Skip to main content

Technology

Security Through Virtualization: Creating The Only Safe Internet Experience

The eSecurity Advisor

In the September issue of this magazine, Brent Goodfellow, in his column, talked
about virtualization and its general benefits such as running two operating
systems on the same machine (see www.CPATechAdvisor.com/go/1655). He talked
about how he was running a Windows XP virtual machine to support legacy software
while using Windows Vista on his main computer. I am glad that Brent introduced
this emerging technology because I’m going to focus on how to use this
technology to your advantage in the fight against viruses, Trojan horses, adware,
and other malware that’s circulating on the Internet. I’m going
to provide a specific way to use this technology to protect your organization
from this stuff.

As you know, we have focused over the past few months on several
types of malware that are causing issues for all types of users — JavaScript
hacking, web advertising attacks, and, in the break out box on this page, you
will find some details on a few new emerging threats.

For accountants, virtualization is a great tool for several reasons. Brent
covered several of them in his September column, but I want to highlight some
here, as well:

  • It allows us to run older versions of accounting software on the systems
    for which they were designed. As an example, if you still have your old DOS
    tax application around and want to run it, you could set up a virtual machine
    on your Windows Vista computer running DOS. Using the virtual machine with
    the DOS operating system will allow you to stay current while still running
    older applications.
  • It allows us to test things without breaking our main operating system (or
    junking it up with a bunch of software we are only using for a short period
    of time).
  • It allows us to protect our computers by setting up a virtual computer that,
    if corrupted with spyware, viruses or other malicious content, we can simply
    and quickly eliminate the corrupted copy and revert to a clean copy.
  • It allows us to go places on the Internet that we would not be likely to
    go under normal circumstances for fear of infecting a production computer.
    A virtual computer can easily be taken back to the previous point where we
    made an undo copy or a physical copy without having to reinstall the operating
    system or perform other time-consuming operations trying to remove whatever
    malware we ran across.

As this list shows, virtualization can become a real timesaver and problem
solver if you take the time to understand its benefits. This emerging technology
is certainly worth a look to see how it can benefit your organization. I will
provide a medium level overview of how this technology works and how you can
go about setting it up. With some practice and learning on your part, this technology
can become another tool in the accountant’s bag of tricks to help keep
office computers running trouble free.

Virtualization Summary
If you missed Brent’s article, here is a brief synopsis of virtualization
technology. Virtualization is using specialized software to run a guest operating
system (OS) on your computer that is separate from your primary operating system.
The virtual computer utilizes the same hardware as your primary operating system,
which is why it is called virtual. As Brent mentioned in his article, he recently
set up a system running Windows Vista as the main software operating system.
Using Microsoft’s Virtual PC 2007, he then set up a guest operating system
running Windows XP on the same computer. The guest operating system can be any
operating system including DOS; there are no limitations on what OS can be set
up in the guest operating system.

Resource Requirements
The resources required to run a virtual machine(s) are simply the sum of the
requirements necessary to run the host OS and the guest OS if they were running
on a separate computer. For example, Microsoft recommends at least 1GB of RAM
for Vista and 512MB of RAM for XP, so the system serving as the host for the
virtual machine will need at least 1.5GB of RAM in order to run both the host
and guest OS. All OS manufacturers publish their recommended requirements and
can be found on the respective company’s websites.

Virtualization of Your Internet Experience — The Setup
Assuming you have sufficient hardware resources to run a guest operating system
on the computer, the next step is to download your favorite virtualization software
from the Internet. I prefer Microsoft’s Virtual PC 2007 or Microsoft’s
Virtual Server 2005 R2 even though they are not as full featured as VMWare’s
products. I prefer them because they are free and because there are no licensing
fees after a trial period expires like the VMWare product. Once they are downloaded,
simply install the software on your system. After the installation, you’ll
want to spend a few minutes getting familiar with the product. Microsoft’s
Virtual PC is fairly intuitive. If you have ever set up a computer operating
system, the wizard-based configuration should be helpful to you in getting started.
If you have never installed a computer operating system, you might have some
additional challenges in using this solution because of the learning curve on
how to set up an operating system. Your IT person might need to assist with
the first few setups and then, after you have learned the process, you should
be able to complete the steps yourself.

Virtualization of Your Internet Experience — Using the Solution
Virtualization is the salvation for malware infections. If an employee gets
on a website that infects the virtual machine, then you can simply undo the
changes that have occurred in the OS since the start of that session or you
can erase the operating system and reinstall. Either way, the malware does not
impact the primary computer, and the user doesn’t get to browse on the
Internet for a few hours while they rebuild the virtual computer. One of the
nice aspects of launching your browser in this virtual machine is that you can
go to places on the Internet where you would never dare go with you primary
computer because you don’t want all the problems. Want to check out MySpace
or YouTube? Visit them using the virtual machine. Want to visit a phishing site
to see what it is like? Go ahead. Want to go to check out the latest drug advertising
junk e-mail you received? Copy the link into the virtual machine and browse
away. Once done, simply shut down the virtual machine and undo the changes or
reinstall the OS. This is the benefit of using this solution. You don’t
care anymore where your accountants go on the Internet because it will not affect
your network or the data on it (the virtual machine simply sits on top off the
guest OS and has Internet access). Note: The virtual machine is not part of
your domain network; it is simply a guest with limited access to programs on
the network.

Cautions
This solution provides the ability to hide where someone goes on the Internet
so if you have an Internet policy that precludes visiting gambling, pornography,
hate and other objectionable content, em-ployees using this solution could potentially
violate the policy without the employer having the ability to detect the violation.
The only way around this would be to install monitoring tools that monitor the
Internet requests and block offending sites even for users of the guest virtual
machine. The undo functionality (or ability to delete a virtual machine) could
make it difficult to substantiate inappropriate behavior. Additionally, viruses
could potentially utilize unpatched vulnerabilities on the host OS or the network
to infect other computers. Using the solution does improve things dramatically,
but it is not a 100 percent foolproof solution. You still need to take precautions.

Use IT!!
Many reasons support the use of this solution in your environment, the first
being that it eliminates the worries associated with employees infecting their
primary work computer with a virus or malware from the Internet where a data
breach occurs. If the accountant’s virtual machine gets malware, there
is no accounting data or other confidential information that could be compromised
or obtained by a thief. It can quickly and easily by replaced with a new fresh
copy.

While you may not know much about this emerging technology or want to know
much about it, it could be the difference between having a data breach and not
having one. It is only a matter of time before accounting organizations become
victims to data theft like other organizations have. Take the steps today to
prevent this from happening by learning this technology, and deploy it in your
environment. The computer security in your firm will improve dramatically when
you make all your employees use this technology to your security advantage.