Ensuring the security of computer networks and network connected devices is one of the grand challenges facing us today. The current state of affairs is very problematic, as our cyber-security infrastructure is routinely subverted by cyber criminals, resulting in great economic loss, invasion of privacy, and loss of productivity.
Certain web browsers have attempted to provide a level of security by isolating downloaded code. However, present approaches for doing so are fairly primitive in their ability to deal with the full gamut of security issues that arise during the course of a typical user's web experience. For example, the sandboxing capability of certain versions of Google's web browser does not address safety issues arising from downloaded browser plugins and various types of native executables, and therefore, possesses a vulnerability to a zero day exploit attack that via Adobe Flash or Microsoft Word.
Web browser vendors rely upon monetizing the web browsing habits of their users within their own business processes and with their industry partners. This monetization relies, at least in part, on data about users' browsing habits which is stored in the web cookies that are set and later provided to web servers during the course of web sessions. Companies such as Google and Microsoft have a great interest in learning as much as possible about a person's browsing habits and typically arrange the default privacy settings of web browsers to be advantageous to them, but less than optimal from a security and privacy standpoint. The default privacy settings causes web browsers to transfer large amounts of sensitive information from users' machines to Internet related businesses, such as Google, Microsoft, Apple, etc., thereby allowing such businesses to better monetize their customer base by offering appropriate products and services and serving targeted ads. These same settings, however, can be leveraged by malicious parties to exploit security vulnerabilities. While all web browsers provide some level of control to the sophisticated user to tune his or her web browser privacy settings, the vast majority of users never change the default settings.
According to some current approaches for enhancing the security of a computer, the computer runs multiple independent operating systems using multiple virtual machines (VMs) within the computer. Multiple virtual machines may be created using a hypervisor, such as from VMware of Palo Alto, Calif. or Virtual PC, available from Microsoft Corporation of Redmond, Wash. When client virtualization is used to achieve improved security, different VMs are used to run different types or classes of applications. For example, an operating system in one VM may be dedicated for accessing the corporate network that the user may be part of and running corporate applications (local and web). Another operating system in a second VM might be used by the user to run his or her personal programs and store personal documents. Finally, a different operating system in a third VM may be used for general web browsing on the wider Internet and running native executables that may have been downloaded from the Internet. An example of such a solution is XenClient, which is made by Citrix Systems of Ft Lauderdale, Fla.
This use of classical client virtualization suffers from several drawbacks. One drawback is that there is too much management overhead for the end-user. The end-user has the onus of making the decision as to what VM to use for each activity. Any mistake, intentional or accidental, may subvert the integrity of the system. While many safeguards can be added as a layer on top of the core virtualization technology to help prevent the user from making mistakes, this has not yet been demonstrated to work in a practical and robust fashion.
Another drawback is that any VM that is used for general web browsing is just as vulnerable to a security problem as any monolithic system running a single VM while accessing web sites on the general Internet. Therefore, it is quite likely that any VM dedicated to web browsing described in the arrangement above will be subverted by malware eventually. Any subsequent activities in that VM, then, will be compromised.
For these and other reasons, client virtualization has not been used widely to improve the security of computer systems.