How Bitdefender HVI protects virtual browsers

The Bitdefender Hypervisor Introspection (HVI) tool sits below the hypervisor and prevents any of these tactics such as buffer overflows, heap sprays, code injection and API hooking from executing, protecting the virtual browser from ever becoming compromised.

One of hackers’ preferred methods to compromise systems is through web browsers. Even most phishing e-mails direct users, through their browser, to surf over to a compromised site where malware begins its exploit. There are other methods of attack, but using the browser is one of the most effective because it provides a privileged window into a target system, or into a system that can later be used to launch attacks deeper into a connected network.

Recently, attacks against browsers have gotten even more efficient and insidious, utilizing memory attacks and avoiding the file systems that many antivirus programs monitor. Various associated browser plug-ins and extensions can also be exploited, or could be the basis of the attack itself.

The ubiquitous nature of web browsers, with every conceivable type of device having at least one, makes them especially difficult to manage, and IT teams struggle to ensure that thousands or even millions of systems and devices under their purview have the latest updates and patches. And that may not even slow down an advanced, targeted attack.

The concept of a virtual browser came into fashion a few years ago. The idea was that if organizations are creating virtual machines to become everything from desktop clients to file servers, why not do the same for browsers? If a virtual browser became compromised, then it could simply be destroyed and replaced with a new, clean version.

continue reading…