Jack asked: Does the virtualization of a Web browser such as Internet Explorer or Firefox prevent a virus infection? For example, if one were browsing the Web with an SVS installation of Firefox and encountered a virus, could that spread to the baseline system, or does the sandbox effect extend to the system memory as well as the file system?
Hello Jack. Thanks for the question.
If malware launches from a virtualized application, SVS will track that as part of the process tree and capture what it does. When the layer is reset, the malware will be removed from the local hard drive. So SVS does prevent malware from permanently altering the app that launched it.
Note: The malware still has an opportunity to run and to perhaps do some damage across the wire. So this should be considered an additional layer of protection, not a replacement for anti-virus products!
Also, a caveat on this: There are several ways in Windows to launch a process that is not tracked as part of the parent process tree. If a piece of malware does this, it could write outside the source layer (to the base or to other layers). SO, it's very important to understand that Altiris is NOT positioning this release of SVS as a security solution!
Our Altiris Protect product (based on the same core technology as SVS) is the solution for isolating everything that is not in a Virtual Software Package (VSP). That is, for maintaining the state and integrity of the base. In the next release of Protect and SVS, you will be able to deploy them together. Then you will have a comprehensive solution, regardless of how the malware runs or where it writes to. At that time, we will be talking about the security benefits.