A thought on anti-virus as anti-bodies

Sooner or later the OS and the virtualization layer will become one and the same. They already perform the same function (brokering limited physical resources amongst multiple applications) and while virtualization is a huge step, it just adds overhead to the equation.

In the future, I think each app will have its own little blended OS/virtualization wrapper and it will be able to move around a cloud environment, using what it needs, but not dependent on any single physical piece of hardware. That presents a problem though of securing it against some of the bad stuff that is sure to affect these systems.

This came up in a conversation with a friend tonight who posed the question of applications that today, while they are not required, sit in a shared OS environment with the application...applications like anti-virus software. It's a good question and if the applications are going to be more self-contained, then I don't think it can be answered from a traditional application programming perspective. I think we have to look at the cloud as more akin to a living biological organism rather than a static collection of manufactured processes and compute systems.

And if that is the direction that the cloud takes, one where the location of an application is much more dynamic than in even a traditional virtual infrastructure, then we need a better way to provide these protective functions as part of the "organism". We need an immune system for the cloud.

The first line of defense is the "skin" encompassing your standard perimeter security items such as filters and firewalls. Other layers of defense would be needed if that first layer is breached, apps that act like white blood cells or anti-bodies. Let them flow through the cloud in search of the virus or malware or whatever bad thing is there and then they can go to work cleaning it up. Of course, we'll still have to inoculate and create new vaccines and we'll need the ability to introduce "cures" for the new "bugs" that show up, against which there is not an existing defense, just like with our own bodies.

I don't know that this "organism" model is where we will end up, but something like it should be our end goal. If not, then we'll ultimately end up confined by a great monolithic structure instead of an organic type of thing that can adapt, self-monitor, and heal itself, or that, at the first sign of new symptoms, can be quickly and effectively treated and innoculated against future outbreaks.

Just my two cents and it is still a little rough, but I think the premise is sound. Feel free to comment.

VDI and the trouble with anti-virus

I don't know if this is news to most folks but hopefully it will provide some understanding of the problem of running traditional anti-virus software in a virtual desktop environment. This comes from experience...

Anti-virus is a definite concern in Virtual Desktop Infrastructure (VDI) deployment and no one that I have found out here in the blogosphere or on the vendor sites recommends it (except for the AV vendors). The problem is the way AV functions in the virtual environment. The people that don’t believe it causes hang-ups don’t seem to understand what is going on in this environment.

In this environment, the desktop is, for all intensive purposes, generated from a single, pre-built image each time someone boots up. The problem with desktop AV is that whenever it comes online, it goes out to see if it is up to date. When a virtual desktop spawns from the image that includes AV, it is always whatever version you built into the image (let’s call it v3.0). So each time one or one-hundred virtual desktops are spawned, that v3.0 AV tries to “phone home” to see if it is up-to-date. Of course, it is not up-to-date because you built your image five months ago, so then it (and any other image that just spawned) starts pulling down all of the updates to get it up to the current rev of v3.8. By the way, in our non-persistent environment, as soon as I log that desktop off it is "destroyed" and all of those updates disappear so that when I bring up my next instance, I go right back to v3.0.

Now in a physical environment automatic updates are no big deal other than the fact that they may impact the Internet connection when they all try to suck those updates through the straw. In a virtual environment, all of those images reside on the storage system and so every one of those disks is spinning trying to make these virtual desktops appear to operate like a physical desktop and that’s when you get into trouble.

To date and from what I have seen, there is no AV solution for the virtual desktop that is analogous to what we have used in the physical desktop world. That is one reason why people deploy virtual desktops in a non-persistent manner: If I get a virus, no big deal. I’m going to destroy that entire desktop image and everything with it when I log out of it. What if it infects the files? There are AV solutions for the storage that can go and scrub everything on the storage system where we keep the user files and everything else.

So, all of that being said, the AV folks are furiously working on a solution that works here. Just keep this important element in mind as you move down the VDI path.