Introduction to Light Virtualization

Discussion in 'sandboxing & virtualization' started by Mrkvonic, Feb 17, 2012.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    I have just posted an article over at Gizmo's Freeware. It's titled Introduction to Light Virtualization, and it's a brief overview of what light virtualization really means and what it offers, with comparison to several alternatives, plus a discussion on general pros and cons, as well as introduction to a number of programs including instant-snapshot-and-rollback ans sandboxing tools. Enjoy.

    Article over at TSA (Gizmo's Freeware):
    http://www.techsupportalert.com/content/introduction-light-virtualization.htm-0


    Cheers,
    Mrk
     
  2. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Thanks Mrkvonic

    Your guides are always informative, clear and very well explained :thumb:.
     
  3. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    494
    Location:
    USA
    Mrk,

    Nice intro piece, but I didn't see anything about ISR programs. Also,regarding Returnil System Safe, I can't understand why you say: "I did not test the anti-malware component, as I find it completely unnecessary". o_O

    Scott
     
  4. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    I am not so fond on programs offering different types of protection. As customer one always has the risk that the program is top notch on area 1 and mediocre on area 2. On the other side virtualisation and local blacklist data bases don't work well along side each other. The combi has the advantage that the AV should be using the latest blacklist DB.

    As far as I have tested Returnil free, the AV is intended as a backup when virtualisation is off. It is a decent solution thoough (Returnil that is)
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Scott, why I wrote that?
    Because it is unnecessary, that's why.
    Mrk
     
  6. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    494
    Location:
    USA
    Mrk,

    Please do not take this as disrespect, but while I realize that you believe it's unnecessary, I just wanted to know your rationale for that belief.

    Scott
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Mrk,
    Nice write-up and a natural extension of BlueZannetti's posts and comparisons. A question I would ahve for you is how would the uninitiated have a reasonable level of confidence in their strategy without some type of feedback (AKA - some type of scanner/monitoring for malicious content)?

    While I totally agree that in the context of those who frequent these types of forums, experience will be a valid guide, but for the average user who is more interested in install - set loose with automated updates and then back check with some type of automated scanning to verify a clean state, wouldn't there still be a role for an AM component in some form?

    Also, one important use case you miss is that of public access. For these environments, light virtualization is greatly preferred as it allows for a lesser degree of continuous client monitoring by IT staff and restrictions on cache size actually have the benefit of forcing more frequent restarts that help to provide a layer of protection for the next user or users by forcing a drop of changes that happened before the cache filled up...

    Kind regards
    Mike
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Disappointing answer. o_O No arguments behind your opinion/statement.

    Well here are two reasons for having an AV integrated with the light virtualisation solution.

    With boot-to-restore virtualisation all infections/changes are gone after reboot, so no persistent infection (except for some rare MBR infections)

    What about in-session infection protection? Until re-booted your as exposed as a flasher in central park at 14.00 on a sunny sunday afternoon.

    SO I would be happy with a light virtualissation solution having an Anti Malware component reducing the chance of picking up a keylogger or a MBR-infection (trashing the light virtualisation protection).
     
    Last edited: Feb 22, 2012
  9. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I can understand comparing only the light-v capabilities of cetain apps as a technology but then specific products are mentioned that have different protection philosophies. For example if comparing only the virtualization capabilities of Returnil and Shadow Defender; SD reportedly has a more robust virtual-model, but this completely ignores the holistic approach of Returnil as a security product and is therefore an unequal comparison.

    Kees makes a good point about in-session infection and the role of am products. The same is true of sandboxing programs.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698

    There's no reason to have an infection in the first place.
    And then, you don't have to worry about any of those.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.