The present disclosure relates generally to virtual computing systems, and more particularly to detecting malware in a virtual computing system.
Malware is a term that refers to malicious software. Malware includes software that is designed with malicious intent to cause intentional harm and/or bypass security measures. Examples of malware include viruses, worms, ransomware, spyware, adware, rootkits and so forth. Malware causes many issues for users. For example, malware may negatively affect the resources of a computing device, invade user privacy by stealing information, adversely affect computing device stability, and/or hijack a computing device for illegitimate purposes. In many instances, users may not even be aware of the presence of the malware.
Programs such as malware scanners are used to detect and remove malware. Malware scanners may detect malware by comparing memory-resident data stored on the computing device with malware signatures and identifying matches. Matches between malware signatures and memory-resident data may indicate the presence of malware.
Traditionally, malware scanning has not been performed on virtual machines because in many instances virtual machines are short lived. For example, virtual machines may exist to process one or more tasks, after which time the virtual machines may be shutdown. Accordingly, malware on a virtual machine may exist only for the lifetime of the virtual machine. Because a virtual machine and any malware on the virtual machine may exist for only a short time, a security issue on the virtual machine that is exploited by the malware may be less likely to be discovered. This security issue may be exploited on other virtual machine instances, such that the malware may be repeatedly used to attack the virtual environment.
Therefore, a need exists for systems and techniques to detect malware in a virtual environment. In particular, systems and methods that perform malware scanning of virtual machines without significantly impacting virtual machine performance would provide a valuable improvement over conventional systems. Thus, while existing malware detection systems have been generally adequate for some computing systems, the techniques described herein achieve malware detection in a virtual environment without significantly impacting virtual machine performance.