Video Screencast Help

Symantec Workspace Virtualization protection against virus and malware

Created: 07 Jan 2012 • Updated: 07 Jan 2012 | 2 comments

Hello to all the SWV community,

Can someone please explain how secure SWV is, regarding the protection it provides against virus and malware programs trying to run out of the isolation layer, and thus gain access to the underling os  ?

I have seen some comments and magazine review telling that the older version, formerly Altiris SVS,  was not meant to provide security,  compared to some competing sandbox solution, and malicious code can easily run outside of the baseline system.

This KB article

http://www.symantec.com/connect/blogs/does-virtual...

seems to confirm this, but it's old news.

 

Can someone tell if the latest versions of SWV are "vulnerable" to the above attacks, or new features like Layer Isolation

http://www.symantec.com/connect/articles/workspace...

 can solve the problem ? 

 

Regards

Comments 2 CommentsJump to latest comment

Colin Bragg's picture

The purpose of using Symantec Endpoint Virtualization is not one of security.  Applications are not isolated in the same sense as other competing products.  This however, allows our product to virtualize a much higher percentage of your application portfolio than those same competing products.

The benefits of virtualizing applications is in application management and delivery including:  application-to application compatible (e.g. run two applications of the same version side-by-side), per user delivery facilitating hot desking, ease of packaging, rollback to a known state, easy license managment etc.

Virtualized applications will appear to the operating system and other applications just like any other application and is therefore susceptible to the same attacks as a locally installed application.

Security should never be the main driver for virtualizing your applications and ANY virtualization solution should be used in conjunction with a security solution that's right for your organization such as those on offer by Symantec http://www.symantec.com/business/enterprise-security-solutions

EdT's picture

The one "benefit" of using an application in a virtual layer, is that if there is any suspicion that some corruption has occurred within the virtual layer, the entire application can be reset back to its original condition.  Clearly there is a dependency on your processes making sure that any virtual application is created in a virus free environment and is therefore known to be clean before deployment, but this is no different to any application packaging operation.

Nevertheless, for ultimate security, if you assume that NO virtualisation solution is any more secure than the base operating system, then you are unlikely to go wrong when designing your protection environment.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.