Why Browse with Trust is Needed
Google® maintains a list of websites that serve malware to users browsing the site. Nearly 500,000 sites are on the list, many of which are legitimate sites that have been subverted by hackers. Most of the sites do not need the user to make an unwise choice to download malware to your browser.
How Does BWT Protect You?
Isolation vs Detection
Other products rely upon detecting behaviors or signatures to prevent an attack. This has proven to be unreliable and it only takes one miss to suffer a very costly attack.
BWT does not attempt to detect bad stuff. It is not dependent upon guesswork but provides its protection 100% of the time.
How is it Better Than Other Similar Products?
BWT is the only safe browsing product that allows users to download and safely open documents on their Windows PC with the applications they use everyday.
Multiple Layers of Protection
BWT incorporates three independent layers of protection from cyber-attacks.
The BWT application is “stateless”. If malicious mobile code downloads to your BWT browser, it cannot make changes to the underlying system and it is discarded at the end of your browsing. Each time BWT starts, a “gold” image is loaded.
Do not believe other product claims that they can detect and terminate bad code executing in their safe browser.
BWT does provide a "secure compartment" for long term storage of downoaded documents and browser settings like bookmarks. But, it does not allow modification of the BWT software image.
The BWT application executes in a “virtual machine” from which it cannot address the rest of your PC's memory. This prevents cross application “code injection”, a trick used by zero-day malware to take over applications in order to gain privilege escalation. This, in turn, allows the malicious code to modify the system space of your PC so it executes every time you boot up.
BWT spatial isolation also prevents “RAM scrapping”. This technique is used by malware to search for in memory important information like passwords, credit card numbers and even encryption keys.
Hypervisors used to run virtual machines are complex applications and contain vulnerabilities waiting to be exploited by malware. For instance, malware called “cloudburst” was able to break out of a VMware VM and gain persistence on the underlying host.
BWT includes AGsec, a patented technology from Blue Ridge Networks that creates a “trusted enclave” container around the BWT hypervisor and the operating VM. If malware found a flaw and attempted to break out of the BWT VM, it would be stopped from altering the underlying host Windows OS.
Functional Isolation – Reduced Attack Surface
The three layers of protection outlined above, achieve functional isolation of the BWT browser. It does one thing, browsing, and is totally isolated from the rest of your PC. As a result it presents a minimal “attack surface” to the Internet. This very much reduces the likelihood of even the very first stage of an attack gaining a foothold in your PC. Combined with the multiple independent protection layers, your PC is orders of magnitude safer and you can browse the Internet without worry.
The technology in BWT was developed by Blue Ridge Networks, a cyber-security products and services company for over 15 years. Experts will tell you that it is not possible to prove a system secure only to prove it is not. Blue Ridge products have never failed to protect the important business of our customers. We certainly do not claim perfection but we know of no other company that has been as successful at stopping bad things from happening.
What Types of Attacks Will It Not Prevent?
As described above, we are confident that BWT is by far the best product available for safe Internet browsing. But, there are a near infinite number of ways that bad people can attempt to steal your money, your private information and your peace of mind. BWT is designed to make you safe from the most prevalent attack vector, your Internet browser.
But, it will not protect you from the following types of attack:
Malware, which enters your PC not through BWT. This includes email attachments opened in your Windows mail reader, like Outlook and documents imported from a USB storage device or CD.
Internet connected applications on your Windows PC, like Skype or instant messaging applications have been used to spread malware.
To protect from the above types of attack, please consider using AppGuard® from Blue Ridge Networks.
A broad class of attacks called “cross-site scripting” that take place in your browser without trying to harm your PC. For instance, malicious software on a web-server may redirect your browser to a bogus website that pretends to be your bank, in the hope you will enter your account number and password. This can happen in BWT as well as any other browser.
Blue Ridge is developing extensions to Browse with Trust to mitigate these server-side attacks for applications like online banking and secure cloud access.