Brave VMs to destroy themselves, any malware they find on HP's new laptop

[Solarquest]

1 like = 1 prayer for pre-baked Bromium virtualization tech
HP has announced plans to integrate Bromium's virtualization technology into a laptop as a defence against malware.

The soon-to-be-launched EliteBook x360 1030 G2 will feature virtualisation-based security built in to the hardware in the form of a feature called Sure Click, which will go on general availability in Spring. The tech was launched at RSA Conference.

Sure Click means that each tab launched in either Chrome or Internet Explorer will launch as its own, fully contained micro-VM. If a malicious site is visited, all users have to do is close the tab, destroying the virtual machine and the malware along with it. The technology is designed to prevent the malware escaping a micro-VM.

The technology is built in, so there are no add-ons to install or added costs. HP Sure Click will debut as a web download for the HP EliteBook x360 1030 G2 in Spring 2017 and will be available as a standard feature on Elite PC platforms launching in the second half of the year.

 

[Like a Western!]

sounds interesting!

Thanks for Share it with us

 

[Ink]

Most VM-based software is heavy on resources and performance, is this the same for the HP EliteBook? And is this Enterprise only?

@Mr.Pr Further information: HP partners with Bromium, releases HP SureClick to secure IE and Chromium

"Bromium technology in the form of HP SureClick that is built-in to the OS to protect users from themselves.
Unlike the full Bromium product, SureClick is limited to browser-based threats. It supports Internet Explorer and Chromium (Chrome is not yet supported, though they are working on it), which are by far the most popular enterprise browsers.
Users of Microsoft’s Edge browser on Windows 10 are already protected to some degree via a partnership between Microsoft and Bromium."
​

 

[Wingman]

Great News- Bromium is an awesome product. It's a Pitty that it doesn't support Firefox yet (They are working on it AFAIK)

I hope HP will give users the same visibility in analysis and logs that the full product has

 

[vemn]

Quite a cool technology for containing web-based threats but yeah I will like to hear more about their performance..

 

[Wingman]

Quite a cool technology for containing web-based threats but yeah I will like to hear more about their performance..

We use it for remote users and they do not see any performance hit (that is for web browser and other files as well ). The microvm will fire where required and job done.

 

[vemn]

We use it for remote users and they do not see any performance hit (that is for web browser and other files as well ). The microvm will fire where required and job done.

Question question.... apart from downloads and URL inspection, there's components of memory or process inspection as well I Guess? Will it cause false positive on intranet apps?

 

[vemn]

Question question.... apart from downloads and URL inspection, there's components of memory or process inspection as well I Guess? Will it cause false positive on intranet apps?

Hmmm on second thoughts... kinda lousy qn to ask for False Positive. Haha I take it back.
Well I Guess it's good for remote users since they are the toughest piece to manage in Organization. Lol

 

[DeoAmit]

I sense Bloatware!

Earlier today I was working on a customer's Dell laptop and found some sort of a Dell "Support ecosystem' built into it. There were countless Dell this-Dell that apps preinstalled on the machine with multiple running processes (including numerous running as system services) supposedly to make it easier for Dell techs to "troubleshoot" stuff. It bothered me to even look at all that junk running in the background. All that running stuff would easily sap at least 20% of peak machine performance in demanding situations.

I'm not saying this will be similar to what I saw on the Dell - but it'll be close [or worse - hopefully not!].

 

[Wave]

I sense Bloatware!

Earlier today I was working on a customer's Dell laptop and found some sort of a Dell "Support ecosystem' built into it. There were countless Dell this-Dell that apps preinstalled on the machine with multiple running processes (including numerous running as system services) supposedly to make it easier for Dell techs to "troubleshoot" stuff. It bothered me to even look at all that junk running in the background. All that running stuff would easily sap at least 20% of peak machine performance in demanding situations.

I'm not saying this will be similar to what I saw on the Dell - but it'll be close [or worse - hopefully not!].

This is completely different... The hardware of this system will be adapted for virtualization and the functionality implemented into the OS will help keep the browser secure, genuinely, no "bloatware".

Question question.... apart from downloads and URL inspection, there's components of memory or process inspection as well I Guess? Will it cause false positive on intranet apps?

It's not like an AV memory scanner, it'll be virtualization for the web browser... It won't know when an malicious attack is occurring, but when one does, closing the browser and ending the session will resolve the problem, preventing your host from being affected (based on what was said in the article this is my guess on how it's working).

 

[MBYX]

So...next malware creates own micro vm to infect machine? Admitted I have not had a close look at bromium. Anyone?

 

[Wave]

So...next malware creates own micro vm to infect machine? Admitted I have not had a close look at bromium. Anyone?

What?

 

[vemn]

So...next malware creates own micro vm to infect machine? Admitted I have not had a close look at bromium. Anyone?

Or you mean the next possible evolution of threat is to exploit this microvm feature, create an instance and do a "secured download" of malware?

 

[Wave]

Or you mean the next possible evolution of threat is to exploit this microvm feature, create an instance and do a "secured download" of malware?

It won't be as simple as that; the actual browser will be isolated therefore the exploit would need to escape the browser and access the host, however this technology is supposed to prevent that. For example, VirtualBox/VMWare is very secure, how often do you find a sample which is capable of exploiting it to gain host access? Rare, chances are you'll never become a victim of such a thing yourself.

Kaspersky and Comodo use the hyper-visor for virtualization, I've never seen anyone online report an actual case of infection through that virtualization being escaped.

This technology will be much more secure than that of using a Virtual Machine/hyper-visor for sure, which provides even more reliability.

 

[vemn]

It won't be as simple as that; the actual browser will be isolated therefore the exploit would need to escape the browser and access the host, however this technology is supposed to prevent that. For example, VirtualBox/VMWare is very secure, how often do you find a sample which is capable of exploiting it to gain host access? Rare, chances are you'll never become a victim of such a thing yourself.

Kaspersky and Comodo use the hyper-visor for virtualization, I've never seen anyone online report an actual case of infection through that virtualization being escaped.

This technology will be much more secure than that of using a Virtual Machine/hyper-visor for sure, which provides even more reliability.

Good points! Time for a POC!
(If there's free trial lol )

 

[MBYX]

Or you mean the next possible evolution of threat is to exploit this microvm feature, create an instance and do a "secured download" of malware?

- Yes vemn.

As Wave says, there are examples of breakout out there but he raises good points in that it would be hardened more than existing VM tech so thinking about it there is a lot of effort involved. We know it tends to be a path of least resistance when it comes to it so the chance of this occurring.. super low.

I Would be keen to give this software a test drive.

 

[vemn]

- Yes vemn.

As Wave says, there are examples of breakout out there but he raises good points in that it would be hardened more than existing VM tech so thinking about it there is a lot of effort involved. We know it tends to be a path of least resistance when it comes to it so the chance of this occurring.. super low.

I Would be keen to give this software a test drive.

Yeah agree. The point of entry will be questionable. There again, nice to see all these new technologies of microVMs, container concept, or the new feature Dynamic Application Control of McAfee.