截屏视频帮助

Symantec Workspace Virtualization protection against virus and malware

创建时间: 07 1 月 2012 • Updated: 07 1 月 2012 | 2 条评论

Hello to all the SWV community,

Can someone please explain how secure SWV is, regarding the protection it provides against virus and malware programs trying to run out of the isolation layer, and thus gain access to the underling os  ?

I have seen some comments and magazine review telling that the older version, formerly Altiris SVS,  was not meant to provide security,  compared to some competing sandbox solution, and malicious code can easily run outside of the baseline system.

This KB article

http://www.symantec.com/connect/blogs/does-virtual...

seems to confirm this, but it's old news.

Can someone tell if the latest versions of SWV are "vulnerable" to the above attacks, or new features like Layer Isolation

http://www.symantec.com/connect/articles/workspace...

 can solve the problem ? 

Regards

评论 条评论跳转至最新评论

Colin Bragg 的图片

The purpose of using Symantec Endpoint Virtualization is not one of security.  Applications are not isolated in the same sense as other competing products.  This however, allows our product to virtualize a much higher percentage of your application portfolio than those same competing products.

The benefits of virtualizing applications is in application management and delivery including:  application-to application compatible (e.g. run two applications of the same version side-by-side), per user delivery facilitating hot desking, ease of packaging, rollback to a known state, easy license managment etc.

Virtualized applications will appear to the operating system and other applications just like any other application and is therefore susceptible to the same attacks as a locally installed application.

Security should never be the main driver for virtualizing your applications and ANY virtualization solution should be used in conjunction with a security solution that's right for your organization such as those on offer by Symantec http://www.symantec.com/business/enterprise-security-solutions

EdT 的图片

The one "benefit" of using an application in a virtual layer, is that if there is any suspicion that some corruption has occurred within the virtual layer, the entire application can be reset back to its original condition.  Clearly there is a dependency on your processes making sure that any virtual application is created in a virus free environment and is therefore known to be clean before deployment, but this is no different to any application packaging operation.

Nevertheless, for ultimate security, if you assume that NO virtualisation solution is any more secure than the base operating system, then you are unlikely to go wrong when designing your protection environment.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.