Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/3/2010
02:11 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Open-Source OS Will Feature 'Disposable' Virtual Machines

Invisible Things Lab building secure OS that better locks down the VM environment

A new open-source operating system will come with the option of creating one-time, disposable virtual machines on the fly as a way to protect against malicious files.

Invisible Things Lab is creating these lightweight, throwaway VMs that work with traditional virtual machines in Qubes, the open-source, Xen-based OS it plans to release in beta later this summer. Qubes was architected to minimize the attack surface in the VM environment.

Disposable VMs don't provide persistent storage and are launched on a per-document basis to open a PDF, PowerPoint, or music or video file, for instance, according to Joanna Rutkowska, founder and CEO of Invisible Things Lab. They provide a safe sandbox for opening a file or attachment: If a file opened by a disposable VM is infected, the only thing it can hurt is the throwaway VM itself, not any other applications or files.

The disposable VM is clean, and its only purpose is for viewing the file, for instance; then it gets tossed away. "You still run your email client in a 'work' AppVM -- which is not disposable [because] you need to store your email client configuration, archived emails, your documents, etc. -- but you open attachments in disposable VMs," Rutkowska says.

Invisible Things Lab also plans to ultimately release a commercial version of the OS, Qubes Pro, that can run Windows applications using Windows-based application VMs.

"Our goal with Qubes is to make it usable not only by Linux geeks, but also by people like lawyers, doctors, businesspeople, and anybody who is concerned about potential compromise of their data," Rutkowska says. Making Qubes easy to use is one of our two main goals -- the other being exceptional security."

Rutkowska, who announced the disposable VM feature in a blog post this week, says the temporary VMs run under the Xen hypervisor in Qubes. Qubes' architecture helps prevent attacks where malware escapes from a VM and infects other applications or data.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .