Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

A GMO-free browser

Read: 20116 Comments: 2 Rating: 12

Friday, December 15, 2017

Users regularly ask us why Dr.Web doesn't incorporate certain features that are widely advertised by other developers. Could it be, they say, that you lack the necessary skills? Once again we’re talking about secure browsers. So, perhaps, it’s time we settled this matter once and for all.

There exist several established practices for making a browser “more secure” than a standard browser: launching a browser in a sandbox, using a different browser, or starting a browser under a special account or via another application.

Unfortunately, none of these methods is guaranteed to deliver a good result.

Different kinds of sandboxes exist: some are more resource-consuming and some less so; some have compatibility issues with other applications or are prone to glitches. While running browsers in a sandbox may address the issue of suspicious applications and files being launched in a system, it does nothing to resolve security issues involving the exchange of information. For example, it won't protect you against man-in-the-middle attacks. Furthermore, certain malicious programs are known to reach beyond sandboxes by exploiting certain vulnerabilities.

And from a security standpoint, a separate browser is a double-edged sword. If the browser is relatively unknown, then in theory the Security Through Obscurity principle may apply. However, should the browser's popularity increase, vulnerability and exploit enthusiasts will switch their attention to the browser, and thus it will cease being secure. And a small browser developer team will unlikely be able to discover and close vulnerabilities as fast as the "giants" whose browsers are used by millions of people. Furthermore, designing a browser from scratch is a very ambitious project requiring substantial investment, while its prospects are somewhat uncertain. A developer may also choose to design a browser using an existing engine like Chromium with all its pros and cons, including engine vulnerabilities.

A dialogue that took place between one of our customers and one of our support engineers in 2016 will best illustrate what happens when a conventional browser is turned into a secure one.

Customer:
Hello,
Does Dr.Web Security Space Pro provide protection for online banking transactions? Specifically, does it prevent attackers from capturing key strokes?

Support engineer:
Hello,
Apparently, you’re talking about the widely advertised option to enter symbols via a virtual keyboard as a means of protecting against keyloggers.

  1. Most more or less "serious" malicious programs circumvent this security mechanism.
  2. Integrating a keyboard into an anti-virus is a marketing gimmick rather than a useful feature. Our developers haven't implemented a virtual keyboard into our application for home PCs because this measure doesn't provide reliable protection.
  3. Integrating a keyboard into an anti-virus is a marketing gimmick rather than a useful feature. Our developers haven't implemented a virtual keyboard into our application for home PCs because this measure doesn't provide reliable protection.

Customer:
No, I'm also talking about so-called secure browsers that can be launched in a sandbox and thus prevent intruders from intercepting keystrokes on a real keyboard. I tested this feature with special software.
I use an up-to-date version of Dr.Web Security Space Pro 10, and it doesn't protect my input from keyloggers while I'm banking online, and my keylogger tests confirm that.

Support engineer:
The same method is used with a virtual keyboard even if you can't see it on the screen. An intermediate input interface is used to transmit information.
Any well-designed Trojan will circumvent the measure. That's why Dr.Web Security Space doesn't incorporate keyboard modules of this kind and is unlikely to do so in the future.
It does feature an anti-rootkit module which is designed to nail interceptors. The anti-virus is also equipped with a behaviour analyser that uses various criteria to block suspicious applications including those suspected of logging keystrokes.

Just like in medicine, it’s better to neutralise a disease rather than fight its symptoms by alleviating a fever for a little while. Or, even better, prevent an infection from ever happening?

#browser #Dr.Web_technologies

The Anti-virus Times recommends

  • Pay attention to prophylaxis, and, perhaps, there will be nothing to cure. As far as banking Trojans are concerned, update your browser and anti-virus regularly to make sure no malware appears on your computer or, worst case scenario, ends up in the quarantine.
  • Never disable the preventive protection feature! Dr.Web Security Space 11.0 features a new component named ShellGuard. This new Dr.Web ShellGuard technology blocks routes into the system so that vulnerability-exploiting programs can’t get in. Exploits are malicious objects that take advantage of software flaws, including those not yet known to anyone except for the intruders who created the exploits (i.e., zero-day vulnerabilities). Specifically, the technology protects popular web browsers. You can find out more about it here: https://products.drweb.ru/home/version11/new.
  • Don't mistake marketing and promotion for a sincere desire to help you solve all your problems. After all, even salt packages can have a GMO-FREE sticker on them. 😉.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments