Virtualisation a security threat?

Experts at security company McAfee have predicted that virtualisation will be a major area of concern for security threats next year.

McAfee told ZDNet Australia sister site ZDNet.co.uk that companies need to understand the risks, as well as the benefits, before implementing virtualisation technologies. The company has an interest in predicting virtualisation as an attack vector, as it sells a virtualisation security product.

"Virtualisation will radically change a lot of things," said David Marcus, security research manager for McAfee Avert Labs. "The ability to run inside a virtual layer gives you a God-like view of the shell and allows for certain detections, but it also allows for new attack vectors."

Marcus said that virtual layers can each be attacked, but that his real fear was seeing malware that could escape onto an operating system.

"A lot of malware has the ability to run in a virtual machine, work out it's in a virtual session, then completely shut down," said Marcus. "It's not a large jump to go from malware realising it's in a session to it jumping out."

Marcus also warned that VoIP, or Internet telephony, would also be a target in 2008.

"We think we'll end up seeing theft-of-service attacks, like old-style phreaking," said Marcus. "People will steal calls, divert calls and impersonate others."

McAfee also has a VoIP protection product.