Wednesday, October 31, 2007

Playing in a sandbox

I've been thinking about this for a while now. It's bothered me to the point where I can't help but to write about it and suck it up and do some research.

I'm talking about sandboxes. Not the kind your kids play in, but the kind that you want to run something in when you don't trust it's intentions. Say, for example, you have a website you want to go visit that's not exactly super trustworthy. You really want to go grab some latest hacker-tool, or download some script, or some piece of knowledge -whatever. You know you're not going to use MSIE (doesn't matter what version) and you're not sure that even FireFox will protect you adequately against what this particular site may throw at you...

So what are you paranoid about? Remember you're not paranoid if they really ARE out to get you. And boy howdy are they. They being the "bad guys" out there, in cyberspace, trying to take over your computer, steal your credit card information, use your computer to attack the government of Canada, and any number of nasty things.

So you are now faced with two choices if you're the conventional user.
  • Option 1 is to simply forego visiting the site... not necessarily the best way to go - but at least it's safer
  • Option 2 is to take a chance and hope you're not infected with some trojan, BHO, or XSS'd out of your life savings.
  • But there's a secret Option 3! That's right - you can "sandbox" your browser and render it (or at least your computer) impervious to those nasty bugs out to get you.

Right about now you're either telling yourself that this I'm some loony selling snakeoil to a dying man. You're only half right. I'm doing some research in this area, and will have some intersting findings soon. If you happen to know some vendors (big or small) who are selling or giving away tools to help in this endeavor - please contact me! If you're a vendor - contact me. I'll publish the results of my research in a few weeks and hopefully make us all a teenie bit safer.

I'm looking for products to review, and people to help test "real life" scenarios. Please let me know if you'd be willing to participate.

/Be safe!

No comments: