Virtualisation should have helped to reduce Internet security risks by now

Virtualisation could have helped (and still can help) reduce the security threats people are facing using their computers on the Internet. I am not sure why the industry is not yet exploring this, at least they’re not appearing to be publicly doing this so far.

For a while now I’ve held the view that virtualisation was (and still is) an effective way of reducing some of the Internet security threats people are facing all the time. Imagine that the most enticing computer uses would be completely sandboxed. For example, if you start internet banking, the browser would run on a sandbox that only communicates with your bank and potentially the token hardware in your possession, anything outside of that would simply stop working: no other network connection, the sandboxed browsers’ access to hardware is completely isolated from the rest of your computer, except for printing perhaps. The sandboxed browser does not support any plugins or extensions, its only features are those of a dumbed down banking terminal. The protection could go as far as vendors creating special device memory regions that get automatically reserved and wiped out for secure computing purposes, no third party programs allowed to touch it. Conversely, the banks would only accept terminals that had previously been registered, much the same way that they issue hardware tokens to their clients. Such virtual machines would not be patched the usual ineffective way, instead they could be less frequently updated and each update would be coordinated by the VM issuers.

Something like this might not totally eliminate Internet security risks, but it could rid us of many of the most common threats in a very simple way. This is achievable with virtualisation and it should be cheap to realise.

We know that Security and Convenience are often at odds, by pushing out security patches all the time software vendors are causing user fatigue, just look over the shoulder of every other user to see the number of updates pending their approval. So, the current security patching practice is clearly ineffective. With BYOD gaining traction, the situation is likely to worsen. I think a new radical approach may be a better answer to the growing pain that we are experiencing at the moment.

Leave a Reply

Your email address will not be published. Required fields are marked *