What virtualization can and cannot do in an anti-malware context


Over at the anti-virus rant blog (which is a nice blog because it includes the word rant in the title :)) Kurt Wismer states that virtualization is overhyped as a security technology. While I agree, I want to point out that following some simple rules, it can be a very powerful security which can easily replace a separate computer only for browsing. The rules would be:

  • Don’t have writable shares on the network the virtual machine is connected to. If you want to share a directory to extract file, share it from the client OS and copy it from outside
  • If possible put it on a different subnet
  • Use non-persistent hard disks or snapshots and revert to them regularly (currently the only commercial grade product that I know of that can do this is VMWare. QEmu also has this feature, but unfortunately it still needs some time to become a stable solution)

Following these rules you get a more secure and more convenient system than using a separate PC with something like DeepFreeze, but you loose the ability to stay logged on sites (because you loose all your cookies, history and cache).

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *