AntiVirus Protection No Longer Needed?
A startup firm says that security software on your computer is unnecessary. Their solution to protect users against viruses and other malware is simple: keep malware out by not letting the Internet in. Here is how Menlo Security plans to do it...
What is Menlo Security?
A new approach to protecting end users against malware was revealed the first week of June, when Menlo Security emerged from its “stealth” period with $25 million in venture capital and an outline of its plan to put anti-malware software developers out of business.
One of the big problems with conventional anti-malware solutions is keeping up with the bad guys. As I reported in May, an average of 255,000 new malware threats are detected each day. Anti-malware software will always be behind in detecting new threats; some will slip through, inevitably. Another problem is getting users to install anti-malware software on their devices and keep it up to date.
Menlo Security aims to solve both of those problems by acting as an intermediary (proxy) that filters out all the bad stuff, before it has a chance to reach your computer.
When a browser fetches a web page, normally the request goes directly to that website. In Menlo's approach, HTTP requests for content go to a Menlo Security Isolation Platform (MSIP) instead. The MSIP fetches the requested content and executes everything in it – Java applets, Flash animations, PDF files, and other things in which bad guys like to hide malicious code. Everything, good and bad, executes in a virtual machine created just for that user session on an MSIP server.
The MSIP transmits to the user only “rendering information,” the essential code that makes a website appear and behave as it should in your browser. Animations still roll, but without Flash. Shopping carts, cookies, browser plugins, and other widgets work just as they should. There is no noticeable delay while MSIP does its magic, according to Menlo.
Hit Me With Your Best Shot
Meanwhile, any malware in the Web content is vainly struggling to do its dirty work in the virtual machine. When the user ends a Web session, the virtual machine and everything in it just vanishes.
Bromium vSentry takes a similar approach of isolating Web content in a virtual machine. But it requires installation of software on the end user’s machine. The virtual machine actually runs on the end user’s device.
Menlo plans to deploy its MSIP platform as a cloud service (public or private), and as a turnkey solution sold to enterprises who want to run their own MSIP servers. Right now, at launch, there’s nothing consumers can run out and buy. So don't uninstall your security software just yet.
Menlo has two other “products” that seem to be just special use cases of the MSIP. The “Email Isolation Service” does not prevent malware-infected email attachments from doing their damage. It simply filters Web content requests when users click on links in email. The “Doc Isolation Service” renders dangerous documents such as PDFs, Word docs, and Excel spreadsheets in an MSIP virtual machine, and makes “sanitized” versions available for downloading or viewing in a browser.
Menlo Security has a potentially game-changing concept. Enterprises may well jump on MSIP to solve security problems for their many employees. But Menlo will have a bigger challenge getting end users to let Menlo filter all of the Web content they see.
Effectively, Menlo acts as a gatekeeper, allowing only what it deems “fit” to get to end users. There's no evidence that they would do any sort of censoring. But since everything you retrieve from the Web will pass through Menlo servers before reaching you, there will of course be privacy concerns. Tin-foil hats will be twitching.
Downloads: An Achilles Heel?
One question that remains after reading Menlo's documentation is how they will handle downloads, and in general, the introduction of new software. Long-time readers here will know that I've written about the problem of foistware often. Will they simply block users from downloading new software? Will the downloads be "sanitized" to remove unwanted or malicious components? What about software that's installed from a CD or flash drive?
Traditional anti-virus programs scan executable files (software) and analyze both their content and behavior while running. Menlo's solution (which is confined to your Web browser) doesn't seem to address this at all.
I see much promise in Menlo's approach to preventing Web-based malware threats. But does it really eliminate the need for anti-virus software? I'm not sure it does. Once I've had an opportunity to try the MSIP service, I'll report back here.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 12 Jun 2015
|For Fun: Buy Bob a Snickers.|
Poof! Abra Sends Money With Magic
The Top Twenty
Geeky Gifts For Dads and Grads
There's more reader feedback... See all 22 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- AntiVirus Protection No Longer Needed? (Posted: 12 Jun 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved