Application Virtualization and IT Security

July 4, 2009 by ADMIN

Share |

By Derek Crawford, Director of Sales Engineering at Tripwire

There are some interesting ramifications and questions out there around application virtualization.

From an IT Operations perspective it would seem there is a pretty powerful argument to virtualize and distribute applications like this rather than have to install and maintain them on every users PC or laptop.

For example you can create a virtual app (say Microsoft Outlook or a CRM client), put it on a network share and simply send out a link for the application executable to all your users (it is usually just a single file).

The application can be centrally maintained and updated, execution rights can be constrained via Active Directory rights, etc. and there is no host installation or client required at all, meaning you can maintain locked down desktops much easier since VMware’s new ThinApp virtualized apps runs in user mode only, no admin rights to the local system are required.

I’ve been playing around with ThinApp via their acquisition of Thinstall back on Jan 15th. It is quite an interesting tool for application virtualization and very powerful (once you get under the covers with it a bit).

On the surface it is very easy to create quick and small virtual applications but can stumble a bit on large complex applications like DB dependent apps, etc.

Learn More About Tripwire Here

From an IT security perspective there are few angles to consider though.. some good, some bad.

From the good perspective there is the fact that the virtualized apps run in user mode only and cannot exceed the security rights of the user running it nor can it damage the system it is running on since the virtual application is completely self contained. From the UG:

Because ThinApp runs in user mode, it has the same rights and permissions as any other application a specific user has. ThinApp cannot exceed the security rights of the user account it is running in because it has no device drivers or components running in kernel mode.

From the bad perspective since there is no installation or client required and everything the app may do is sandboxed, how will a system administrator know and react to the running of unauthorized or dangerous applications on their users systems?

What if a user gets a hold of someone’s virtualized FTP client app, runs it on their normally locked down system and copies some sensitive files to an external location?

Under normal circumstances they may not have had the rights to install an FTP client to their local machine but since ThinApp virtualized apps do not require any administrator rights to execute it suddenly becomes very simple to do something like this.

Believe me, building and distributing small apps like an FTP client is remarkably easy to do with ThinApp, many would be small enough to email for that matter.

I would be curious if there are any similiar or differing opinions out there on this?

Don’t get me wrong, I really like the idea of application virtualization and think it has some real tangible benefits once you get your hands around it.

I just wonder if there might be some potential security holes around it?

Learn More About V Wire

Derek Crawford is Director of Sales Engineering at Tripwire. who helps over 6,500 enterprises worldwide reduce security risk, attain compliance and increase operational efficiency across virtual and physical environments. With its industry leading configuration assessment and change auditing software solutions, IT organizations achieve and maintain configuration control. Tripwire is headquartered in Portland, Ore. with offices worldwide.

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.