[cap-talk] 'IX/Windows API problem for POLA? Polaris

Karp, Alan H alan.karp at hp.com
Mon Nov 21 01:36:43 EST 2005


Jed wrote:
> 
> I can understand that much of course, but presumably when I start the
> unpolarized browser with the plugin it is also not safe from 
> Trojan horses,
> esp. the plugin being a Trojan horse.  What I don't see is 
> how I get the
> potentially unsafe plugin to run in the polarized browser 
> with the permissions
> it needs.
> 
Polaris doesn't protect you from making a mistake and installing
malicious software.  However, if the plugin itself isn't malicious but
has a flaw that's used in an exploit, Polaris will help.
> 
> Hmmm.  Perhaps that's an area where I don't know enough to ask
> the right questions.  I haven't used IE for some time and I 
> don't really
> know what the issues are with ActiveX.  Presumably Polaris can
> "polarize" other browsers such as Firefox?
> 
ActiveX controls can be written in C and can do anything the process has
permission to do.  Polaris works with most software, including Firefox.
> 
> However, just for my curiosity, what authorities are given to a .boxed
> application?  For example, are such applications automatically given
> read/execute access to shared libraries?  Do you (or does anybody)
> have any experience running random application so "boxed" and seeing
> how much trouble one might run into having to "powerbox" needed
> access to things like config libraries, fonts, etc., etc. 
> before you get
> to the meat of what the application really needs to access?

We haven't done that study.  Basically, the boxed account gets full
access to the basic stuff an account gets, e.g., its My Documents, and
read access to the Windows folder.  Stiegler can give you the exact
permissions.  Many applications don't run boxed, but a good number do.
> 
> If that much is clean then I would say you've got quite a valuable
> facility there.  Heck, I'd like to use it.  I could get back 
> into the business
> of running some of those executables that people used to send 
> me before the
> Trojan business got out of control.
> 
You can sign our Beta license agreement if you want to be a test site
and give us feedback.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20051121/ddfe5d14/KarpAlanH.vcf


More information about the cap-talk mailing list