Back to Top

Friday, December 15, 2006

What virtualization can and cannot do in an anti-malware context

Over at the anti-virus rant blog (which is a nice blog because it includes the word rant in the title :)) Kurt Wismer states that virtualization is overhyped as a security technology. While I agree, I want to point out that following some simple rules, it can be a very powerful security which can easily replace a separate computer only for browsing. The rules would be:

  • Don't have writable shares on the network the virtual machine is connected to. If you want to share a directory to extract file, share it from the client OS and copy it from outside
  • If possible put it on a different subnet
  • Use non-persistent hard disks or snapshots and revert to them regularly (currently the only commercial grade product that I know of that can do this is VMWare. QEmu also has this feature, but unfortunately it still needs some time to become a stable solution)

Following these rules you get a more secure and more convenient system than using a separate PC with something like DeepFreeze, but you loose the ability to stay logged on sites (because you loose all your cookies, history and cache).


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.