Wednesday, October 1, 2008

Sandboxing Is Not What We Do

One of my favorite sources of information and smart advice on the web is InfoWorld and one of my favorite IT writers there is Roger Grimes. So it was a pleasant surprise yesterday when I received a Google alert that Roger had done a review on us.

Unfortunately, the review turned out to be a general review of "sandboxing" products - one that we should never have been included in. Sandboxing is not what we do.

Sandboxing, defined as the attempted creation of a computing environment free of malware, tries to keep certain apps and processes free of malware using various defensive techniques reminiscent of traditional approaches to security.

What we do is entirely different - as Ray Dickenson, our CTO, is fond of saying, we do "reverse sandboxing":

"Authentium’s SafeCentral service delivers secure web browsing even on computers that are compromised with data-stealing malware."

In other words, SafeCentral allows consumers to safely bank or transact from computers that teenagers have downloaded horrible, horrible things onto.

This is poles apart from most defensive strategies and traditional approaches, such as walled garden-style sandboxing - and in my view, is much closer to what consumers need.

Note: I'm not negative on sandboxing as an approach. All security technologies have a role to play and there are some outstanding sandboxing technologies - Prevx being one such example. But what these guys do and what we do is very different.

IT folks - and marketing executives - looking for complimentary approaches should consider the virtues of both - our approach, and the approach of the sandboxing companies. I happen to think "reverse-sandboxing" is a much more consumer-friendly and effective approach to keeping folks safe.

Note: If you'd like to learn more about why SafeCentral is different, Ray's white paper on Reverse Sandboxing can be downloaded from here - please scroll to the bottom of the page for the link.

No comments: