Sunday, May 07, 2006

Using virtualization as anti-virus

The latest tale from the Red Shed describes the use of virtualization software -- VirtualPC in this case, though it could have been VMware -- as an anti-virus platform. One wise commenter notes:

The security mechanism you describe in your article is a form of Mandatory Access Control (MAC). You are effectively defining domains within which your applications must run, and they only have access to the resources in those domains. Even a root user in a Unix VM can’t get access to the application you run in a separate VM. This mechanism strongly contains any accidental or malign activity within the domain of operation in a mandatory way (as opposed to a discretionary way, e.g. Unix file permissions). As such—and as you imply but don’t quite say explicitly in your article—virtualization kicks the ever-loving pants off of traditional antivirus software, vis-a-vis protecting your computer from viruses...

The virus software, in contrast, is doomed to painful and repeated failure because it can only catch what it already knows.

Rentzsch: Using Virtualization as Antivirus

No comments: