Recently, Mike Danseglio, a program manager in Microsoft's Security Solutions group, made news by saying that after a system becomes infected with some types of rootkits and other malware, sometimes the only solution is to rebuild the system from scratch. Security administrators have long known this, but Danseglio's statements point out that malware is becoming so quick to exploit new problems, so advanced in new capabilities, and so viciously insidious that sometimes even the best antispyware, antivirus, content filtering, firewall, and intrusion prevention tools can't protect a system adequately.
This situation could completely change our standards for building servers, desktops in enterprises, and probably even desktops in homes. Rebuilding a desktop can be a painful and time-consuming process. If you use some sort of disk-imaging technology and keep adequate backups, you can make recovery far less stressful, but even so, with today's technology this particular route to recovery is the long road. However, if you have virtual machine (VM) technology in place, you can recover from an intrusion of nearly any type in only a few seconds because all you need to do is shut down the VM and relaunch it.
Microsoft, Red Hat, and other vendors are touting VM technology with increasing frequency. Microsoft recently announced that it will offer its VM technology for free and it will begin to support Linux VMs running under a Windows environment. The announcement comes on the heels of VMware's recent shift to offering some of its VM technology for free.
While the primary focus of most VM technology vendors has been on servers, expanding the focus from servers to desktops is just a short step away. Because of the need for the best security possible and because desktops are a major inroad for intruders of all types, installing desktop-based VMs instead of standalone OSs makes sense. It's quite possible that VMs could become the solution of choice sooner rather than later for a large number of enterprises and possibly even for home computer users.
If you haven't already looked into VM technology, head over to the first URL below, where you'll find out how to download or order Microsoft Virtual Server 2005 R2. Also, check out VMware's site (at the second URL below), where you can download a copy of VMware Server. And be sure to click the third URL below where you'll find a long list of ready-made VM "appliances" that run under VMware Server, including several that you as security administrators will probably find useful.
http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
http://www.vmware.com/products/server
http://www.vmware.com/vmtn/appliances/index.html
Last but not least, if you're the proud owner of some of that slick new Intel-based Mac hardware, then check out the Parallels Web site, where you'll find the new Parallels Workstation 2.1 beta, VM technology that lets you run Windows XP, Linux, FreeBSD, Solaris, OS/2, and even MS-DOS under Mac OS X.
http://www.parallels.com/en/products/workstation/mac/
