Q: Do I need to run antivirus software in my virtual desktop infrastructure (VDI) OS images?
June 16, 2011
A: The answer will very much depend on the type of virtual machine (VM). The question of antivirus or any malware protection is really based around the extra load malware protection places on the environment, plus licensing costs of the malware protection clients.
There are two types of client VM used in VDI infrastructures: persistent and non-persistent. Persistent VMs are created and used for a prolonged period and not recreated frequently. These persistent VMs can be used as part of a pool shared between users, or a VM can be assigned to a particular user, but because the OS within the VM has a long lifetime, you need to treat it like a typical desktop. Therefore, it needs standard protection, including anti-virus software.
Non-persistent VMs are typically the more debated type of VM. With a non-persistent VM, the client OS is typically created as the user needs it for a session and then deleted when the user logs off. Often the argument is, why bother with antivirus on these OS instances? Even if the OS gets a virus, it'll be wiped out on logoff, and any damage to the OS will be undone.
You need to consider what viruses do today, however. In their early days, viruses wanted to be known and notoriety was sought by writers—the actual damage done by them was normally fairly minimal. Today, most viruses are out to make money be grabbing credit card details and passwords and then replicating out to other machines. This damage—stealing information—is done when the virus is installed, so even though the installation of the virus would be wiped when the VM is reset, the damage has already been done. This is why, in my opinion, you should have antivirus protection on any OS instance, even if it will only exist for a short time. It takes less than a second for a virus to do its damage.
I would stress caution, however, as to which anti-virus solution you use and which heuristics are enabled. Some antivirus solutions can use large amounts of CPU resources, and they can adversely affect the performance of your VDI implementation, so research and testing are critical.
There are VDI-specific anti-virus solutions that actually run a very small piece of in-memory code in the client VM to reduce footprint, and a larger scan on the actual parent partition (with Hyper-V) of the file based resources such as this one, from McAfee, and this one, from Trend Micro.
About the Author
You May Also Like