Virtualization for Security

Virtualization for security can help protect you against viruses and other malware. However it is not a security silver bullet. With that in mind let us proceed.

The key to virtualization for security is that any infection of the virtualized machine does not effect the host machine unless the virtual machine to host OS barrier is broken.

Breaking the virtual machine to host OS barrier is a difficult task that has so far not been. However there is no guarantee that a virus that can jump from the virtual machine to host machine will not be created in the future.

One good virtual machine configuration for virtual machines

A virtual machine itself is no more secure than the original machine was before virtualization. What gives us more security is the fact that we can have many virtual machines so that we can

  • Use different virtual machines for different purposes, thus preventing our high risk activities from jeopardizing our low risk, but sensitive activities. For example, browsing unknown websites is a high risk activity, while conducting financial transactions at our known banking site is a low risk activity that must be secure.
  • If an infection does occur we can delete the infected virtual machine and start from a known clean virtual machine

With these facts in mind here is one possible minimal virtual machine configuration

  1. Create a virtual machine with all the necessary applications. This is the known clean virtual machine. We will not use this virtual machine but will use copies of this virtual machine for our activities.
  2. Create a copy of the known clean virtual machine and use it only for sensitive transactions.
  3. Create a copy of the known clean virtual machine and use it for general browsing.
  4. If you need to engage in high risk computational activities, create a copy of known clean virtual machine, use it and then delete it when done. Examples of high risk activities are browsing websites which have a high probability of being malicious or investigating malware or viruses

Types of virtualization for security configuration

When we are virtualizing for security two main types of configuration are currently used

  1. Heavy weight, full virtualization - with a virtualized processor and and a full Operating System
  2. Light weight virtualization aka Sandboxes - Same OS is used with file systems and key OS resources virtualized

Heavy weight full virtualization

.In this the processor is virtualized and a new OS boots up on this processor just as if it was booting on a different physical computer. Almost all solutions in this category require Administrative privileges. The virtual machine runs at close to native speeds.

VMWare Player, Microsoft Virtual PC and VirtualBox are examples of programs that support such heavy weight virtualization.

Light weight virtualization aka Sandboxes

In light weight virtualization, the entire process or OS is not virtualized but a layer is placed above the host OS and between sandboxed programs. An programs running sandboxed do not impact the host operating system.

Examples of such light weight virtualization program are Sandboxie and Returnil. We use Sandboxie for virtualization on our own systems.

Sandboxie provides one way host to isolated program barrier. The isolated program cannot write to the host, however it can read from the host machine. This means that a isolated program that is malicious can read our private data from the host machine and send it out over the Internet. This is another good reason to keep sensitive data encrypted until needed.

Attacks still possible after virtualization for security

Any private data on the virtual machine that you are using can still be compromised.

If the host machine has been compromised, many forms of attack are possible, among them

  • Screen capture from compromised host
  • Keyboard sniffing from network host

To guard against these, one way is to connect to the virtual machine over a secure connection from a terminal with very limited networking capabilities.

Return from Virtualization For Security to Security and Privacy Software