With the changing nature of threats in cyberspace, the need is growing to absorb attacks and to protect online identities against both high-profile and stealthy infiltration attempts. These new types of threats often evade detection by traditional antivirus solutions and security suites, infecting users who think they are protected. No longer satisfied with just slowing your PC or causing havoc, these new attacks hijack your PC, access your personal information, and steal your money.
Why is this? The issue is the changing nature of malware over the past three years. At first, viruses and worms were created and propagated largely for attention-seeking purposes – to create headlines and online spectaculars. Furthermore, they all shared a common method of propagation, by email. This made security something of an arms race, but a race that was easy to keep up with, provided that you used antivirus software and kept its signatures up to date.
The malware menace – but not as we know it
Since 2005, methods of attack have changed. The acknowledged influence of organised online criminal groups has led to the development of more stealthy, invasive attacks. The intention is not to draw attention to the attack, but to create malware, which does NOT register on users’ security radar.
These new attacks are heavily focused on stealing personal information for financial gain. The result is a proliferation of Web threats, such as phishing attacks via fake Web sites, drive-by downloads from malware-infected sites, and keyloggers that pose enormous risk to personal privacy. All of these invoke fear among consumers that have begun to significantly alter their online behavior. So if threats have moved from email to lurking in cyberspace, it makes sense to add protection to the software that is your Internet vehicle – the Web browser. After all, the browser has become the main route that malware and other attacks take to infect your PC.
Shield of steel
From ancient Greece to the Enterprise, shielding against attack is hardly a new concept. And it’s one that can equally be applied to the virtual world – an often-discussed technique for protecting systems from Internet-based malware is a shield or protective shell that surrounds Web-based applications.
This shield works by preventing the application from accessing operating system resources, and from adding programs or making changes to the host system. Putting these applications in a protective bubble goes a long way towards improving Internet security. This model has been in use for years, with Java and other Internet programs using a form of it. But until now it hasn’t really entered the application area for average users that’s most in need of security – namely the Web browser.
Choosing the right weaponry
What exactly should you look for in a browser-based security tool, and what functionality does it need to have in order to deliver the best possible protection when surfing the net?
Hire your very own virtual surfer: The concept of virtual surfing is that by using virtualised browser-based security you are in effect creating a duplicate version of the user to block Web attacks. Adding a virtualization layer to seal the Web off from the Windows operating system will protect the PC – and crucially, your identity and personal details – against malware attacks, making it safer to surf.
Seen but not heard: Opt for an unobtrusive browser-based security tool, which does not force you to change behavior and does not slow down a browsing session. You shouldn’t have to learn new ways to surf or buy a new, super fast PC in order to fully enjoy the World Wide Web.
Right to roam: The right solution should balance the need for advanced protection with giving users the freedom to access the material they want, which is after all one of the chief raisons d’être of the Internet. The right solution will automatically scan for malware and warn users if a problem is detected, yet will ultimately give them the ability to access if the user wants.
Block predators: Even if you have a full security suite, some malicious spyware may be running on your PC. Browser security should block predators like keyloggers and screengrabbers so even if they exist on your PC, they can’t spy on what you are doing within your Web browser.
Trust, but verify: An additional must-have checks to see if the site being visited is a known phishing or spyware site. A prominent warning should make it easy to back away from the dangerous site, though it should still provide the option for users to continue if they wish.
Let’s see what’s out there.
New tools are emerging to help manage and contain the threats posed by the latest Web-based malware. These can put a virtual “shield’ around your Web browser, and protect your PC against increasingly sophisticated malware – providing security at the point where your online identity touches the Internet.
What benefits does a shield bring to your online sessions? Put simply, you can’t always know what’s out there, or what malware or data-theft risks a seemingly harmless Web site may harbour. Having a cyberspace shield can help you boldly go where you may have been worried to go before.