VMware Horizon Community
vmquestions0
Contributor
Contributor
‎03-05-2011 01:28 PM

Thin App - Virtualize IE question about security

Hi,

We have a group of users that do some online research, their computer are high risk because most of the time they get infected and we have to reimaged them very often or spend time troubleshooting issues.

We though about using VMWare View in order to give them a Virtual Desktop that will use a non-persistent disk so that the changes will not be saved when the computer was rebooted.

We are wondering though if we could make their experience a little better and instead virtualize IE in such a way that they could run it somewhere else (like a VM) and by the end of the day use something like non-persistent disk in order to avoid saving the changes. The goal will be make the this process as few intrusive as possible so something like they click on IE but the browser runs somewher else and the user computer is isolated from the threads...

I am not sure if something like this could be acomplished virtualizing IE with Think App, I would appreciate if someone with experience in this subject could answer this for me.

We have also though of using TS Remote App but I am not sure if we could acomplish want we want either.

Also any other suggestions in order to approach our scenario will be also welcome.

Thank you. 

0 Kudos
5 Replies
pbjork
VMware Employee
VMware Employee
‎03-06-2011 01:02 AM

ThinApp is not a security product but to use ThinApp to add one more layer of security and especially to browsers, is something that people are looking into / are doing. It will not be a bulletproof solution and you should not relay on ThinApp only in order to protect your clients.

Please have a look at this post and there find a study on the subject:

http://communities.vmware.com/blogs/thepeb/2011/01/20/using-application-virtualization-for-secure-br...

0 Kudos
vmquestions0
Contributor
Contributor
‎03-06-2011 07:06 AM

Thanks for the paper.

Here is what I have a problem understanding...

If IE runs on a VM then we have fewer things being executed on the local desktop that are related with the user internet browsing which will secure in some ways the local computer.

The point is that we could rebuild (revert snapshot, etc...) the server that runs the virtual instance of IE to clean up any potential infection, etc on a daily basis for example after hours.

I understand that we will not be bringing much security but at list we could harden a little bit more the security for these high risk users and also reduce the infection on their workstations.

But I think perhaps the best way to do it would be by using View and non-persistent virtual desktops that will not save changes once they are rebooted and have the users go through RDP to the workstation to do their job. 

I guess this is the only way to ensure that no infection, exploit, etc... is direclty executed on their workstations which there is no way to acomplish that with ThinkApp IE.

  

Does that make sense?  

0 Kudos
pbjork
VMware Employee
VMware Employee
‎03-07-2011 11:40 AM

Yes that makes sense. Running IE in a virtual machine, View/ACE or Workstation would probably be more secure than running it ThinApped.

0 Kudos
MateoF
Contributor
Contributor
‎10-20-2011 08:25 PM

This might relevant to readers of this post. Today, eEye Digital Security (a VMware TAP partner) released what they say is the industry's first/only security scanning solution for apps deployed via ThinApp. They did a blog post on it here - http://blog.eeye.com/general/virtual-app-scanning

They also released a free version of their product, which includes the ThinApp scanning - that's here -http://go.eeye.com/retinacscommunity

0 Kudos
bspikes
Contributor
Contributor
‎04-07-2013 12:18 AM

I've developed a new product to solve this Smiley Happy Check out the Spikes Browser (www.spikes.com), it's virtualized and delivered as a remote application to solve these web security challenges.

Feel free to email me directly at branden -at- spikes.com for info.

0 Kudos