The browsers and the desktop Operating System (OS) of the future need to provide us a much broader and much more comprehensive level of protection than the average user enjoys today. There is a need to re-invent how browsers are programmed and run on end-user systems.
Isolation is the first step to better protection. This is evident in the new Windows 7 OS which allows XP to run in a completely isolated process from the rest of the system, enabling users to run legacy apps not yet updated to support Windows 7.
Using the same methods Windows 7 uses to run Windows XP mode, it should then be possible to completely isolate the browser. This could be done using computer virtualization technologies which will separate the browser from the operating system.
Current technologies that Microsoft could use include MED-V, which is based on the Type 2 hypervisor Virtual PC technology that Windows XP mode uses.
A minimized Windows kernel similar to the one on Ubuntu “Just enough OS” (JeOS), coupled with the browser running on MED-V or a full port of Hyper-V, and a good anti-malware completed by having it run out of a virtual hard disk.
There is also APP-V, which is an enterprise, server-based virtualization technology for presenting applications to remote desktops. This would allow the browser to run on the server using enterprise-grade security controls. This could be provided via cloud computing.
The next version of windows could be designed to boot and runs from a hypervisor, such as a desktop implementation of Hyper-V, Microsoft’s Type 1 hypervisor.
This VM (virtual machine) container would be the basis for the proposed Browser protection.
Google could issue a Windows version of Chrome OS, which would include a Type 2 Hypervisor (such as a run-time version of VirtualBox) and run entirely in virtual disk.
The solutions described above use hypervisors. But Virtuozzo uses containers, so there is no need to create a new kernel and OS instances in each VM. Virtuozzo partitions out resources in one kernel instance to do the isolation.
With this method, browsers such as Internet Explorer, Chrome or Firefox could be set to run within within a fully isolated container. The advantage of this method over a Type 1 or Type 2 hypervisor is that it uses far less CPU and memory overhead.
The container running the browser can also be combined with an anti-virus and anti-spyware.
The isolation provides the basic protection of the core of your system. To have a complete solution, there should also be Unified Threat Management (UTM) with Deep Packet Inspection (DPI), to every single end-user.
UTM/DPI will be presiding over your network connection. It vigilantly, watches the long and short range scanners for signs of trouble. It’s a sophisticated hardware-based firewall that looks at everything coming into your network at the deep packet level.