So much Drive-By Malware, so much to protect...
Ok, you've just made a monster investment in anti-malware. This was a big corporate contract for your company, Company X. You're already nervous about the stuff's inability to counter so much drive-by web malware. But this is a new version--a version whose latest updates turn so many PC's into bricks.
No, this hasn't happened to me, but if you've read the news this week, it happened to a lot of other company security staff using a common antivirus product whose update had a tragic lock-up problem.
Ya can't go without it, and in too many cases, you can't go WITH it. What might you do?
I think it's time to realize that no product stops all attacks. There are too many. Maybe it's best to separate the most risky behavior--network access and Internet cruising. If you have a spare laptop, keep the confidential info off it. Cruise at will and rebuild from time to time.
Oh! But you don't have a spare PC? Sure you do! Get one of the free virtualization computer managers. Run any OS that you're legally allowed to run. Read the documentation carefully.
Many managers have a feature that lets you isolate a session's changes, including virus/malware activity, to a separate file. If you like, simply refuse to merge session changes to your session file. If you have no such feature, Keep a copy of your virtual computer's file and copy it back over any virtual computer's file, one potential p0wned during your last stroll through the Internet's alleys.
Slash & Burn--have a disposable PC's configuration that you can lose w/o too much care. Slash & Burn--frustrate the attacker by giving him/her a highly variable target. That's my thesis.
I got some videos in email, from friends, or at least, their compromised email accounts. These would bonk my virtual machine, a clear sign something was wrong. Slash & Burn.
Most of you will point out growing hacker research into hacking the hypervisor through a vulnerable instance. Yup. That's possible. But! give those corporate users a virtual desktop with which they can stroll the internet, and maybe we can drop some physical desktop risks. Maybe not.
Something has to change. We're spending precious IT capital to protect the platform that has far less information than a server, yet whose compromise with a zero-day can cripple an entire Intranet.
What do you propose? Sure, maybe a knoppix cd that was given no storage on the physical phile system ?might? provide fast surfing w/o the overhead of a Virtualization manager.
One last thing, Virtualization managers have these tools that allow file transfer, IPC, clipboard integration, etc between the virtual and physical sessions. And as many of you will comment, the clever jpeg shared betwixt sessions will p0wn them both. If you implement your own Slash & Burn, beware of too much cross-session sharing. That video podcast? Ya, it's rigged to p0wn too. Ultimately, all PC's will need a slash & burn cycle.