I give up. You should too. It’s time to stop trying to secure users’ web browsers, and instead just throw them away. We can’t stop users from clicking on the wrong links or going to compromised websites. We can’t eliminate drive-by worm infections or block zero-day rootkits.
But thanks to virtualisation, we can flush them all away.
Look, right now a user’s browser is a threat magnet. To display fancy websites, the browser can’t just render HTML; it also has to run code, which may be designed to do nasty things to the PC underneath the browser. The browser also automatically downloads a wide variety of files, some of which can contain more malware. And as users spend even more time surfing Web 2.0, there will be even more chances to collect trouble.
Firewalls and antivirus software can block or kill some of it. But the bad guys keep getting more clever and more subtle. And more prolific — for example, Symantec says it now identifies new malware variations at the rate of nearly 1,200 per day.
Worse still, all that junk can hang around in the browser or PC until it’s forcibly removed. That’s if it canbe removed.
There’s one sure way to get rid of it: Throw away the PC. That’s expensive — at least, if you're actually throwing away the hardware. Or you can throw away just the software by reimaging the hard drive; no hardware cost there, but it still chews up time and manpower.
But what if users are working on a virtualised PC, or at least a virtualised browser? Then throwing it out is trivial. So is replacing it with a fresh, uncluttered, uninfected version. Virtual IT is built to be disposable.
OK, you’ve heard about this virtualisation magic before. But it seems too good to be true, it sounds complicated and expensive, and users will scream bloody murder if you take away their real PCs and web browsers.
There’s a good reason to take a close look at it now, though.
Last month at the DemoFall conference in San Diego, I saw two companies trotting out virtualisation products. One, Qumranet, was showing a system that lets users do self-provisioning of virtual PCs. The other, Check Point, had consumer software for virtualising web browsers. Products from other vendors can’t be far behind.
Qumranet’s Solid ICE is corporate software that should be out by the end of the year, and they won’t talk about pricing yet. But Check Point’s ZoneAlarm ForceField will retail for US$29.95 early next year for home users.
That’s not complicated and expensive. It’s cheap, and as a consumer product, it’s got to be easy.
Better still, it’s something users will accept. We know many of them won’t follow our security rules about where to go and what to do, and they can’t manage to keep their PCs and browsers clean of malware.
But they’ll happily buy into disposable IT. They live in a throwaway culture: Use it once and then toss it out. As long as it’s just like the real thing, virtualisation is a natural fit for them.
And for IT, virtualisation changes the security game. A virtual PC or browser can be defined and sandboxed. Then, no matter what users do with it, no matter how badly damaged it becomes or what junkware it collects, it can easily be dumped and replaced.
In fact, it should routinely be dumped — along with all the worms, viruses, spyware, keyloggers, rootkits and everything else it has collected.
Instead of spending endless, fruitless time trying to block or catch these browser-borne security threats, we can just throw them away and concentrate on all the other security problems we should be dealing with.
So give up. Usable virtualisation is finally arriving. Real PCs and web browsers will never be safe in the hands of real users. And the sooner we go virtual and start throwing them away, the better off we’ll be.