Professor Elam

Weekend October  12 2013

John Wallace of Resource Global Professionals RGP delivered a lecture this past Wednesday at San Antonio Internal Auditors on the securityof on line banking. The short story there is that there is not much security and a lot of danger via malware. Malware installs unseen on your computer  from clicking on an apparently friendly site. The malware then resides ony your computer until you enter passwords and bank account numbers. It copies the numbers and sends them to the bad guys in who knows where, think Tadkistan. 

The WSJ featured an article the very next day on software that purportedly would prevent this. The idea was that one would surf the net in the cloud and not on your own computer. I asked John to respond. 

Here is his comment about Light Point, thanks for keeping out TAMUSA students up to date. 

The concept of a virtual browser is a brilliant (though not entirely new) idea.  In 2001, a company was founded called Green Border.  They provided a product that "sandboxed" the browser (on the desktop or laptop), preventing malware from making its way to the computer's operating system.  The product appeared to work well and I used it for several years.  Unfortunately, in 2007 Google bought the Green Border company and promptly halted sales and suspended support.  It has been reported that Google wanted to capture the technology for the Chrome browser.  Indeed, Google came out with a feature to "sandbox" the Chrome browser.  Unfortunately, the Chrome "sandbox" was publicly compromised in 2012.  Although Google fixed the vulnerabilities that allowed it to be compromised, there is no way to be sure that it cannot again be compromised (or has not again been compromised) by these sophisticated malware developers.  Microsoft and Mozilla have also tried to "sandbox" their browsers, with limited "success".  This is why I am fairly confident when I say that there is no "secure" browser.  

What is novel about Light Point is that it is being hosted in the cloud.  That can potentially keep the malware off of the user's desktop/laptop/tablet.  However, considering that the Light Point browser could be compromised by zero-day malware (as was Google's Chrome "secure" browser), then it would be unwise for users to do their online banking via the Light Point site.  The malware would still be capable of harvesting the user's online banking credentials.

 

Whether or not Light Point Security, LLC will make it in the marketplace remains to be seen.  According to the WSJ article, they are a two-person startup, with a little bit of money.  Their target customers are businesses, yet they only support the Mozilla Firefox browser.  However, they have plans to support Microsoft's Internet Explorer and Google's Chrome, and eventually mobile platforms.  I wish them success, but I don't think their solution is the magic bullet.  Their product and service, should it take off, will most certainly be targeted by the organized criminal gangs I mentioned in my presentation.  Unfortunately, with their tremendous resources, I doubt that these criminals will find it impossible to compromise Light Point.

For what it is worth, those are my thoughts about Light Point!