Virtualize your browser to prevent drive-by malware attacks

Does Web browsing make you fearful of picking up a virus or downloading malware? It won't if you do your browsing in a virtualized environment on your desktop. Invincea Browser Protection uses virtualization technology to separate untrusted content coming from the Web from the rest of your desktop and network.

When you open up a browser session and visit Web sites and click on hyperlinks, do you feel a little apprehensive about the possibility of drive-by malware getting installed on your PC? I sure do, even though I keep my antivirus/antimalware software and other security measures active and up to date. I might be a little paranoid, but for good reason.

According to the Websense Security Lab, the number of Web sites with malicious software grew 225% in the last six months of 2009. Seventy-one percent of Web sites with malicious code are legitimate sites that have been compromised by hackers. You're not even safe doing a simple web search; 13.7% of searches for trending news and buzz words lead to malware. And, by 2009, Kaspersky Lab had collected more than 32 million samples of malicious programs—double the figure from 2008.

15 secrets of next-gen browsers

Making matters worse is the fact that the average antivirus detection rate is about 19% on the first day of the malware's appearance, and only 62% after 30 days. These statistics are based on independent analysis from the cyber intelligence company Cyveillance. Now how do you feel about that Web surfing you like to do?

A company called Invincea (formerly known as Secure Command) has developed a solution that lets you browse all the Web sites you want without fear of picking up a virus or surreptitiously downloading malware. Borne out of research from DARPA and the George Mason University Center for Secure Information Systems, Invincea Browser Protection uses virtualization technology on the desktop to separate untrusted content coming from the Web from the rest of your desktop and network by putting it in a virtual environment. When you open your browser, Invincea seamlessly virtualizes the session.

Malicious activity is detected and isolated in the virtual browser environment in real-time. Detection does not depend on signatures. A restoration process then deletes the whole virtual environment with the malware and restores the original browser environment in a pristine state. During the restoration, Invincea gathers forensic intelligence about the threat, including the site that caused the infection and the code's actions; system changes; communications and spawns—all of its behavior. Event details about all programs, executables and malware that are downloaded during a session are tracked, and all system behavior is observed. This quantifiable data includes additions, deletions or changes to system registry keys; modifications to the file system; and network requests to other servers by malware. With such detailed information, you can know how, where and when your systems are infected.

Invincea Browser Protection installs on a Windows desktop and is totally transparent to the user. When a user opens up the browser, it looks and performs like Internet Explorer, Firefox, Safari, Chrome or the browser of choice—but it's totally within a virtual environment. Users can import their bookmarks and short-cuts from their original browser to personalize the Invincea browser. You can deploy the browser to your end user community in the typical way that you install other Windows applications.

Because PDF files are another source of frequent malware infections, Invincea also offers an add-on to the browser application that provides Adobe Reader in a virtual environment. Just like the browser session, any malware detected in the PDF reader virtual session gets isolated and deleted without harm to the desktop.

If my description of how the Invincea virtual browser solution works makes it sound easy, it's not. It's very complex technology that locks down the Web browser from malicious attacks but still allows all the functionality that users are accustomed to. If you're curious about it, give it a try. Invincea will set you up with an evaluation to help you decide if this solution is right for your enterprise.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in