Will Virtualization Protect Businesses from Botnet Infection?

Virtualization has been a growing trend in business computing over the last few years.  Companies are able to use virtualization to reduce costs and improve efficiency.  What started at the server level is also infiltrating desktop computing, with virtualized desktops now showing up in a lot of environments.

Another recent trend has been the appearance of botnets that have the ability to detect when they are being studied by security researchers.  Often this study is taking place using honey pots, which are fake systems set up by researchers to be deliberately infected with malware so that they can study its behaviour.

This has lead some security experts to predict that soon it will be common for botnets to actively look for the signs of a honey pot and either deactivate those systems, or perhaps even generate DDOS attacks against the researchers.

The CTO of database security firm Imperva, Amichai Shulman, suggests that “Most honeypot machines are based on a virtualization platform (most often VMWare). By detecting this attribute of the infected platform, malware developers will probably be able to detect most honeypots out there.”

The intersection of these two trends could have a positive outcome for businesses concerned about botnets infecting their corporate systems.  If botnets actually did begin shutting down when virtualization platforms were detected, then the use of virtual desktops could in itself prevent a botnet from becoming active.

As it stands now virtualizing desktops does offer some benefits for malware prevention.  Virtualized desktops will usually operate in a more locked down state than hardware-based desktop fleets.  This is not always because of poor administration of the hardware fleet, often it is more due to the administrative effort required to secure a hardware fleet making it more prone to exception or error than a centralized virtual desktop environment.

The rapid deployment capabilities of virtualized desktops also mean that any malware infections that do occur can be quickly dealt with by destroying that particular instance and provisioning a new one.

It will be interesting to see if botnets do continue along this trend of attempting to detect honey pot systems, and whether that does deliver an unintended benefit to businesses that are embracing desktop virtualization.