Introduction to Light Virtualization

I have just posted an article over at Gizmo's Freeware. It's titled Introduction to Light Virtualization, and it's a brief overview of what light virtualization really means and what it offers, with comparison to several alternatives, plus a discussion on general pros and cons, as well as introduction to a number of programs including instant-snapshot-and-rollback ans sandboxing tools. Enjoy.

Article over at TSA (Gizmo's Freeware):
http://www.techsupportalert.com/content/introduction-light-virtualization.htm-0


Cheers,
Mrk

 

Thanks Mrkvonic

Your guides are always informative, clear and very well explained .

 

Mrk,

Nice intro piece, but I didn't see anything about ISR programs. Also,regarding Returnil System Safe, I can't understand why you say: "I did not test the anti-malware component, as I find it completely unnecessary".

Scott

 

I am not so fond on programs offering different types of protection. As customer one always has the risk that the program is top notch on area 1 and mediocre on area 2. On the other side virtualisation and local blacklist data bases don't work well along side each other. The combi has the advantage that the AV should be using the latest blacklist DB.

As far as I have tested Returnil free, the AV is intended as a backup when virtualisation is off. It is a decent solution thoough (Returnil that is)

 

Scott, why I wrote that?
Because it is unnecessary, that's why.
Mrk

 

Mrk,

Please do not take this as disrespect, but while I realize that you believe it's unnecessary, I just wanted to know your rationale for that belief.

Scott

 

Hi Mrk,
Nice write-up and a natural extension of BlueZannetti's posts and comparisons. A question I would ahve for you is how would the uninitiated have a reasonable level of confidence in their strategy without some type of feedback (AKA - some type of scanner/monitoring for malicious content)?

While I totally agree that in the context of those who frequent these types of forums, experience will be a valid guide, but for the average user who is more interested in install - set loose with automated updates and then back check with some type of automated scanning to verify a clean state, wouldn't there still be a role for an AM component in some form?

Also, one important use case you miss is that of public access. For these environments, light virtualization is greatly preferred as it allows for a lesser degree of continuous client monitoring by IT staff and restrictions on cache size actually have the benefit of forcing more frequent restarts that help to provide a layer of protection for the next user or users by forcing a drop of changes that happened before the cache filled up...

Kind regards
Mike

 

Disappointing answer. No arguments behind your opinion/statement.

Well here are two reasons for having an AV integrated with the light virtualisation solution.

With boot-to-restore virtualisation all infections/changes are gone after reboot, so no persistent infection (except for some rare MBR infections)

What about in-session infection protection? Until re-booted your as exposed as a flasher in central park at 14.00 on a sunny sunday afternoon.

SO I would be happy with a light virtualissation solution having an Anti Malware component reducing the chance of picking up a keylogger or a MBR-infection (trashing the light virtualisation protection).

 

I can understand comparing only the light-v capabilities of cetain apps as a technology but then specific products are mentioned that have different protection philosophies. For example if comparing only the virtualization capabilities of Returnil and Shadow Defender; SD reportedly has a more robust virtual-model, but this completely ignores the holistic approach of Returnil as a security product and is therefore an unequal comparison.

Kees makes a good point about in-session infection and the role of am products. The same is true of sandboxing programs.

 

There's no reason to have an infection in the first place.
And then, you don't have to worry about any of those.
Mrk