Malware is a growing problem for both consumers and enterprises. Many have tried to defend against this growing threat, but malware authors are relentless in producing new ways to deploy, infect and harm the PCs of those they target. It’s an ongoing problem that requires vigilant individuals to remain at the top of their game.
To keep up with the rise of malware, Comodo is looking beyond traditional sandbox methods.
“Malware always starts out as an unknown file,” said John Peterson, VP of enterprise product management at Comodo. “The rate of unknown files is so high that it just doesn’t work anymore to try to do a blacklisting or signature-based approach.”
Peterson shared Comodo’s strategy with Richard Stiennon at the 2016 RSA Conference in San Francisco. He said his firm is taking a new approach to malware, which is very clear on how known files (good and bad) should be treated. The challenge comes in dealing with unknown files.
“Once run in a sandbox, you might identify whether it’s good or bad, but during that whole period and process of analyzing the file, patient zero could be infected,” Peterson warned. “We actually eliminate patient zero from having to get infected. We take unknown files and we put them in a container, so that container allows the unknown file to run and execute. You can interact with it because it could be unknown good. But it also could be unknown bad, so we isolate it from the rest of your computing environment.”
Click on Anything
Peterson said that users are able to click on and download anything without fearing their computer systems will be compromised.
“The application or PDF or EXE that you’re actually downloading gets run in isolation,” he said. “It has a separate set of CPU processing that it’s allocating and a separate file system that it’s restricted to. It can only make certain calls to certain places in memory, rendering your computer immune to any kind of malware that might be brought into your environment.”
Sandbox Technology Still Holds Value
Comodo may be going above and beyond sandbox technology, but Peterson said there’s still a place for it in the world of security.
“Clearly there’s an opportunity for us to displace it, but I think there’s also opportunity for us to augment it,” said Peterson. “If customers have chosen a sandbox solution and they want to stick with that, they can – and they can augment that sandbox technology with our containment technology. Containment technology is like a cousin to sandboxing. Sandboxing is analyzing a file to determine its true state, whereas containment is actually putting a file in a container and allowing you to interact with it while keeping it isolated from the rest of your computing environment. We do both.”