Security Through Virtualization: Creating The Only Safe Internet Experience

In the September issue of this magazine, Brent Goodfellow, in his column, talked about virtualization and its general benefits such as running two operating systems on the same machine (see He talked about how he was running a Windows XP virtual machine to support legacy software while using Windows Vista on his main computer. I am glad that Brent introduced this emerging technology because I’m going to focus on how to use this technology to your advantage in the fight against viruses, Trojan horses, adware, and other malware that’s circulating on the Internet. I’m going to provide a specific way to use this technology to protect your organization from this stuff.

As you know, we have focused over the past few months on several types of malware that are causing issues for all types of users — JavaScript hacking, web advertising attacks, and, in the break out box on this page, you will find some details on a few new emerging threats.

For accountants, virtualization is a great tool for several reasons. Brent covered several of them in his September column, but I want to highlight some here, as well:

  • It allows us to run older versions of accounting software on the systems for which they were designed. As an example, if you still have your old DOS tax application around and want to run it, you could set up a virtual machine on your Windows Vista computer running DOS. Using the virtual machine with the DOS operating system will allow you to stay current while still running older applications.
  • It allows us to test things without breaking our main operating system (or junking it up with a bunch of software we are only using for a short period of time).
  • It allows us to protect our computers by setting up a virtual computer that, if corrupted with spyware, viruses or other malicious content, we can simply and quickly eliminate the corrupted copy and revert to a clean copy.
  • It allows us to go places on the Internet that we would not be likely to go under normal circumstances for fear of infecting a production computer. A virtual computer can easily be taken back to the previous point where we made an undo copy or a physical copy without having to reinstall the operating system or perform other time-consuming operations trying to remove whatever malware we ran across.

As this list shows, virtualization can become a real timesaver and problem solver if you take the time to understand its benefits. This emerging technology is certainly worth a look to see how it can benefit your organization. I will provide a medium level overview of how this technology works and how you can go about setting it up. With some practice and learning on your part, this technology can become another tool in the accountant’s bag of tricks to help keep office computers running trouble free.

Virtualization Summary
If you missed Brent’s article, here is a brief synopsis of virtualization technology. Virtualization is using specialized software to run a guest operating system (OS) on your computer that is separate from your primary operating system. The virtual computer utilizes the same hardware as your primary operating system, which is why it is called virtual. As Brent mentioned in his article, he recently set up a system running Windows Vista as the main software operating system. Using Microsoft’s Virtual PC 2007, he then set up a guest operating system running Windows XP on the same computer. The guest operating system can be any operating system including DOS; there are no limitations on what OS can be set up in the guest operating system.

Resource Requirements
The resources required to run a virtual machine(s) are simply the sum of the requirements necessary to run the host OS and the guest OS if they were running on a separate computer. For example, Microsoft recommends at least 1GB of RAM for Vista and 512MB of RAM for XP, so the system serving as the host for the virtual machine will need at least 1.5GB of RAM in order to run both the host and guest OS. All OS manufacturers publish their recommended requirements and can be found on the respective company’s websites.

Virtualization of Your Internet Experience — The Setup
Assuming you have sufficient hardware resources to run a guest operating system on the computer, the next step is to download your favorite virtualization software from the Internet. I prefer Microsoft’s Virtual PC 2007 or Microsoft’s Virtual Server 2005 R2 even though they are not as full featured as VMWare’s products. I prefer them because they are free and because there are no licensing fees after a trial period expires like the VMWare product. Once they are downloaded, simply install the software on your system. After the installation, you’ll want to spend a few minutes getting familiar with the product. Microsoft’s Virtual PC is fairly intuitive. If you have ever set up a computer operating system, the wizard-based configuration should be helpful to you in getting started. If you have never installed a computer operating system, you might have some additional challenges in using this solution because of the learning curve on how to set up an operating system. Your IT person might need to assist with the first few setups and then, after you have learned the process, you should be able to complete the steps yourself.

Virtualization of Your Internet Experience — Using the Solution
Virtualization is the salvation for malware infections. If an employee gets on a website that infects the virtual machine, then you can simply undo the changes that have occurred in the OS since the start of that session or you can erase the operating system and reinstall. Either way, the malware does not impact the primary computer, and the user doesn’t get to browse on the Internet for a few hours while they rebuild the virtual computer. One of the nice aspects of launching your browser in this virtual machine is that you can go to places on the Internet where you would never dare go with you primary computer because you don’t want all the problems. Want to check out MySpace or YouTube? Visit them using the virtual machine. Want to visit a phishing site to see what it is like? Go ahead. Want to go to check out the latest drug advertising junk e-mail you received? Copy the link into the virtual machine and browse away. Once done, simply shut down the virtual machine and undo the changes or reinstall the OS. This is the benefit of using this solution. You don’t care anymore where your accountants go on the Internet because it will not affect your network or the data on it (the virtual machine simply sits on top off the guest OS and has Internet access). Note: The virtual machine is not part of your domain network; it is simply a guest with limited access to programs on the network.

This solution provides the ability to hide where someone goes on the Internet so if you have an Internet policy that precludes visiting gambling, pornography, hate and other objectionable content, em-ployees using this solution could potentially violate the policy without the employer having the ability to detect the violation. The only way around this would be to install monitoring tools that monitor the Internet requests and block offending sites even for users of the guest virtual machine. The undo functionality (or ability to delete a virtual machine) could make it difficult to substantiate inappropriate behavior. Additionally, viruses could potentially utilize unpatched vulnerabilities on the host OS or the network to infect other computers. Using the solution does improve things dramatically, but it is not a 100 percent foolproof solution. You still need to take precautions.

Use IT!!
Many reasons support the use of this solution in your environment, the first being that it eliminates the worries associated with employees infecting their primary work computer with a virus or malware from the Internet where a data breach occurs. If the accountant’s virtual machine gets malware, there is no accounting data or other confidential information that could be compromised or obtained by a thief. It can quickly and easily by replaced with a new fresh copy.

While you may not know much about this emerging technology or want to know much about it, it could be the difference between having a data breach and not having one. It is only a matter of time before accounting organizations become victims to data theft like other organizations have. Take the steps today to prevent this from happening by learning this technology, and deploy it in your environment. The computer security in your firm will improve dramatically when you make all your employees use this technology to your security advantage.