运行不受信任的第三方软件
[英]Running untrusted third party software
问题描述
What's the best way to protect system integrity while running possibly malicious third party executables? 
在运行可能的恶意第三方可执行文件时保护系统完整性的最佳方法是什么?
I would like to allow a program to be able to store some information for its own use during execution, but disallow access to the network and to devices, and of course to other users' data and the overall system. 我想允许一个程序能够在执行期间存储一些信息供自己使用,但不允许访问网络和设备,当然也不允许访问其他用户的数据和整个系统。
A few constraints: 1. This needs to be able to run on Windows. 一些限制:1。这需要能够在Windows上运行。 2. I can't restrict the language (eg "just use Java"). 2.我不能限制语言(例如“只使用Java”)。 3. It needs to have native, or near-native performance. 3.它需要具有本机或接近本机的性能。 4. Ideally it should be able to run in the background as a service. 4.理想情况下,它应该能够在后台作为服务运行。
Can I simply use a restricted-privilege windows user? 我可以简单地使用受限权限的Windows用户吗? Would it be safe? 它会安全吗?
Do I have to use a virtualization environment? 我是否必须使用虚拟化环境? Are there any free ones? 有免费的吗?
Other ideas? 其他想法?
3 个解决方案
解决方案1
7 2008-12-04 20:45:25
解决方案2
4 2008-12-04 20:47:29
解决方案3
2 2008-12-04 20:46:08
Although not a perfect solution for what you are getting to I have a few options that I have used in the past. 虽然不是一个完美的解决方案,但我有一些我过去使用过的选项。
1.) Use a virtual environment. 1.)使用虚拟环境。 I personally prefer VMWare after using it for a whiel ($189) as it works well and just easy to work with. 我个人更喜欢VMWare后使用它($ 189),因为它运行良好,并且易于使用。 THis at least isolates the application into a test bed that you can use to evaulate it, and see if it does anything bad. 这至少将应用程序隔离到一个可以用来评估它的测试床上,看看它是否有什么坏处。
2.) Use a limited account in vista or others, this will at least prevent it from getting access to critical files, however, it isn't foolpoof! 2.)在vista或其他人中使用有限的帐户,这至少会阻止它访问关键文件,但是,这不是万无一失!
edit 编辑
I'll also second the recommendation that if you are really scared, DO NOT put the VM on your network. 我还要提出的建议是,如果您真的害怕,请不要将VM放在您的网络上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.