Quantcast

Protection against new cyber threats: full vs. micro-virtualization

E-mails with broken links, unpatched applications and missing system or software updates carry a great potential for danger. To gain access to a computer, hackers sometimes only need surfing employees on the Internet, because: The biggest weakness of any IT security architecture is the browser.

The main gateway for cybercriminals is active website content written in languages such as JavaScript, Java, Flash and HTML5. Hackers can use these application programming interfaces to gain access to the user's PC and take control of the user environment. The problem is that the malware is executed just by loading the website – without the user having to click any links or open any files.

Better security through virtualization

Unfortunately, traditional security tools such as antivirus software provide very limited protection due to the many unknown viruses that can easily break through the barriers of such programs. However, an innovative solution known as "virtualization" now offers effective protection. This state-of-the-art security approach eliminates this security vulnerability with a "digital" quarantine: viruses are isolated before they can be executed.

The hardware-based component is extended by creating virtual, software-based "surfing environments". This establishes an additional connection and execution layer. Instead of detecting malicious code like antivirus programs do, the effects of malicious code are prevented from the start by isolating all potentially hazardous activities inside an isolated virtual browser. In most cases, the isolated browser is separate from the user equipment, thereby reducing the attack surface for attacks from the Internet. There are two types of virtualization: full virtualization and micro-virtualization.

Micro-virtualization is not enough

In the approach known as "micro-virtualization", a specific operating system runs on the computer – typically Windows – with a specific kernel version. Protection against malware is implemented directly at the endpoint using hardware-isolated micro-VMs. In many cases, however, the virtualization software provider only supports very specific kernel versions, limiting the user's choice.

Here lies one of the key problems of micro-virtualization. It is not based on a separate operating system. Instead, it is tightly interwoven with the existing operating system so all activities take place within the same kernel. And the same Windows programs are used. This means that at least one kernel and an optional number of other components are shared with the host system. Although this makes micro-virtualization more economical than full virtualization and requires less computer memory, it does not plug all of the security holes. In fact, if the kernel becomes infected with malware, then all of the micro-VMs will be infected too. Since almost 90 % of all attacks are Windows-based, flaws in this operating system – known defects, bugs, etc. – represent a high risk factor. Other operating systems such as Linux have substantially minimized such risks. Targeted attacks are therefore practically inevitable.

Solutions based on micro-virtualization only offer a reduced level of security and are exposed to heightened risks due to their dependence on the host operating system (Windows) with its vulnerabilities. 

No half measures: full virtualization

Fully virtualized surfing environments offer better protection against external attackers thanks to complete network isolation. The operating system where the virtualization software runs cannot be damaged by attacks. In the case of full virtualization, all work takes place in an isolated environment separate from the client's host operating system and the intranet. The operating system and browser never have direct access to the hardware. Instead, they only access the virtual environment, which serves as a security barrier. Any viruses, trojans, etc. that manage to penetrate remain in this closed environment and cannot spread to the computer or the local area network. Attacks on the Windows host system simply go nowhere – regardless of the nature of the attack. The browser is always restarted in a virus-free state. This approach is also used in micro-virtualization, but here any threats that manage to penetrate the kernel cannot be removed – an infected restart can occur.

By isolating the intranet, malicious code is unable to penetrate the local area network, e.g. even in the event of an attack resulting from unintentionally downloaded malware. And malicious software such as ransomware and macro viruses cannot establish a connection to the Internet in order to download the actual malware. Another benefit is that full virtualization supports a wide range of operating systems so that other guest systems can be allowed. A full-fledged separate operating system can be implemented by running a hypervisor on the host system. This method can be used, for example, to switch the browser to Linux. Since only two percent of attacks are on the Linux system, it has substantially fewer vulnerabilities than Windows.

Conclusion

New threats call for state-of-the-art, progressive solutions. However, micro-virtualization does not go far enough. Although micro-virtualization is more economical and requires very little computer memory, a comprehensive solution is needed. To to properly plug all of the security holes, a comprehensive solution like Browser in the Box is needed. 

Find out more about Browser in the Box
 

Call Back