GreenBorder Pro

Most software that protects against malware uses a signature-based approach that tries to catalog all bad software so that it can be recognized. This has become an incredible challenge as the pace of malware creation quickens.

GreenBorder Pro from GreenBorder, Inc. takes a different approach, running programs and files that come from untrusted sources inside a "sandbox" that walls them off from the rest of the system. This makes it ideal for use with the notoriously insecure Internet Explorer.

Once GreenBorder is installed, it takes a snapshot of your system setup when it starts. Any program run inside GreenBorder makes its changes only to that snapshot, not to the actual system configuration. Even if an attacker is able to use an exploit that could potentially compromise system files, those changes are made only to the copy. As soon as you exit and reset GreenBorder, the changes disappear.

GreenBorder's tray icon provides status indications and a menu for changing options. A green border around any Internet Explorer window that you launch indicates that protection is in effect.

Working In GreenBorder
You do have to get used to how GreenBorder operates. For example, when you browse with GreenBorder in Internet Explorer, it silently blocks the installation of ActiveX controls such as the Macromedia Flash viewer. This can be somewhat confusing, since there is no information about why the installation failed.You can overcome this problem by running an unprotected IE session and installing the ActiveX control. Once the ActiveX control is installed it can be used from within GreenBorder sessions, since it will then be part of the baseline snapshot that GreenBorder uses.

If you download a program and save it to disk while using GreenBorder, the protection extends to the downloaded file. To indicate that protection is active, you will see a green border around the icon for the file. When you launch the file, GreenBorder's tray icon will report that the program is being run with protection.

In most cases that means a setup program will not have the required privileges to make system changes, and it will fail to install -- good news when the program is malicious. If you're sure the download can be trusted, you must right-click the file, select Remove GreenBorder Protection, and re-run the .EXE file.

In The Privacy Zone
For even more protection, GreenBorder offers a Privacy Zone option that can protect data such as cookies, form entries, or cache files from being available to anyone but the site you want to use them at.

When you start a Privacy Zone session in Internet Explorer, a yellow border appears around the browser. You can then visit the site (say, an online banking or brokerage service) and enter whatever data you need to. By clicking a button or simply closing the browser, GreenBorder will remove any browser data that was accumulated during the session.

Although GreenBorder works best with Internet Explorer, the company's online help offers an "unofficial" way to use GreenBorder with Firefox 1.5. You right-click the Firefox icon and select "Add GreenBorder Protection" and the icon then gets a green border around it to indicate that Firefox will be started in GreenBorder. Although there was no green border around the browser itself, it seemed to work fine -- for example, extensions I installed with GreenBorder protection enabled were not visible in an unprotected Firefox session, and disappeared as soon as GreenBorder was reset.Conclusions
GreenBorder doesn't try to make judgments about good and bad; it just blocks software behavior. This avoids the pitfalls that most antivirus and antispyware programs suffer with unknown or unrecognized threats, since GreenBorder does not depend on signature files to recognize a threat or determine what action it should take. However, this approach still leaves users open to attacks such as social engineering or phishing that depend on flawed human judgment to initiate action.

Most users shouldn't replace their other security measures -- firewall, antivirus, antispyware -- with GreenBorder, but instead use it as another layer of protection. With that in mind, the $50 annual subscription is a bit high. However, the company is offering a free one-year subscription to the first 10,000 users. The offer is still available at the moment, so it's worth signing up to try it yourself.