University of Twente Student Theses
Effciently protecting virtualized desktop infrastructures against malware : Performance comparison between traditional- and centralized antivirus
Huijgen, Arris (2013) Effciently protecting virtualized desktop infrastructures against malware : Performance comparison between traditional- and centralized antivirus.
![[img]](http://essay.utwente.nl/style/images/fileicons/application_pdf.png) |
PDF
3MB |
| Abstract: | The cloud is getting increasingly popular and also desktops are migrated to the cloud which are called Hosted Virtual Desktops (HVDs). Because virtualization makes hardware resources very exible, it is often used to build a cloud platform. These desktops also need to be protected against malware. Virtualization software provider VMware added capabilities to its corporate product to provide antivirus protection from outside the Virtual Machine (VM) using its vShield module. Several antivirus vendors including Trend Micro developed antivirus software making use of this module. Because no comparisons have been done yet between traditional antivirus and antivirus software making making use of virtualization, research has been conducted compar- ing Trend Micro's traditional antivirus software Worry-Free Business Security (WFBS) with its vShield-compatible antivirus software called Deep Security (DS). This research showed that despite self-protection measures it is relatively easy to disable or remove the DS antivirus software inside the HVD without being detected. Moreover, it turned out that in this small environment simulating 10 HVDs, the performance of WFBS is much better compared to DS while DS also used much more resources. This is a remark- able result as DS is specifically aimed for virtualized environments and can therefore be expected to perform better than the traditional WFBS antivirus software. During the test it turned out that WFBS uses the full CPU of the VM while DS uses its dedicated antivirus VM to scan the files leaving the test VM in an idle state which has performance advantages for the processes running inside the VM. Furthermore, due to DS's usage of a dedicated VM and several additional VMs that are required to use this software, the memory load of DS is much higher compared to WFBS. It should however be taken into account that in a large-scale environment, DS might perform much better as it is aware of the virtualization. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/63393 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page