Malware invades your window systems through applications. Most risks are created by internet applications: browser, email partners, chat partners, file sharing software, and that is not all. That is because these applications communicate directly with the insecure internet. Office, too, has presently internet connectivity and is, as we know, sensitive to macroviruses. You can keep these threats under control by installing good security software: anti-malware software or internet security suites.

The problem with anti-malware software is, however, that it is based on signatures. New malware, the signature of which isn't widely known yet, is not recognized. In some cases, additional check-ups, for instance for a modification of certain system files, prevent another contamination, but you can never be sure of it. Depending on the frequency at which the anti-malware producer does its updating, it still may take 3 or 4 hours before new signatures are active. All this time, the PC is vulnerable.

Virtualization
The idea to have internet applications, in particular those that are sensitive to malware, run in a virtual environment or "sandbox", is not new. More than 10 years ago, we tested eSafe Protect, that already used a similar concept. More recently, we also encountered a restricted sandbox among Norman 's the antivirus software. With BufferZone, Trustware goes one step further. The idea is to isolate a complete application within a virtual environment: if it contains malware, it cannot intrude other parts of Windows. Even malware that is absolutely not recognized or stopped by traditional security software, cannot do any harm. On Trustware's website you can try it by downloading BufferZone for free. With this device you can, for free, virtualize one application. BufferZone Enterprise, which is discussed here, secures all PC's in a network via a new Group Policy Object in Windows.

BufferZone isolates the operating configuration and data of the user's applications. Users will install all new programs in the virtual environment, unless this software originates from their IT-department and therefore is reliable. Software running in the virtual environment cannot change in any way the operating desktop. Users may, however, try and use the software without any further restrictions, but as soon as the virtual environment is shut off, the software is eliminated too.

Advantages and disadvantages
The main advantage of the virtual environment is, of course, its isolation. BufferZone isolates the virtual environment completely, and spyware in a virtual environment cannot access network volumes or non-allocated hard disk data.

A second advantage is that the virtual environment gives the users larger freedoms. In order for a regular Windows desktop to be secure, it must be firmly closed, so that a regular user almost is not allowed to do anything. For small and medium-sized enterprises, another advantage is the greater security, as long as no great restrictions are imposed on their users. But that is exactly what larger enterprises usually do.

Advantage number three is the reduction in maintenance needs. With a virtual environment, the malware is eliminated as soon as you shut down the virtual environment.

Advantage number four is the easy use. BufferZone is able to determine automatically which applications must be virtualized, even if you started them in the regular way in Windows. This applies also to parts of applications.

A virtual environment uses more memory and more processor time. You need, then, a sufficiently powerful PC.

Group policy
Bufferzone uses a Group Policy Object (GPO) for centrally managing the settings of the BufferZone clients. The network manager has to perform this installation manually by copying the policy management file on the right place in the Windows system directory structure, and then provide the group policy with the required settings.

BufferZone can be set so as to run fully automatically, and in that case it moves all the unknown programs into the BufferZone right from the start. In case you are in doubt, you can also switch to a completely virtual desktop. The regular desktop will then be called the "secure" desktop. You will be able to switch from the secure desktop to the BufferZone desktop and vice-versa, whenever you wish. If the BufferZone desktop is active, everything you are doing in it is subject to the BufferZone policy.

The system is userfriendly, but does not say what malware is and what is not. It is, therefore, a good idea to switch to automatic security, although this may slow down the system to some extent.
In practice
We tried the well-known free mp3-player "FreeMP3Player", which introduces some hundreds of malware components into your system when you install it. We started it in the secure BufferZone desktop and let it do its job. Afterwards we switched back to the secure desktop and emptied the BufferZone. Then, we performed a check-up on the secure desktop. We had done so, too, prior to the installation of the BufferZone, and of course everything was malware-free. The malware check we did afterwards, however, showed some five main malware groups, but fortunately they appeared to be empty directories. The malware was, indeed, completely removed from the system.

Conclusion
The concept of a virtual environment in order to perform insecure applications is a good one. According to our trial, it appears that BufferZone does really block the most vicious parasites. Yet, the question remains if the price is worth it as compared to the cost of an excellent anti-malware package.

Product info
Product: BufferZone Enterprise
Producer & supplier: Trustware Ltd., IL; tel. +972 3 644 4012; www.trustware.com
Recommended price (without VAT): $2899 (100 licenses, $580 annual maintenance contract); $16999 (1000 licenses, $3400 annual maintenance); $120999 (10.000 licenses, $24200 annual maintenance)
System requirements: terminals and console Windows XP SP2+, Pentium III 400 MHz, 20 MB-free hd-space, 128 MiB RAM; server Windows 2000/2003, Pentium III 800 MHz, 20 MB-free hd-space, 128 MiB RAM, Microsoft Active Directory.

The Core
·          Running malware-sensitive applications in a virtual environment is a good idea.
·          BufferZone screens malware adequately, but is expensive.