With recent advances in computer technology, the use of virtual machines for different computing task has become very popular. A virtual machine (VM) is a software environment within a physical (“real”) machine (such as a computer or server) which provides isolation from each other for the working of programs and even operating systems, including the BIOS, the processor (CPU), the working memory, hard disk and peripherals. Thus, a working of the physical machine inside another physical machine is provided. Furthermore, if the virtual machine as well as the physical machine has its own operating system, this may be different from the operating system of the physical machine. On one physical machine, which is also known as the “host machine”, it is possible to create a virtual computer environment which serves several virtual machines at the same time. During operation, the virtual machines use the same computing resources of the host machine, which are controlled by a monitor of the virtual machines.
The monitor of the virtual machines, which is also known as a hypervisor, provides for the simultaneous and parallel working of the virtual machines deployed on the host machine, and also controls the computing resources of the host machine, allocating them among the virtual machines. Thus, the hypervisor assigns a definite quantity of resources to each virtual machine. Each VM then uses the assigned resources, both for the working of its own operating system and for the performance of user tasks. Moreover, the hypervisor may provide communication and interworking services for the virtual machines, such as network connections, as if they were different physical machines. Thus, it is possible to create a virtual local-area network on the host machine. The capabilities of the hypervisor also make it possible to impose various limitations on the virtual machines, such as a limitation on connecting to the Internet. In this case, a local-area network is formed that is isolated from the external network. For example, this allows one to ensure the security of such a network or the virtual machines, and the connection to the external network is done through the hypervisor or a specially dedicated VM. This variant is helpful for the creation of corporate networks whose virtual machines might hold confidential information.
Moreover, a virtual machine, like any other physical computer system, is also vulnerable to malicious software. Consequently, there is a need for an antivirus system to protect them. Such a problem may be solved by launching traditional antivirus software on each virtual machine. But at the same time, this approach also has a major shortcoming when realized in a virtual environment formed on a host machine. The shortcoming is due to the excessive utilization of the resources of the host machine, which may result in an overloading of the host machine or a prolonged freezing of the VM when performing tasks on VM data. This shortcoming is due to the fact that a situation may arise when the antivirus systems is checking a file that physically resides in the same sector of the hard disk of the host machine, e.g., the identical file is checked. Moreover, the hypervisor has another workload involving the providing of resources (such as processor and memory resources) for the working of the antivirus system on each VM. Yet another shortcoming lies in the fact that the antivirus system installed in the operating system of the virtual machine is a classical kind, and therefore it knows nothing about the hypervisor and it is unable to utilize the services of the virtual machine when necessary, for example, for carrying out the “rollback” function or for the creation of a picture of the file system.
An analysis of the prior art shows that the previous technologies are ineffective and in certain cases cannot be used.