In the first part of this XenClient CTO blog series (/blogs/?p=174194383), I discussed how the evolution of the traditional computing model led to the sharing of hardware and software resources. Without a doubt, sharing of hardware and software resources is the root cause of various forms of malicious computer security threats and malware attacks, to list a few:
- The browser spyware mess that was created once every computer programmer, despite their intentions, were able to intercept, read, and modify all of Internet Explorer ActiveX browsing component activities.
- The operating system kernel protection dilemma in existence today as rootkits can directly manipulate core system objects.
- The system boot persistent threats problem with malware able to infect the Master Boot Record (MBR) requiring a cold boot of the hardware system from a different clean media for possible repair.
- The firmware security dilemma as malicious, persistent threats infect the main system BIOS or I/O device firmware, forcing the malware code to load and gain control prior to the OS.
Enforcing certain levels of access control became mandatory to control access to shared hardware and software system resources. But in reality this was not sufficient by itself to address the known challenges for various reasons:
- Lack of standardization across the industry for the definition, deployment and exchange of those access control rules. This results in a large manageability challenge across the industry.
- The number and complexity of the access rules had a big impact on operating system and application performance and stability in a very non-predictable way.
- The absence of a trusted authority or organization which would establish the rules for commonly known access cases and problems across the industry
- It is not possible to trap on the access of key hardware resources including memory, keyboard and display. This results in various types of malware attacks that can’t be prevented such as key loggers, screen capturers and memory persistent hidden malware.
Interestingly but not surprisingly enough, the original PC architecture assumed a single, active computing experience per device. This means that you cannot load and run more than one operating system at a time on any device. The simple solution for this was supporting multi-OS booting by giving the user the option to install multiple operating systems and have them choose the one they preferred at system boot time. Unfortunately, those capabilities were permitted without any level of security measurement, verification, or checking of the authenticity of the installed operating systems. This architectural facility allowed malware authors to install hidden tiny operating systems that could take control of a user’s environment prior to booting of the user’s regular operating system.
As the number of vendors publishing software increased greatly and the number of malware generated for the PC increased exponentially, it become almost impossible to distinguish between installation of a legitimate application and a malicious application. Moreover, the lake of moderation of software components installed on personal computers created numerous system security and availability challenges as explained above. In the next part of this blog series, I will discuss how system virtualization with XenClient helps to address these security challenges for IT.
Join the conversation by connecting with the Citrix XenClient team online!
- Visit the XenClient product page
- Follow us on Twitter
- Like us on Facebook
- Visit our XenClient Technical Forum
About the author:
Ahmed Sallam drives technology and product strategy working with ecosystem partners for Citrix XenClient and the emerging client devices virtualization market. Prior to Citrix, he was CTO and chief architect of advanced technology at McAfee, now part of Intel Corp. He was co-inventor and architect of DeepSAFE, co-developed with Intel Labs, and co-designer of VMware’s VMM CPU security technology known as VMsafe. Prior to McAfee, Ahmed was a senior architect with Nokia’s security division and a principal engineer at Symantec. He holds 17 issued patents and has more than 40 pending patent applications. He earned a bachelor’s degree in computer science and automatic control from the University of Alexandria.
Follow Ahmed on twitter: https://twitter.com/ahmedsallam
Check Ahmed public profile: www.linkedin.com/in/ahmedsallam