Desktop virtualization has made rapid progress in recent months, and applications like Parallels and VMPlayer have become recognized consumer products. The advantages of running desktop virtualization on PCs enables organizations and individuals to have many isolated different environments running on a single desktop. For example, developers would not need to have separate PCs for every code base that they use for development as these could exist as separate virtual machines on a single host PC. Another example is the growth of home-working, where many employees use their home PC to connect via virtual private networks to work.

However, by using virtual desktop technology, these users would be able to operate separate, isolated virtual environments. The advantage of this would be that the employee could implement updates and policies, making a non-company desktop appear as a standard desktop. This has the advantage of making the management of remote home-workers simpler as well as more secure.

According to Microsoft, the reason it has not changed its position, or to be exact, reverted back to its original position, is that these virtualization technologies represent a security threat, and home users are ill-equipped to deal with this new threat.

These threats come in the form of new rootkit malware called Blue Pill. Rootkit malware is the term used to describe a set of software tools that conceal the execution of programs, data and files from the host operating system.

Traditionally, rootkits were used in benign applications, but have recently been found in malware, where they help intruders to maintain access without being detected; examples have been found as drivers, or even part of operating system kernel modules. Blue Pill is the codename for a somewhat controversial rootkit based on virtualization technology that targets specifically the Vista operating system. Blue Pill reportedly uses the new AMD V and Intel VT Pro virtualization technology.

By using these new chip sets, Blue Pill is able to trap a running instance of the operating system into a virtual machine, which would then act as a hypervisor, giving it complete control of the computer hardware. These claims are disputed by the manufacturers, and to date there have been no reported instances of occasions where virtualized environments have been compromised. However, given the fact that these programs remain 100% undetectable – because any attempt to discover them could be fooled by the hypervisor – only adds to a sense of uncertainty.

Security is a concern in the virtual world, but we have not found any evidence to support the Blue Pill scenario. However, software-based hypervisors represent a potential target for hackers, and advances in the hardware are likely to lead to a reduction in the potential for malware to be created to attack the virtual machines.

Source: OpinionWire by Butler Group (www.butlergroup.com)