How would Star Trek fight email viruses?
by John Sequeira
Related link: http://www.eweek.com/article2/0,1759,145726,00.asp
One of the great cliches of the classic Star Trek episodes is the crew-member in the red shirt. This short lived, uniformly attired character served as a plot device whenever the real characters where confronted with a hostile environment. They lived just long enough to demonstrate the lethality of the various alien claws, tentacles, death beams etc. that menaced the Enterprise landing party.
Okay, so what does that have to do with email viruses? Well, wouldn't it be great if you had a red shirted member in your organization, someone who would unflaggingly open every email on the server and blindly double-click on every single attachment? This brave co-worker (call him Homer? MS-Bob?) would use an unpatched version of Outlook, open zip archives trying to run every file inside, run strange Office macros, etc and in so doing trigger every bit of malicious code entering your organization before it made it to your desktop. The howls of frustration from the cube next door would give you advanced warning of incoming mail-based doom, or alert your mail-server so that it could be deleted before you had a chance to be infected.
Well, that's essentially what a company called Avinti has provided with their iSolation Server product. I really don't know much about the product besides reading the marketing copy, but since it's kind of an obvious extension of the server-based honeypot to a desktop setting, it seems like it would work really well.
Either way, I confess that I am completely enamoured of the metaphor.
FWIW, for those of you without the resources to procure a legion of self-destructing, email-reading red-shirts, check out Prevx's free intrusion detection product for desktops. Intrusion detection is certainly less slick that eliminating threats before they get to your desktop, and I wouldn't recommend it to folks intimidated by the technical jargon in the IDS pop-ups, but I believe Prevx blocks much more Spybot, and you can't beat the price.
Do you know of any more interesting security-related applications of virtualization?