[Gllug] Memory scanning
James Courtier-Dutton
james.dutton at gmail.com
Mon Sep 6 12:10:24 UTC 2010
On 6 September 2010 12:38, John Edwards <john at cornerstonelinux.co.uk> wrote:
> On Mon, Sep 06, 2010 at 11:55:23AM +0100, Richard Jones wrote:
> <snip>
>> BTW, I don't think this idea is viable commercially. Intel have for
>> years been trying to virtualize Windows and insert virus scanning in a
>> "hypervisor layer" beneath it. They have more money than Croesus and
>> they've poured pots of it into vPro, with no visible outcome so far.
>
> And now VMware are having a go:
> http://www.theregister.co.uk/2010/09/06/virtual_security/print.html
> http://www.vmware.com/products/vshield-endpoint/
>
> Though the virus scanning is in a dedicated virtual machine and not
> the hypervisor itself. It's not clear it is the hypervisor that
> initiates the virus scanning or the OS of each virtual machine.
>
> One of the selling points is "Protect antivirus security software
> from attack". It really says something about the current crop of
> anti-virus software that they need to be protected from the very
> things they are designed to stop. Or maybe more about the OS they
> are supposed to protect.
>
I think it says more about the OS they are supposed to protect.
It is always a good idea to protect your security tools from getting
attacked themselves.
Now, it is difficult for a guest OS to infect the host OS, but not
impossible, as has been proved in the past.
Fortunately, the guest OS to host OS attack surface is small, so less
likely to have bugs than the entire windows OS API.
So, I see great benefit in anti-virus software trying to protect
itself in its own VM, thus reducing the attack surface.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list