HP is now offering desktop PCs with virtual web browsers. Today, the hardware maker unleashed the HP Compaq dc7900, a business desktop with a version of Firefox that isn't really there. Developed in tandem with Symantec, the Firefox for HP Virtual Solutions browser operates in a runtime netherworld that's separate from the rest …
This says something about HP's confidence in Firefox
"SVS [...] virtualizes individual applications, installing them in packages that remain separate from a machine's registry."
SVS seems to reinvent what user accounts already do on Windows. At least, what non-admin accounts already do on Windows, that is, isolate the app from the operating system itself. Even the Explorer shell and IE are isolated from the OS in this manner. Want new settings? Log on with a different non-admin account.
HP is telling me here that they don't trust Firefox to play nicely. Or they're assuming that their users are going to run Firefix (sic, heh heh) as admin. This might be a valid assumption, but it's still the wrong solution to it.
But really, this is a problem with the OS that's just being solved like this. The OS should be responsible for ensuring that browsers (and other apps) aren't able to access things they shouldn't...
This is wicked!!
Guess I'm the first person to state what a bloody great idea I think this is!!
Wonder if I'm overreaching by suggesting that this could very well spell the death of malware?
Separate from a machine's registry? As if it didn't need one to run an application? What kind of operating system could do that?
Well done HP...
... for trying to solve some of the shortcomings of the OS.
Hasn't this been done before?
Sounds similar to Softricity to me :)
Re:This says something about HP's confidence in Firefox
Actually it says a lot about HP (and any admin) confidence in Windows user accounts. I agree - the functionality offered by SVS should be a part of the base OS. However, as we all know it is there only on paper. In reality, MSFT has continuously failed to deliver.
Surely this is the sort of security that should have been present from genesis?
The fact that applications can litter every part of my system, linger after uninstalls, alter the registry and system folders is wrong.
They should all be contained within one directory alone per program, and easily reset and removed.
i welcome etc.
it's ok but...
It's ok as a concept but I have a number of criticisms of SVS
Firstly that version of Firefox is 1.5. So we're running a slow and obsolete browser in a virtual sandbox. Presumably that won't be running particularly quickly then...
Secondly, technology like this should be open source. Something as useful as SVS would benefit from being developed by a large community rather than a small firm - so that bugs can be ironed out asap, so that exploits and vulnerabilities can be detected and fixed asap. Closed source we only have their word for it that the application is running in a sandbox...
Thirdly it appears to be the case that you can only use applications that have been pre-packaged for the SVS - it doesn't seem to be possible for example to install an SVS container then install Microsoft Office into that container. This would be useful as MS Office is so vulnerable to attack that it would surely benefit from being installed in as tight an environment as possible - especially one which can be reverted back to original state when bad things start to happen as they invariably do.
Still it's a brilliant idea and hopefully as others have said will spell the beginning of the end for certain types of malware
Sound familier to UNIXers?
Hey, guess what. HP have just re-invented the chrooted environment.
We've been doing this in UNIX land for 30+ years.
Nothing is really new nowadays. Especially my coat!
"this could very well spell the death of malware?" ... not while IE exists in a windows environment, full stop.
This is fixing the symptom not the cause, poor system security patched by running a virtualised sandbox. Did they get this idea from the iPod 'jailbreak' concept perhaps.
I think this is a great idea
This sounds great to me for one reason - admin access. Have a program that refuses to work without admin access? No problem, user logs on with their own limited credentials and the admin access program runs riot quite happy in its own sandbox.
Paris, her sandbox often runs riot.
This just sounds like a chroot, something unix systems have had and taken for granted for years...
Why is windows always last to get features that were basic and standard in any other os? and even then often implemented by a third party...
...some real protection for the PC. The OS has been so piss poor in the past at protecting the PC (except in the early days). I guess the fact that all these stupid modern browsing features that allow access to plug-ins and worse still, write to files is the real problem. Lets hope HP open sources it so we can all benefit.
Firefox is great, turfers are shite
"HP is telling me here that they don't trust Firefox to play nicely. "
If Internet Explorer is safer then why didn't HP offer Internet Explorer as their safe solution? Your logic is of the same quality as the logic used to design Internet Explorer, take that how you will. :)
Thinstall have been doing this for years... and Symantec/HP think it's news? App virtualisation arrived a long time ago. Get with the program, HP.
not a particularly new concept.
One of my friends, who ran a cyber cafe, used to have everything running in a virtual machine. No matter what was done to them by the customers, they would revert back to a pristine state every time they were restarted.
sandbox apps are going to be the shape of things to come
web based apps were always going to be a non starter for the simple reason that it gave no consumer advantage, sandboxing however, particularly connected apps. now this has real potential
punctuation? no thanks!
..and everything under the sun
Not new- some existing implementations are:
doesn't mean it's not a good idea, though :)
Sounds good to me.
Sounds good to me. Well done HP for making up for MS's shortcomings.
I agree with Ed that the OS should be protecting itself from the user, but the average home Windows user runs as administrator anyway and even restricted Windows users seem to be able to install things they shouldn't (my old man managed to install a questionable dial up connection from his restricted XP account!)
I've not used SVS but have used OS virtualisation products and the only thing I'd be worried about is if the virtual app was running a lot slower than the 'native' version and hogging excessive memory.
I've been using www.sandboxie.com to do this sort of thing for ages.
RE: Gordon Fecyk
Agreed, this is the lazy answer which tech people will laugh and point at. But, you are forgetting that many of the HP "corporate PCs" end up being sold to smaller businesses and the public via such websites as Amazon and DABS. And most of those small businesses and private users don't have a clue about M$ security. I have seen small businesses with a dozen desktops/laptops, no central fileservers so no centralised management, and everyone their own XP login as an administrator account. For companies like those, anything that automates or adds security without requiring an invetsment in time and resource in learning better techniques is a boon. Susprised that Symantec/Mozilla let HP use it as an exclusive but then it has given it some nice publicity.
So the main trick is virtualisation of the registry?
Have I understood that correctly? If so then it sounds like a neat trick (I guess it amounts to running one user's applications on another's desktop?), but a bit Windows specific. Would a similar approach be useful on OS X or whatever, or is it mostly to address the manifold issues with the Windows registry?
"SVS seems to reinvent what user accounts already do on Windows. At least, what non-admin accounts already do on Windows, that is, isolate the app from the operating system itself. Even the Explorer shell and IE are isolated from the OS in this manner. "
You seem to be missing the point somewhat. If your HKCU hive is fooked then it's not just one app that's fooked, potentially it could be all your apps. The solution to this could be deleting the whole user profile, and then restoring all the bits you need to keep. Hardly something your average end user would want to do frequently.
"Want new settings? Log on with a different non-admin account." Great solution. Your average non technical user will be perfectly happy setting up multiple user accounts and switching between them at will, while still managing to share things like the My Documents folder between these accounts.
It's not a flawless solution, however it does go some way to addresses the problems inherent in Windows and it's horrible, horrible, horrible registry.
As already mentioned, this is a job for admin rights.
Even though, I run in Admin all the time using windows, too much hassle to mess around every time I need something, and at the end of the day, reinstalling a machine (I got better options for that, cloning) takes very little time.
Will this help us when checking them dodgy downloads? (virtual box, its free)
It sounds funny, but your categarisation of virtualised applications and machines as non-existent is a bit of a misnomer surely? Since ALL software is really just bits of data in transit, running those in a virtual layer instead of within the host operating system isn't really fundamentally changing their state of existence is it??
Perhaps the headline should be 'large company copies some software which has been around for ages'
I've been using a program called Sandboxie for a while now which does exactly the same. You can run any app you want in a sand box & it can only read files from your hard drive. All new files which are written go in to the sand box. If you want to keep a file you have to go in to the sand box and move it out yourself.
So Symantec have finally copied it & HP are installing it as standard on a new laptop, whoop-de-do. I bet like all toher Symantec crap it's bloated & slow to run.
Spin spin spin!!!!
An application in a sandbox? that would be local application streaming then. Hardly news is it? Nice work by the marketing department though
Can we combine it with the Dell offer?
Can we mebby not get Firefox but in Spanish for only 0.01euro?
For Windows Only !
For other OS's: not required.
need a consumer version now
as a user of norton 360 2.0 they need to create a module for the home pc that would be great!!
Perfect for an Anti-MS dig!
Right lets get this in before anyelse.
"Why did they pick FF? Oh yes, the source is available to POC this little idea, unlike closed source IIE!"
Fantastic idea, sounds like a great way to stop little Johnny from click-click-clicking Mum and Dad's PC into malware oblivion. Of course they could run Linux/MAC to stop it in it's tracks....
This is wicked!! 2.0
I agree with DrewHew, this seems like a very sound idea. I am not uber-tech so I may not be following this correctly, but this must mean that all the Web 2.0 crap shiny nothingness so beloved of FBook and it's kin can run safely. I for one welcome our crap shiny nothingy overlords so long as they don't screw us from behind with malware et al and reduce browsing speed to a crawl.
title says it all. owned by vmware now. I use it all the time for the same reason and/or portability of apps.
HP engineers finally let world+dog know where they kept their heads while sandboxie got up to release 3.30.
Yeah, you got it. In the sandbox.
On the other hand, since it's already been available for a while, there are ample margins for early birds to be granted a patent for it by USPTO.
It's running in a chroot..... so whats new about that? You could also single serve the app from an isolated RDP/Citrix/SeamlessRDP/X11 server and just have it auto-format every night.
You could run your workstations on live CDs....or heaven forbid...thin clients!
Yes, you are. As long as stupid people are allowed to use computers, there will be malware, viruses and phishing.
Is it not the same as
just using Portable Firefox on a USB Stick? Or even using Portable Firefox in a Folder on a PC?
Maybe I am just missing something
This is revolutionary!
Wait a sec! ...
man 4 jail
I too use Sandboxie
And I have had about 2 dozen of my users and clients using it without major incident for about 3 months. What I particularly like about it is the configurability (like being able to give access rights selectively to trusted programs) and the option to run ANY program inside the sandbox - which means you can test for nasty side effects before it screws up your system.
Only last night, ferinstance, I used it to test what RealPlayer 11 wanted to install on my system before I let it do so for real. (Answer: 1217 files in about 100 new locations, most of which were utterly unnecessary)
So now we know what it takes
... to fix the problems of the Windows registry. What a engineering disaster that thing is. Somebody had one good idea and then implemented it just as poorly as they possibly could.