Virtual Computer and Sophos partner to secure client hypervisors

In a similar move to the Citrix-McAfee alliance earlier this year, Virtual Computer and global IT security firm Sophos have announced a global alliance to proactively safeguard virtual environments from suspicious activity, viruses, and other malware threats.

The virtual desktop market is still in its infancy, and one of the challenges holding VDI back from its anticipated breakout is security. Virtualization giants like Citrix, Trend Micro, and VMware are going about security in new and interesting ways, but startups like Virtual Computer have managed to beat them to the punch.

While Citrix and VMware were talking about creating a Type-1 bare-metal client hypervisor, Virtual Computer was already delivering on that promise. NxTop, Virtual Computer’s flagship solution, provides desktop IT administrators the ability to create flexible, dependable, and secure endpoints for various combinations of laptops, desktops, VDI, or cloud computing. And the company wants to make them as secure as possible.

Now with their new partnership, Virtual Computer and Sophos have broken the safeguarding of virtual environments into a two-phase integration process. In the first phase, the companies are providing what they call secure, self-cleaning desktops.

By combining NxTop and Sophos AV, it is possible to create a shared virtual desktop that can be managed centrally on NxTop Center on a one-to-many basis. And unlike traditional virtual images that require signatures and updates to be reprocessed every time a virtual image is booted, NxTop preserves all Sophos updates each time a session is turned on and off. All updates to the master image are applied to local VMs on each PC, per NxTop’s standard management model.

Profile personalization on each machine, such as OS settings, application settings, documents, and so on, is preserved across reboots and updates, but changes to the core OS (such as the installation of malware) is shed on each reboot. This, according to Virtual Computer, effectively creates a self-cleaning desktop that can still be personalized by the user.

“While this significantly reduces the attack surface of a Windows VM, the fact we still do offer some degree of personalization means that there will remain areas of the VM (e.g., My Documents) where malware could reside,” said Doug Lane, senior director of product marketing at Virtual Computer. “For this reason, we have worked with Sophos to develop an optimal approach for running AV inside of a shared NxTop VM. For example, because the bulk of the VM will ‘snapback’ on a reboot, you can optionally tune the AV to focus scanning on those areas of the OS that can still be personalized.”

Part of the initial collaboration between these two companies is ensuring that the Sophos AV engine itself, and its ongoing virus definition updates, are preserved across reboots and updates. Virtual Computer captures the elements of the OS pertaining to Sophos into a layer that is preserved along with the allowed user personalization. Therefore, even though Sophos is installed into the base image, any updates that are performed on each individual PC are preserved.

In the second phase, the two companies are hoping to provide hypervisor-level security.

Virtual Computer and Sophos announced the two have been working together for over a year exploring future approaches to bringing endpoint security down to the hypervisor layer. Much of this centers around the concept that by running AV outside of Windows at the hypervisor level (or perhaps more accurately in a privileged “Service OS” VM), the two companies can perform introspection into one or more VMs running on the PC.

“In addition to providing better performance and efficiency, this will allow us to potentially detect malware that is not seen by traditional in-guest endpoint security tools, with rootkits being one example,” said Lane.

Lane added that one of the things that appealed to them about Sophos as a partner is that the company has a well-regarded AV engine that already runs on Linux, which should speed the path to a hypervisor-hosted security appliance.

Virtual Computer doesn’t yet have a confirmed date for when they will have these capabilities — the next phase of their collaboration with Sophos — on the market.

This article, “Virtual Computer and Sophos partner to secure client hypervisors,” was originally published at InfoWorld.com. Follow the latest developments in virtualization and cloud computing at InfoWorld.com.