do you think? Will traditional antivirus protection be replaced some day? What might replace it? Maybe sandboxing/light virtualization, maybe something else?