I was quoted in a recent article about Green Border. I think their approach is fairly unique and can be a bit confusing, both to understand and describe. Here is how the reporter characterized what I said in Information Week:
The GreenBorder software is notable because it can work with a wide range of networking products and standards and monitor a variety of network traffic, says Peter Lindstrom, an analyst at IT security research firm Spire Security. He says the approach of setting up a duplicate network and operating environment for untrusted traffic, while allowing trusted traffic to make its way to the real network, is unusual and appears to be effective. Says Lindstrom: "The untrusted information is reduced to shadow boxing, and nothing happens."
That is not how I think about Green Border. The article has much more of an emphasis on the network, when, in fact, Green Border operates on the client endpoint. It uses predefined network sources (coarse or granular, based on IP ranges) to determine whether it should trust the program and its data. In the case of untrusted programs (as in general web browsing) it creates a virtual system (surrounded by a green border, get it?) that contains any infection, like spyware affecting registry, installing browser helper objects or keyloggers, etc.
The net effect is to ensure that any untrusted sources get virtualized resources that do not affect the real system.
Thanks for the clarification!
The IW article didn’t shed much light on the product – but I could tell it offered more than what they had described.