I've seen the future, and I want it installed on my network today.
This is the only problem: I'll have to find someone to mass-produce tomorrow's new, new thing first.
What I've seen is an internationally patented design for an innovative ''secure application proxy''. It's something that promises to immunize PCs against any threat that might come at them from the Internet or a LAN. It also would protect the LAN, in turn, from an individual compromised PC. But only three of these novel devices exist in the world, and not one of them is in my hands -- or yours.
A Kooky Idea or Magic Bullet?
This story goes back to a topic I wrote about in this space on April 5. I said then that a small, private company, Laboratory of Security
Technology (LSTec) in Kiev, Ukraine, had invented an add-in board that promises to solve some of the most bothersome burdens that haunt PCs.
If the device can do what the company claims, it will:
- Protect a PC against virus-type attacks across a network;
- Stop buffer overruns and similar hacker tricks that can compromise a PC, and
- Isolate a PC from the LAN it's connected to in the event that a virus or Trojan horse does manage to take control of the machine.
This is all pretty fantastical stuff. But I got a different perspective on the matter when two of the executives of LSTec flew halfway around the world to meet with me. (By the way, they also met with a few American venture capitalists, too).
How an Application Proxy Would Work
These officials -- CTO Aleksey Shevchenko and Acting COO Jeff Howley -- showed me schematics and independent technical reports backing up the
claims for their device, which is code-named ''XB-1''. I still don't have an actual add-in board to torture-test, and I don't know exactly when I will, because you might actually get one before I do. I'll explain in a moment.
Meanwhile, here's LSTec's concept of how an application proxy operates:
- Main CPU. Say a PC user starts an application on a machine that includes the add-in card (or a planned external device). The running code of the app is sucked into an on-board CPU and executes from there, not from the PC's own CPU;
- Main Memory. The app, which is now running on the card, also makes use of the card's RAM instead of the memory installed in the PC, and
- Flash Disk Drives. Finally, when the app thinks it's writing to the PC's hard disk, it's actually writing to a virtual hard disk composed of Flash memory on the card.
All of these redirections are designed for a single purpose. Applications on a machine protected by the XB-1 simply are not permitted to do things that no sensible enterprise technogist wants to allow them to do anyway.
Raising Better-Behaved PCs
This device -- this ''secure application proxy'' -- is said to stop dead some of the worst nightmares that system administrators have faced since
computer viruses were first unleashed:
- Intrusion prevention. Using behavior-based detection rather than signature definitions that need constant updating, the XB-1 is said to reject remote intrusions with little or no periodic downloading of revised instructions;
- No buffer overruns. If a virus does manage to access a PC to attempt to write to memory in an illegitimate way, the XB-1 is there to prevent the PC's actual memory from being affected at all, and
- No broadcast attacks. Finally, if a PC does get infected -- perhaps it's a laptop that was brought in from outside to re-connect with the corporate LAN -- the XB-1 immediately restricts machine-to-machine transmission of the virus or its commands. This protects the larger network from exposure.
Every running application, in other words, is put into a ''sandbox'' from which it can't harm other machines or be harmed by other machines. This concept has been developed in software for years. But the XB-1 seems to be integrating the idea into hardware in a way that promises a big payoff.
I know this all sounds pie-in-the-sky. But, at one time, so did the thought that pocket phones would eventually have more computing power than the mainframes of the day.
The inventors at LSTec -- who work in a country where top engineers earn $500 a month -- are sharp but not rich. They're looking for, say, an investment of $2 million in return for equity in their company. This, they explain, would enable them to stamp out thousands of the boards so corporate IT heads and the global press could try the things out as much as they like.
Howley is temporarily serving as COO for LSTec while also wearing the hat of president of his own enterprise management and planning firm, EMPlan Inc. He says LSTec hasn't even named anyone as its CEO yet, because an investor -- perhaps an American -- might want to assume that position himself or herself.
He offers up his e-mail address (JLHowley@emplan.com) and invites serious players to ping him. I know some of my readers make deals on that scale every day. That's why I said that you might have one of these fascinating boards before I do. Money talks, and money might also solve our biggest security problems.
I've seen the future, and I want it installed on my network today.
IE 7
Firefox 2.0
