Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home

June 2005

Virus-safe computing

Experimental solution makes security a cinch


HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» Worldwide sites
» Downloads

Content starts here
We've demonstrated that it is possible to build systems that are more secure, more functional and easier to use.

by Jamie Beckett

Want to know why we can't rid ourselves of viruses? It isn't because there are more attacks or that they're more malicious. It's your operating system: No, not just Windows, but Linux and Unix and Mac and any other widely used OS.

The virus you get when you launch an e-mail attachment, edit a file with macros or visit a Web page containing malicious code isn't exploiting an inadvertent security hole. It's just using the operating system the way it was designed to be used, basing its authority on the identity of the logged-on user.

That means any program you run can use your computer to do anything you might do with a computer -- whether you want it done or not.

Limiting the damage

It doesn't have to be that way, says HP Researcher Alan Karp. "There's no inherent reason why a Solitaire game, for instance, needs to be able to search your desktop, or why a spreadsheet program needs the ability to search your disk for secrets or put a Trojan horse in your startup folder."

Karp is leading a research effort at HP Labs toward virus-safe computing. The team's answer is based on what's known as the Principle of Least Authority, or POLA -- limiting the rights of each program to only the ones needed for the job the user wants done.

"Most people ask how we can prevent attacks from succeeding," Karp observes. "We think an equally important question is, how can we limit the damage an attack can do?"

Controlled testing

Experimental research software being developed at HP Labs takes exactly this approach.

It doesn't affect the operating system or alter applications. What it does is change how an application is launched. Instead of starting an application in the logged-in user's account, it configures applications so they automatically launch in a quarantined environment and have only the permissions they need to perform their primary processes.

The result: Standard programs, like Microsoft Word, are limited so that they can edit the document you have open and nothing else. It can't erase your hard drive. It can't download spyware. It can't divulge your passwords. The same is true for other programs, such as Microsoft's Internet Explorer, Excel, PowerPoint or any other application configured with the experimental HP virus-safe computing software. And it doesn't require the frequent updates that virus scanners do.

An alpha version of the software for Windows XP is being tested in a small, controlled trial by users at George Mason University in Northern Virginia and the U.S. Navy. The software is being run locally on several PCs as a testing bed, and a successful pilot could lead to much broader use by these organizations. About 40 users in HP Labs (including the author of this piece) are also participating in the test.

User: Malicious code stopped

Early tests have shown that the software simply and effectively prevents viruses from spreading and corrupting entire systems.

"There's definitely an added comfort level," says Bill Tulloh, a cyber security researcher working at George Mason who's been testing the software since September. "If a problem does occur, the damage it can do to my computer is greatly limited."

He also likes the fact that the software responds to new types of attacks that haven't been anticipated by anti-virus software makers.

Tulloh says he and others are currently talking with IT officials at George Mason about expanding testing of the HP Labs software at the university.

Previous solutions

Karp and his team -- visiting scholar Marc Stiegler and researchers Ka-Ping Yee, Mark Miller and Tyler Close -- aren't the first people to attack this problem. But previous solutions, says Karp, were generally too hard to use or too intrusive to be effective.

One common method, known as sandboxing, involves producing a set of rules for each program. Trouble is, the rules are hard to modify if your needs change.

Some security solutions allow users fine-grain control of their programs, but then must constantly ask users' permission to perform certain functions. These are the familiar dialogue boxes that pop up when a file contains a macro. Should you disable macros? Enable them?

"They don't give you enough information to make an intelligent decision," says Karp. "You don't know what benefit you get by allowing this action and you don't know what risk you're taking."

If you click "no," you lose functionality. If you click "yes," your system could be harmed.

Making it usable

The team's solution builds on earlier work by Stiegler, who built an interactive desktop environment using the Principle of Least Authority that doesn't require dialog boxes or ask users to accept digital certificates.

"It's really as much about usability as security," Karp notes. "We're trying to make the user experience with our software identical to a standard Windows desktop."

How close does it come? Early versions of the software were similar to, but not identical to the typical Windows experience, users say.

Work still ahead

The current version of the software also has difficulty with linked files, such as spreadsheets containing references to other spreadsheets, and researchers haven't yet figured out how to deal with some programs such as Direct 3D -- used in much game software. Direct 3D is incompatible with the software's security machinery. Some users have run into difficulty with dragging and dropping files between applications.

Researchers expect to produce a Beta version of the software by the end of the summer. That will address many of users' issues, as well as block keyboard sniffers that attackers use to capture passwords.

But Karp says the team's main goal is to make it possible for people to use their computers -- and all its features -- without security-imposed restrictions.

"Most people would say that the only way to be secure is to stop using features -- don't open e-mail attachments, don't allow scripting," says Karp. "If the only answer to attacks is to disable useful features, we’ll end up unplugging our computers and storing them in the closet. We've demonstrated that it is possible to build systems that are more secure, more functional and easier to use."

Related links

» Virus-safe computing research
» HP Security protection
» Alan Karp's personal page

News and events

» Recent news stories
» Archived news stories

Alan Karp

Alan Karp, research team leader

Related tech reports

» Polaris: Virus Safe Computing for Windows XP
» POLA Today Keeps the Virus at Bay

Other security-related research at HP Labs

» Trust, security and privacy research
» Virus Throttle now an HP product)
» Active countermeasures


Ka-Ping Yee

Ka-Ping Yee, researcher



Marc Stiegler

Marc Stiegler, visiting scholar


Tyler Close

Tyler Close, visiting scholar




Mark Miller

Mark Miller, researcher

Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.