AntiVirus Protection No Longer Needed?
A startup firm says that security software on your computer is unnecessary. Their solution to protect users against viruses and other malware is simple: keep malware out by not letting the Internet in. Here is how Menlo Security plans to do it... |
What is Menlo Security?
A new approach to protecting end users against malware was revealed the first week of June, when Menlo Security emerged from its “stealth” period with $25 million in venture capital and an outline of its plan to put anti-malware software developers out of business.
One of the big problems with conventional anti-malware solutions is keeping up with the bad guys. As I reported in May, an average of 255,000 new malware threats are detected each day. Anti-malware software will always be behind in detecting new threats; some will slip through, inevitably. Another problem is getting users to install anti-malware software on their devices and keep it up to date.
Menlo Security aims to solve both of those problems by acting as an intermediary (proxy) that filters out all the bad stuff, before it has a chance to reach your computer.
When a browser fetches a web page, normally the request goes directly to that website. In Menlo's approach, HTTP requests for content go to a Menlo Security Isolation Platform (MSIP) instead. The MSIP fetches the requested content and executes everything in it – Java applets, Flash animations, PDF files, and other things in which bad guys like to hide malicious code. Everything, good and bad, executes in a virtual machine created just for that user session on an MSIP server.
The MSIP transmits to the user only “rendering information,” the essential code that makes a website appear and behave as it should in your browser. Animations still roll, but without Flash. Shopping carts, cookies, browser plugins, and other widgets work just as they should. There is no noticeable delay while MSIP does its magic, according to Menlo.
Hit Me With Your Best Shot
Meanwhile, any malware in the Web content is vainly struggling to do its dirty work in the virtual machine. When the user ends a Web session, the virtual machine and everything in it just vanishes.
Bromium vSentry takes a similar approach of isolating Web content in a virtual machine. But it requires installation of software on the end user’s machine. The virtual machine actually runs on the end user’s device.
Menlo plans to deploy its MSIP platform as a cloud service (public or private), and as a turnkey solution sold to enterprises who want to run their own MSIP servers. Right now, at launch, there’s nothing consumers can run out and buy. So don't uninstall your security software just yet.
Menlo has two other “products” that seem to be just special use cases of the MSIP. The “Email Isolation Service” does not prevent malware-infected email attachments from doing their damage. It simply filters Web content requests when users click on links in email. The “Doc Isolation Service” renders dangerous documents such as PDFs, Word docs, and Excel spreadsheets in an MSIP virtual machine, and makes “sanitized” versions available for downloading or viewing in a browser.
Menlo Security has a potentially game-changing concept. Enterprises may well jump on MSIP to solve security problems for their many employees. But Menlo will have a bigger challenge getting end users to let Menlo filter all of the Web content they see.
Effectively, Menlo acts as a gatekeeper, allowing only what it deems “fit” to get to end users. There's no evidence that they would do any sort of censoring. But since everything you retrieve from the Web will pass through Menlo servers before reaching you, there will of course be privacy concerns. Tin-foil hats will be twitching.
Downloads: An Achilles Heel?
One question that remains after reading Menlo's documentation is how they will handle downloads, and in general, the introduction of new software. Long-time readers here will know that I've written about the problem of foistware often. Will they simply block users from downloading new software? Will the downloads be "sanitized" to remove unwanted or malicious components? What about software that's installed from a CD or flash drive?
Traditional anti-virus programs scan executable files (software) and analyze both their content and behavior while running. Menlo's solution (which is confined to your Web browser) doesn't seem to address this at all.
I see much promise in Menlo's approach to preventing Web-based malware threats. But does it really eliminate the need for anti-virus software? I'm not sure it does. Once I've had an opportunity to try the MSIP service, I'll report back here.
Your thoughts on this topic are welcome. Post your comment or question below...
|
|
This article was posted by Bob Rankin on 12 Jun 2015
For Fun: Buy Bob a Snickers. |
Prev Article: Poof! Abra Sends Money With Magic |
The Top Twenty |
Next Article: Geeky Gifts For Dads and Grads |
There's more reader feedback... See all 22 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- AntiVirus Protection No Longer Needed? (Posted: 12 Jun 2015)
Source: https://askbobrankin.com/antivirus_protection_no_longer_needed.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "AntiVirus Protection No Longer Needed?"
(See all 22 comments for this article.)Posted by:
Bob D
12 Jun 2015
I agree that you would still need AV software, but together your system should be very secure. Downloads are ot as big a prpblem as the web. Using a restore point and sandbox and loading programs manually will pretty much take care of downloads
Posted by:
Larry Dempsey
12 Jun 2015
Using a virtual machine is using a permitted man-in-the-middle. I would be wary of using this process for online banking, buying and selling stocks, and when accessing any website or online application where an ID and password is required.
Posted by:
Jon
12 Jun 2015
Useful report. Thanks!
Right or wrong, the idea of dealing with the dark side of the Internet before to reaches a computer is a bit "out of the box".
No struggle within that home or small office computer - instead sanitation is done away from our tender eyes. Sort of like a slaughterhouse for meat eaters who don't want to think of the source.
Are there better out of the box ideas out there? Ones that don't trigger that perky Rankin perspective.
Posted by:
Nancy
12 Jun 2015
An intriguing concept, but I'd consider using it as an additional level of security without dropping my anti-virus software until it had been proven over some years of use.
Posted by:
Richard Stoker
12 Jun 2015
It sounds just too good to be true. I worry about future tracking and censorship possibilities. What use could governments make of the system?
Posted by:
twinsdad9901
12 Jun 2015
You mentioned http:, but did not say anything about https:. Will this still work when connections are encrypted? Would you even want to use it if you are using https:? It does seem to be more like "nanny-ware".
Posted by:
tonygad
12 Jun 2015
Hmmm Bob! Your article has grabbed my interest and attention and in the meantime, I'll await your testing and analysis. At first face downloading seems to be its Achilles heel.
Posted by:
Robert B
12 Jun 2015
I have ben a long time fan of using proxys That is what they are doing in a nut shell. the adding of a windows vitural session should prevent most of the other malware, however this will just get thge bad guys to start thinking smarter. After all if I can get into your machine by using the website then I will try by E mai, phone or download. This is a start however lets not forget that even if I get a malware attacked most malware protection come with a systems scrubber that will isolate the bug and distroy it. That is an area that is lacking in their approch. So yea lets start there and we should still keep our antimalware on
Posted by:
Francis
13 Jun 2015
Well nobody said run, out and sign up,Bob said it will have to take further investigation,that should be enough.
Posted by:
Chuck Johnson
13 Jun 2015
This is a fascinating idea, but I agree with Ivan - would this slow everything down? I can't see how it wouldn't. Otherwise, I hope this succeeds!
Posted by:
Gil Pahlow
13 Jun 2015
Gmail worked on my laptop since 2006. But January 2015 I bought a Samsung Tablet. 10.1.
Now after every time I use the Laptop (W7) I need to re-set my Gmail password in that Laptop. Why?
Thank you Gil Pahlow
Posted by:
Ron W
13 Jun 2015
I would imagine hackers will find a way to hack their system and use it to send stuff to the users computers.
Posted by:
MmeMoxie
13 Jun 2015
Excellent reporting on a new product and idea, Bob!
I agree, with Jon ... This is definitely, "out of the box."
However, my skeptical mind ... Tends to think, one program for all security issues ... Seems, to good to be true. Plus, there is always that one diligent hacker or hacker group, who will try to his/her or their dying breathe, to compromise that program!!!
Cloud computing seems to be the way to go ... But, as we all know ... Hackers go that way, too.
Posted by:
Marc
13 Jun 2015
"When a browser fetches a web page, normally the request goes directly to that website. In Menlo's approach, HTTP requests for content go to a Menlo Security Isolation Platform (MSIP) instead. The MSIP fetches the requested content and executes everything in it – Java applets, Flash animations, PDF files, and other things in which bad guys like to hide malicious code. Everything, good and bad, executes in a virtual machine created just for that user session on an MSIP server."
I'm not so sure I like the idea of my HTTP traffic going to a website. What assurances do we have that our identity is protected and no records are being kept of the sites we visit and the flash and other files we view? This would be a boon to companies who want to track your web surfing habits and make it easier for the NSA to spy on you when they are able to get Section 215 of The Patriot Act Completely Restored as Congressional Members are trying to do. I'm more concerned about spyware and companies/government agencies collecting information about my web surfing habits than I am of a virus. If you are one of the many people with dial-up or a slow broadband speed such as 1.5 Mbps, these requests sent to the web server will significantly slow down your internet speed even more. Couldn't you use some sandbox or virtual machine to run Flash and other files to get the same effect?
EDITOR'S NOTE: Of course there are privacy concerns. But I think users with slow connections might see faster page loads, not slower. (Why? The "gunk" will be stripped out before your computer sees the page.)
Posted by:
RV Nunya
14 Jun 2015
I'm with Larry on this! I don't like the middle man cause then you have to deal with them knowing everything you download. I bet the government is all for it though and if so it will be done and there's nothing we would be able to do to stop it.
Posted by:
brightspark
14 Jun 2015
Sandboxing is a much better method. Everything is maintained locally, no middleman, and the isolation technique ensures no nasties get near the system. Just empty the Sandbox after a browsing session and everything is gone, including any malware.
Posted by:
Norbert (Bob) Gostischa
15 Jun 2015
The Webshield module in Avast checks all of your internet activity and blocks malicious items from ever reaching you. The Webshield is only one of the modules in Avast.
Using Avast protects you on your computer and while on the internet. It also has streaming updates so you always receive the latest protection for the newest discovered malware. (You do need to be online for the streaming update feature to be most effective.)
Posted by:
Daniel
15 Jun 2015
Fascinating. It's almost like a proxy sandbox.
For people with older/slower computers, it might actually speed up surfing. Not only because of garbage on your computer, but also because a MUCH faster processor at the server level is doing all of the rendering, then transmitting the result. I wait with great anticipation to see the results of Bob's evaluation.
Posted by:
AlJ
15 Jun 2015
This is the first time I have heard of the sandbox concept. Looks like another article for you, Bob.
Posted by:
Linda Anne Quinlan Gasper
22 Jun 2015
Another great article, Bob. Personally, I'm looking at the "Bit defender Box". It's gotten some hype, but has a few quirks to work out so it's not quite ready for prime time-so to speak. However, with the IOT's, coming a fast reality, this "box" seems to have promise. My downside is, why is it always other countries, such as Romania with the box, that burst on the scene before us in the U.S. I would love to see some home-grown tech a long this road. We'll just have to wait and see.
LindaSView