Tim Beyers from The Motley Fool shares his thoughts on Spikes AirGap

October, 28, 2013 Jonathan

This week Spikes appeared on The Motley Fool in an article by Tim Beyers. In this youtube video Beyers speculates "I'm wondering if Chrome, and Google in general have a real problem, a real security problem" after watching an interview that Robert Scoble did with Branden Spikes.

The problem Tim refers to is not just with Chrome and Google but in the inherent design of web browsers. As pointed out in this video web browsers are designed to execute code from untrusted sources. If you can never trust the source of the code being run on your machine, then you can never trust what your browser might be up to. Therefore, to be safe, get the browser off your machine and outside of your network and firewall.

Tim points out moving the browser off your machine may seem reactionary. Remember however that when the first web browser was built the internet was a small community built on trust between a handful of universities. The web browsers we use today do provide sophisticated tools for encryption and security but their inherent design still originates from a time of trust and these browsers were not purpose built with your security in mind. Something that is essential when anyone with a web browser is up against a financially motivated and highly sophisticated black market information economy.

Tim goes on to say that the Spikes AirGap technology is "A fascinating idea" and he "Wonders if it faces high hurdles".

Spikes has overcome many of these hurdles in building a secure AirGap browser that operates remotely while providing an interface that gives its users an experience consistent with the experience they're already familiar with when running a standard web browser on their own machine. We are continually improving upon this to deliver the best experience possible.

When asked about Tim Beyers comments, this is what Spikes CIO Scott Martin had to say:

Tim's points are spot on. One of the most important points that is frequently missed is that no matter how robust your protection (Palo Alto Networks, WebSense, FireEye, etc...), none of these will catch a zero-day threat that's aware of a virtual sandbox environment.

A while back, when working at Symantec, we were fascinated (yet not surprised) when attackers started producing malware that would detect and specifically avoid or even disable Anti-Virus software. We've already started to see malware that is "Sandbox aware" or "Virtual Machine aware". The beauty of AirGap is that even if malicious code is pulled down, there's really nothing it can do - it's still in 'jail' and it'll never see the client machine!

Tim indicates that this approach is perhaps a little paranoid but when the cost is the same (or less), relative to other solutions out there, and the usability is far and away the best available, I don't see a downside to being a little over-protective.

For those that think moving the web browser off their machine is paranoid, consider this:

We live in a digital age where there is enough value placed on the IP contained within corporate networks and enough value in personal data on home computers and hand-held devices to warrant the existence of an entire clandestine industry dedicated to stealing intellectual property and personal information. Consider that the preferred entry point for this activity is your web browser and that the internet provides an accessible avenue which effectively allows criminals to operate anonymously and with little fear of legal repercussions, let alone any need for an old fashioned getaway vehicle.

Individuals and companies today all find themselves in a new world, one where their computers, tablets, and smartphones all face networks of professionals who make careers out of cybercrime. In this new world, taking security precautions which may seem extreme, short of going completely offline in response, isn't paranoia— it's prudence.

While other browsers are busily trying to level the playing field — the Spikes AirGap makes it possible to browse fearlessly, again.

Jonathan, Software Engineer, Spikes Security

Keep informed.