"While this significantly reduces the attack surface of a Windows VM, the fact we still do offer some degree of personalization means that there will remain areas of the VM (e.g., My Documents) where malware could reside," said Doug Lane, senior director of product marketing at Virtual Computer. "For this reason, we have worked with Sophos to develop an optimal approach for running AV inside of a shared NxTop VM. For example, because the bulk of the VM will 'snapback' on a reboot, you can optionally tune the AV to focus scanning on those areas of the OS that can still be personalized."
Part of the initial collaboration between these two companies is ensuring that the Sophos AV engine itself, and its ongoing virus definition updates, are preserved across reboots and updates. Virtual Computer captures the elements of the OS pertaining to Sophos into a layer that is preserved along with the allowed user personalization. Therefore, even though Sophos is installed into the base image, any updates that are performed on each individual PC are preserved.
In the second phase, the two companies are hoping to provide hypervisor-level security.
Virtual Computer and Sophos announced the two have been working together for over a year exploring future approaches to bringing endpoint security down to the hypervisor layer. Much of this centers around the concept that by running AV outside of Windows at the hypervisor level (or perhaps more accurately in a privileged "Service OS" VM), the two companies can perform introspection into one or more VMs running on the PC.
"In addition to providing better performance and efficiency, this will allow us to potentially detect malware that is not seen by traditional in-guest endpoint security tools, with rootkits being one example," said Lane.
Lane added that one of the things that appealed to them about Sophos as a partner is that the company has a well-regarded AV engine that already runs on Linux, which should speed the path to a hypervisor-hosted security appliance.
Virtual Computer doesn't yet have a confirmed date for when they will have these capabilities -- the next phase of their collaboration with Sophos -- on the market.
This article, "Virtual Computer and Sophos partner to secure client hypervisors," was originally published at InfoWorld.com. Follow the latest developments in virtualization and cloud computing at InfoWorld.com.