X
Business
Home Business Enterprise Software

Desktop virtualization - where should the anti-virus run?

Let's for a moment visualize a virtualized desktop environment. An operating system offering a type 2 hypervisor is acting as the primary operating system in a desktop virtualization implementation.
Written by Dan Kusnetzky, Contributor

Let's for a moment visualize a virtualized desktop environment. An operating system offering a type 2 hypervisor is acting as the primary operating system in a desktop virtualization implementation. This could be Linux sporting Xen or KVM. It could be Windows running something like Parallels or Virtual PC. It could be Mac OS running Fusion or Parallels. One person could be using the resources of all of these virtual machines or it could be an environment for a workgroup. The key question is where should the anti-virus software run and why?

One thought would be that the primary operating system should be set up to protect all of the others. This, of course, is unlikely to really work due to the level of isolation the guest operating systems have from the primary operating system. It is likely that a person using one of the guests could still find a way to get into trouble.

Another thought would be to install the anti-virus software on each of the guest operating systems. This approach is problematic as well. While the guests might be well protected, the primary operating system still could become infected and then infect all of the guest operating systems from the inside.  Another problem would be the load this could place on the physical system when all of the guests decide that they want to scan for virsuses at the same time.

A third thought is to run virus protection in both the primary and all of the guest operating systems. This approach leads to problems of its own. Just how many copies of virus protection software must the organization acquire to support its IT infrastructure. This approach seems to maximize the number of copies of software that would be required. This seems contrary to the goal of consolidating to achieve greater efficiency.

Some desktop virtualization suppliers, such as Neocleus, suggest that it is wise to consider using a type1 hypervisor to prevent people from logging into the primary operating system and causing the problems seen in examples 2 and 3.

What's your view? What do you think would be the best approach?

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close