I have only one forecast for 2010

The article by security expert Dino Dai Zvi * seemed interesting.

When they talk about forecasts for the next year, it is customary to make lists and ratings. But I have only one forecast: 2010 will be the year of isolated software environments - sandboxes, in which desktop applications will process potentially dangerous data. And that is the time.

After the release of Windows XP SP2, the number of Internet worms dropped dramatically (Conficker became a noticeable but rare exception). This is due to two reasons: the new security policy XP SP2, when Windows Firewall is installed by default, and Wi-Fi. Yes, it is Wi-Fi. The rapid spread of wireless networks, which coincided with the release of XP SP2, has led many home users to buy wireless base stations, almost all of which contain a firewall. This dramatically reduced the attack surface — the number of Windows systems that could be scanned by hackers.
')
But back to our days. Today, the main sources of Internet security threats are malicious web pages and email attachments. The attackers are adventurous people, they quickly found the weak link where firewalls are almost useless. The main security problem has always been not the synchronization of packets, but the data: 1) the programmed attack area with which the data controlled by the attacker interact, and 2) sensitive data that attackers can get if they exploit vulnerabilities in these programs. Network firewalls can reduce the area of ​​attack from the network, but are powerless against local software that has Internet access.

The desktop equivalent of a network firewall is a sandbox with an application privilege system. These mechanisms allow you to remove the elephant (untrusted data) from the room (your data). The elephant stays on the street - in the sandbox. Although this method does not reduce the area of ​​attack, it significantly complicates the attacker’s task, erecting a deeply echeloned defense in front of him. If an attacker can take advantage of a vulnerability and execute the code, he will have to find the vulnerability directly in the sandbox mechanism in order to bypass it and read the user data.

In Windows Vista, Internet Explorer Protected Mode first appeared, and this is a step in the right direction. In Vista and Windows 7, an exploit against Internet Explorer will be launched in low confidence mode, so it cannot change or damage the system. The most that he can do is transfer your data to the attacker. On the other hand, the Google Chrome browser handles most of the untrusted data as isolated executable processes. If Chrome is running on Vista or Windows 7, these processes will run in low confidence mode, which will further increase the level of security. Reportedly, in Microsoft Office 2010, a non-write mode protected view will appear, similar to Internet Explorer protected mode: it will allow you to run potentially dangerous Office files, such as downloaded from the Internet.

In 2010, Internet Explorer protected mode should appear in Windows XP, because users will switch to Windows 7 as slowly as they did on Vista. Google Chrome has already shifted Safari from third place in the ranking of browsers, and this year there should be a stable release for Mac and Linux. Microsoft Office 2010 will get protected view for files from the Internet. Leopard and Snow Leopard already have a sandbox mode for network services, some background daemons and a QuickLook preview mode for Finder files and Mail attachments.

Your turn, Adobe.

* Dino Dai Zovi (Dino Dai Zovi) is the author of the Mac Hacker Guide and The Art of Testing Software Protection Tools, the first winner of the PWN20WN competition for CanSecWest2007. In 2008, the eWEEK website included Call in the list of the 15 most influential people in the field of security.