Highlights

Google gets into the security business with GreenBorder Technologies

by  •  • Comments Off

I was wondering why my post about GreenBorder Technologies was receiving so many hits today, until I read that Google bought the company. GreenBorder separates the Internet into trusted and untrusted locations. If you are trusted (as pre-defined by the user or admin), you have standard access to resources and your session is surrounded by a green border.

If you are untrusted, the web browser virtualizes the file system and registry so that any attempted malware infestation infects the virtual environment. It is important to note that the virtual environment is still infected and any work you perform in that environment including, for example, personal banking that you haven’t predefined as trusted through the software is still susceptible to compromise.

The beauty of GreenBorder is that you can kill the session and kill the malware (sort of like "save the cheerleader, save the world"… okay, not really). If you maintain some sort of persistent session, the malware remains active within that virtual environment. Keep in mind that killing the session kills everything – including cookies and saved files that may exist.

I guess what I am saying is that the idea is to really understand the difference between websites you trust and websites you don’t trust. In addition, you should hope that the websites you trust are trustworthy, because your normal system is still at risk.

So what will Google do with GreenBorder? Here are some ideas:

1) Compete with EV certs by assessing trustworthiness based on some heuristic formula rather than a standard set of background checks.

2) Set the stage for "trusted" connections and Software-as-a-Service (SaaS) environments that are distributed throughout the Internet. I often wonder when we will get to "gated communities" on the Internet and this could be the beginning. (Note also that this sounds vaguely NGSCB-like).

3) Create an initial, predictable "clean room" within which to operate its traditional browser toolbars.

4) A bit more farfetched (perhaps not doable): virtualize the environment to some Google resource so that Web configs, settings, files, (hmmm, OS?) are saved externally on the Web. (Note that we already have companies like RedCannon that are doing this to USB sticks).

With all the hoopla surrounding Web 2.0 security, this seems like a prudent purchase for Google. What will be interesting to see is whether it decides to charge for the software or simply considers this the infrastructure cost to further its current business models. Note that it is unlikely that GreenBorder cost a lot – I think they have been through at least three senior management changes in the past five years or so.

Neat stuff. Will be very interesting to see what a company with Google’s muscle can do with it.