As predicted by researcher Dino Dai Zovi in these pages in January, 2010 turned out to be the year of the sandbox. Attackers for years have been focusing their attention on browsers and other Web apps and using them as jumping off points for further attacks on compromised PCs. Vendors finally began to take notice and implement sandboxes in their products. The technology prevents attackers from using bugs in the browser or Reader to break out of that application and move to another app or the operating system itself. Google added a sandbox to its Chrome browser; Adobe released Reader X, which includes an integrated sandbox; and Google and Adobe teamed up to implement a sandboxed version of Flash in Chrome, as well. Microsoft has had a limited sandbox, known as, in Internet Explorer for some time and many customers and researchers applauded Adobe’s and Google’s moves to bring the technology to bear as well.
The Year of the Sandbox
Author: Chris Brook
As predicted by researcher Dino Dai Zovi in these pages in January, 2010 turned out to be the year of the sandbox. Attackers for years have been focusing their attention on browsers and other Web apps and using them as jumping off points for further attacks on compromised PCs. Vendors finally began to take notice and implement sandboxes in their products.