Comments on: Virtualization as an Antivirus (cont.) http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/ Thu, 29 Jul 2010 15:46:21 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Christoph G. Olesch http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/comment-page-1/#comment-7184 Christoph G. Olesch Mon, 09 Mar 2009 19:51:25 +0000 http://www.chrisashworth.org/blog/?p=4#comment-7184 Hello Christopher... this is a very interesting discussion... 3 days ago, i have learned that there is something called "vitualization"... immediately my thoughts went to building a vm to browse the web with, thinking that if i run fedora or other linux based OS, i am totally seperated from my primary XP OS... now i have vm player and vm workstation, and have yet had any luck downloading and running any of the images available, with the exception of Centos5 (for some reason, wehn i click on the .vmx, it runs. now i'm thinking that overhead or booting up a vm app is of no relevance to me, if i am secure on the web...if the vm gets corrupted, simply revert it back or scrap it and use an identical back up... now...i'm exhausted, fed-up, 60 years old and becoming more senile by the minute...but i'm not "that" stupid...is there a vm build available that i can download and simply run and browse with...doing all the functions one normaly wood... 1. go to yahoo e-mail... 2. download and open pdf, doc and xls files, etc...? it appears this vm should be so simple, yet there are no step by step instructions available to someone who has no "language speak" experience...all hints and tips are missing half the information... this vm things seems to make so much sense and be so powerful, in terms of blocking access to your primary OS or programs... thanks in advance...christoph Hello Christopher…
this is a very interesting discussion…
3 days ago, i have learned that there is something called “vitualization”…
immediately my thoughts went to building a vm to browse the web with, thinking that if i run fedora or other linux based OS, i am totally seperated from my primary XP OS…
now i have vm player and vm workstation, and have yet had any luck downloading and running any of the images available, with the exception of Centos5 (for some reason, wehn i click on the .vmx, it runs.

now i’m thinking that overhead or booting up a vm app is of no relevance to me, if i am secure on the web…if the vm gets corrupted, simply revert it back or scrap it and use an identical back up…

now…i’m exhausted, fed-up, 60 years old and becoming more senile by the minute…but i’m not “that” stupid…is there a vm build available that i can download and simply run and browse with…doing all the functions one normaly wood…

1. go to yahoo e-mail…
2. download and open pdf, doc and xls files, etc…?

it appears this vm should be so simple, yet there are no step by step instructions available to someone who has no “language speak” experience…all hints and tips are missing half the information…

this vm things seems to make so much sense and be so powerful, in terms of blocking access to your primary OS or programs…

thanks in advance…christoph

]]> By: DigitalOrganics http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/comment-page-1/#comment-405 DigitalOrganics Sun, 25 Mar 2007 17:12:21 +0000 http://www.chrisashworth.org/blog/?p=4#comment-405 Christopher is apparently using VirtualPC, which allows access from virtual pc to host. I too use virtualization to protect my pc against viruses etc. while surfing the web, but I do not use Microsoft Virtual PC. I use VMware, which (unless you specify otherwise) prohibits the virtual pc/os from seeing the host in any way, shape, or form. In my view, having this any other way defeats the purpose. That being said, there are other options. Instead of incurring the hassle and overhead of a virtual pc, one can use sandbox and behavior control technologies to restrict the ability of common applications to act as transmission mediums for viral and other attacks. For example, DefenseWall is a sandboxing technology that isolates web browsers and the like, limiting their privileges to the mimimum necessity. Additionally, applications like Cyberhawk and PrevX use behavior analysis and control techniques to detect and stop malicious code. By these means, new threats can be identified and thwarted in real time without the need for "updates" and signature databases. As a matter of fact, sandboxing and HIPS are the primary protection methods I use for my day-to-day activities, virtualization of an entire pc is only necessary when I intend to surf uncharted and questionable territories (in which case I fire up my vmware ubuntu browser 'appliance' and revert it back to prior state when I'm done). Christopher is apparently using VirtualPC, which allows access from virtual pc to host. I too use virtualization to protect my pc against viruses etc. while surfing the web, but I do not use Microsoft Virtual PC. I use VMware, which (unless you specify otherwise) prohibits the virtual pc/os from seeing the host in any way, shape, or form. In my view, having this any other way defeats the purpose.

That being said, there are other options. Instead of incurring the hassle and overhead of a virtual pc, one can use sandbox and behavior control technologies to restrict the ability of common applications to act as transmission mediums for viral and other attacks. For example, DefenseWall is a sandboxing technology that isolates web browsers and the like, limiting their privileges to the mimimum necessity. Additionally, applications like Cyberhawk and PrevX use behavior analysis and control techniques to detect and stop malicious code. By these means, new threats can be identified and thwarted in real time without the need for “updates” and signature databases. As a matter of fact, sandboxing and HIPS are the primary protection methods I use for my day-to-day activities, virtualization of an entire pc is only necessary when I intend to surf uncharted and questionable territories (in which case I fire up my vmware ubuntu browser ‘appliance’ and revert it back to prior state when I’m done).

]]> By: Christopher http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/comment-page-1/#comment-122 Christopher Sat, 09 Sep 2006 18:05:43 +0000 http://www.chrisashworth.org/blog/?p=4#comment-122 Hi Venkat, The question of whether it is a tedious solution to viruses is different from whether it is effective. The problem with anti-virus software is that it continues to fail. Keeping it updated is tedious in itself, and even if it is updated it may not catch a virus that it does not know about. In general, this is the shortcoming of the "patch the problem" approach. It's not really fixing the root cause of the problem. This is why I think you'll start to see more fundamental security mechanisms making their way into mainstream usage in the next ten years or so. I think the original post's intent was that using a VM is a clever use of today's technology to produce an anti-virus mechanism that is more fundamentally sound than the plain old "update more often, scan more often, hope you don't miss anything" solution. Hi Venkat,

The question of whether it is a tedious solution to viruses is different from whether it is effective.

The problem with anti-virus software is that it continues to fail. Keeping it updated is tedious in itself, and even if it is updated it may not catch a virus that it does not know about.

In general, this is the shortcoming of the “patch the problem” approach. It’s not really fixing the root cause of the problem. This is why I think you’ll start to see more fundamental security mechanisms making their way into mainstream usage in the next ten years or so.

I think the original post’s intent was that using a VM is a clever use of today’s technology to produce an anti-virus mechanism that is more fundamentally sound than the plain old “update more often, scan more often, hope you don’t miss anything” solution.

]]> By: Venkat Reddy http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/comment-page-1/#comment-118 Venkat Reddy Sat, 09 Sep 2006 00:05:10 +0000 http://www.chrisashworth.org/blog/?p=4#comment-118 I still do not see that Virtualization as an solution to Antivirus. The initial author of the postings claims that he uses the VMWare images to browse the web (virus prone) adn incase of virus attact he destroys the images (or undo changes). I think this is tedious to maintain many images and making the machine overloaded is over kill. The simplest solution would be to use the updated anti-virus and some kind of personal filrewall and spyware detectors. =Venkat I still do not see that Virtualization as an solution to Antivirus. The initial author of the postings claims that he uses the VMWare images to browse the web (virus prone) adn incase of virus attact he destroys the images (or undo changes).

I think this is tedious to maintain many images and making the machine overloaded is over kill. The simplest solution would be to use the updated anti-virus and some kind of personal filrewall and spyware detectors.

=Venkat

]]> By: Chris http://chrisashworth.org/blog/2006/06/08/virtualization-as-an-antivirus-cont/comment-page-1/#comment-2 Chris Fri, 09 Jun 2006 14:30:15 +0000 http://www.chrisashworth.org/blog/?p=4#comment-2 Actually, in the example given above, the virtual machines themselves weren't designed for security, but they were integrated with a security policy on the host system that does the job of confining them. The point being that the system as a whole uses virtual machines as the basis of separation, and has been designed to do it with rigor. Actually, in the example given above, the virtual machines themselves weren’t designed for security, but they were integrated with a security policy on the host system that does the job of confining them. The point being that the system as a whole uses virtual machines as the basis of separation, and has been designed to do it with rigor.

]]>