GreenBorder
From Ferrous Moon Research
| Error creating thumbnail: convert: unable to open image `/home/ferrous/public_html/wiki/images/3/3c/GreenBorder_Protected_App.png': No such file or directory. convert: unable to open file `/home/ferrous/public_html/wiki/images/3/3c/GreenBorder_Protected_App.png'. convert: missing an image filename `/home/ferrous/public_html/wiki/images/thumb/3/3c/GreenBorder_Protected_App.png/300px-GreenBorder_Protected_App.png'. |
This document is an objective evaluation of the security provided by GreenBorder Pro, a program designed to prevent web browser-based exploits and defend against malicious code execution. GreenBorder is produced by Green Border Technologies, Inc.
GreenBorder will protect Internet Explorer and Mozilla Firefox by default. Some other applications can be protected as well, but some applications will behave strangely when under GreenBorder protection.
Contents |
Claims
The following was retrieved from the GreenBorder website.
Nothing can get in, access your files, or affect your PC!
Think about how much of your life is spent on the Web. In the time it takes to view a Web page, start playing a song, or bring up a game, your PC and files – music, finances and pictures of your kids – could be damaged or stolen. Isn’t it time to know that you’re protected no matter where you go or what you do there? It’s time for GreenBorder Pro.
GreenBorder Pro uses a patented, revolutionary new approach to Web security that protects you from identity thieves and criminals by making your PC, all your files and personal information invisible to any Web-based threat encountered online or hidden in downloaded files. GreenBorder Pro gives you the freedom to safely go to any website, click any link – nothing can sneak in, copy your files, or corrupt your PC – whether at wireless hotspots, at home, on the road or in your office. GreenBorder Pro guards your privacy, providing unique identity theft protection for your files, data you enter online, and for your Web transactions. Safety and privacy, together.
With GreenBorder Pro, you can work with any downloaded content or files received via email, webmail, IM or USB sticks – even if they contain the latest undetectable exploits. It even keeps your PC fast and running longer, preventing buildup from browsing that can slow down and clog your machine. GreenBorder Pro provides true “set & forget” protection that's always current and doesn't require any updates to stay safe.
| Error creating thumbnail: convert: unable to open image `/home/ferrous/public_html/wiki/images/f/f0/GreenBorder_Privacy_Zone.png': No such file or directory. convert: unable to open file `/home/ferrous/public_html/wiki/images/f/f0/GreenBorder_Privacy_Zone.png'. convert: missing an image filename `/home/ferrous/public_html/wiki/images/thumb/f/f0/GreenBorder_Privacy_Zone.png/300px-GreenBorder_Privacy_Zone.png'. |
Evaluation
Test One: GreenBorder's Test
GreenBorder provides their own test here. We figured it would mainly be a marketing ploy, and it partially is. The time it takes to attempt the things it does is unrealistic. It's possible that the idea they are trying to impress upon the average user is that the "exploit" is trying very hard to do the dirty work. And then when you try with GreenBorder, you may believe that the "exploit" tried its best and failed.
However, despite the marketing ploy, what the "exploit" does is quite real indeed. It manages to grab files, passwords, and various other confidential items from the system, and provides proof that it was able to do so.
The five areas that the program attempts to break into are:
- Stealing files. The test grabbed files from the My Documents folder, and then moved them to a folder on the desktop called "STOLEN FILES".
- Spying on keystrokes. As in, keyloggers.
- Searching files. Bank account numbers, credit card information, tax return files, what have you. This program could find them.
- Steal passwords. Internet Explorer's saved passwords list is what this tries to fetch.
- System corruption. The program brought up the Disk Management console as a demonstration of its power.
On the first run of this test, we ran it without GreenBorder. The application allegedly succeeded in exploiting our test system with all five tests.
On the second run, we ran it with GreenBorder. The application allegedly failed to exploit our test system with any of the five tests.
I use the term "allegedly" here, because it's difficult to verify that it really is doing what it says it's doing, except for the "stealing files" item. The results of the first run could be explained by saying that the test program did not detect itself running under GreenBorder and therefore reported success on each exploit, and the results of the second run could be the converse. This test doesn't prove anything yet, so let's move on to our own test.
Test Two: A Bot Installation
We figured we should give one of our homemade programs a shot, to further verify the claims by trying our own exploits. The test program we used was basically our own botnet-style bot. It isn't capable of doing anything dangerous (such as DoS attacks, which botnets are historically known for), but it does do "sneaky" things. It will move itself into the System32 directory, hide itself, and then run as a Windows service.
As expected, when the program was run without GreenBorder protection (it can be manually enabled or disabled for any program), it managed to install itself with the same privileges the user has. It can shut down or restart the computer, or even log the current user off. It can also do things like hide the taskbar, eject the CD tray, and do other such annoying things. It can even download and execute programs from the internet.
However, most interestingly, when run with GreenBorder protection, it failed to do its sneaky installation or anything of the sort. This indicates that botnet bots that are installed through the browser (via a downloaded executable), or manually run with GreenBorder protection will not be installed properly.
This does indicate that GreenBorder isn't just a marketing ploy, and is actually a genuine product. It's certainly a new approach to virus and spyware protection.
Conclusion
GreenBorder does actually satisfy the claims it makes. The test that they provide, while deceptive regarding the time it consumes, does actually do what it claims. GreenBorder did defend the system against our own attack, which shows this software is not a hoax. It seems well-developed, easy to use, and stable.
As such, our final conclusion is that GreenBorder seems to be a worthwhile investment for Windows users.
