"SVS [...] virtualizes individual applications, installing them in packages that remain separate from a machine's registry."

SVS seems to reinvent what user accounts already do on Windows. At least, what non-admin accounts already do on Windows, that is, isolate the app from the operating system itself. Even the Explorer shell and IE are isolated from the OS in this manner. Want new settings? Log on with a different non-admin account.

HP is telling me here that they don't trust Firefox to play nicely. Or they're assuming that their users are going to run Firefix (sic, heh heh) as admin. This might be a valid assumption, but it's still the wrong solution to it.

Guess I'm the first person to state what a bloody great idea I think this is!!

Wonder if I'm overreaching by suggesting that this could very well spell the death of malware?

Sounds promising...

Separate from a machine's registry? As if it didn't need one to run an application? What kind of operating system could do that?

Sounds similar to Softricity to me :)

Actually it says a lot about HP (and any admin) confidence in Windows user accounts. I agree - the functionality offered by SVS should be a part of the base OS. However, as we all know it is there only on paper. In reality, MSFT has continuously failed to deliver.

Surely this is the sort of security that should have been present from genesis?

The fact that applications can litter every part of my system, linger after uninstalls, alter the registry and system folders is wrong.

They should all be contained within one directory alone per program, and easily reset and removed.

i welcome etc.

It's ok as a concept but I have a number of criticisms of SVS

Firstly that version of Firefox is 1.5. So we're running a slow and obsolete browser in a virtual sandbox. Presumably that won't be running particularly quickly then...

Secondly, technology like this should be open source. Something as useful as SVS would benefit from being developed by a large community rather than a small firm - so that bugs can be ironed out asap, so that exploits and vulnerabilities can be detected and fixed asap. Closed source we only have their word for it that the application is running in a sandbox...

Thirdly it appears to be the case that you can only use applications that have been pre-packaged for the SVS - it doesn't seem to be possible for example to install an SVS container then install Microsoft Office into that container. This would be useful as MS Office is so vulnerable to attack that it would surely benefit from being installed in as tight an environment as possible - especially one which can be reverted back to original state when bad things start to happen as they invariably do.

Still it's a brilliant idea and hopefully as others have said will spell the beginning of the end for certain types of malware

Hey, guess what. HP have just re-invented the chrooted environment.

We've been doing this in UNIX land for 30+ years.

Nothing is really new nowadays. Especially my coat!

"this could very well spell the death of malware?" ... not while IE exists in a windows environment, full stop.

This is fixing the symptom not the cause, poor system security patched by running a virtualised sandbox. Did they get this idea from the iPod 'jailbreak' concept perhaps.

This sounds great to me for one reason - admin access. Have a program that refuses to work without admin access? No problem, user logs on with their own limited credentials and the admin access program runs riot quite happy in its own sandbox.

Paris, her sandbox often runs riot.

This just sounds like a chroot, something unix systems have had and taken for granted for years...

Why is windows always last to get features that were basic and standard in any other os? and even then often implemented by a third party...

...some real protection for the PC. The OS has been so piss poor in the past at protecting the PC (except in the early days). I guess the fact that all these stupid modern browsing features that allow access to plug-ins and worse still, write to files is the real problem. Lets hope HP open sources it so we can all benefit.

Thinstall have been doing this for years... and Symantec/HP think it's news? App virtualisation arrived a long time ago. Get with the program, HP.

Not new- some existing implementations are:

http://www.sandboxie.com/

http://www.trustware.com/

doesn't mean it's not a good idea, though :)

Sounds good to me. Well done HP for making up for MS's shortcomings.

I agree with Ed that the OS should be protecting itself from the user, but the average home Windows user runs as administrator anyway and even restricted Windows users seem to be able to install things they shouldn't (my old man managed to install a questionable dial up connection from his restricted XP account!)

I've not used SVS but have used OS virtualisation products and the only thing I'd be worried about is if the virtual app was running a lot slower than the 'native' version and hogging excessive memory.

I've been using www.sandboxie.com to do this sort of thing for ages.

Agreed, this is the lazy answer which tech people will laugh and point at. But, you are forgetting that many of the HP "corporate PCs" end up being sold to smaller businesses and the public via such websites as Amazon and DABS. And most of those small businesses and private users don't have a clue about M$ security. I have seen small businesses with a dozen desktops/laptops, no central fileservers so no centralised management, and everyone their own XP login as an administrator account. For companies like those, anything that automates or adds security without requiring an invetsment in time and resource in learning better techniques is a boon. Susprised that Symantec/Mozilla let HP use it as an exclusive but then it has given it some nice publicity.

It sounds funny, but your categarisation of virtualised applications and machines as non-existent is a bit of a misnomer surely? Since ALL software is really just bits of data in transit, running those in a virtual layer instead of within the host operating system isn't really fundamentally changing their state of existence is it??

Perhaps the headline should be 'large company copies some software which has been around for ages'

I've been using a program called Sandboxie for a while now which does exactly the same. You can run any app you want in a sand box & it can only read files from your hard drive. All new files which are written go in to the sand box. If you want to keep a file you have to go in to the sand box and move it out yourself.

So Symantec have finally copied it & HP are installing it as standard on a new laptop, whoop-de-do. I bet like all toher Symantec crap it's bloated & slow to run.

An application in a sandbox? that would be local application streaming then. Hardly news is it? Nice work by the marketing department though

Can we mebby not get Firefox but in Spanish for only 0.01euro?

For other OS's: not required.

as a user of norton 360 2.0 they need to create a module for the home pc that would be great!!

Right lets get this in before anyelse.

"Why did they pick FF? Oh yes, the source is available to POC this little idea, unlike closed source IIE!"

Fantastic idea, sounds like a great way to stop little Johnny from click-click-clicking Mum and Dad's PC into malware oblivion. Of course they could run Linux/MAC to stop it in it's tracks....

I agree with DrewHew, this seems like a very sound idea. I am not uber-tech so I may not be following this correctly, but this must mean that all the Web 2.0 crap shiny nothingness so beloved of FBook and it's kin can run safely. I for one welcome our crap shiny nothingy overlords so long as they don't screw us from behind with malware et al and reduce browsing speed to a crawl.

... to fix the problems of the Windows registry. What a engineering disaster that thing is. Somebody had one good idea and then implemented it just as poorly as they possibly could.