Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Are virtual desktops as vulnerable to malware attacks as PCs?

Administrators still need to worry about malware on virtual desktops, but common VDI configuration and management practices make them inherently more secure than PCs.

Virtual desktop vulnerability to malware varies depending on how organizations configure the desktops, but generally...

they are less prone to malware attacks than traditional PCs.

Virtual desktops are typically hardened to the greatest extent possible. This means if a user comes into contact with malware, the virtual desktop's security configuration would likely make it impossible for the malware to do any harm.

Still, administrators should equip the servers hosting the virtual desktops with antimalware software to prevent malware from penetrating there. Most thin client devices don't need malware protection, but PCs repurposed as thin clients run thick operating systems that could be vulnerable to attacks so those should have malware protection installed as well. Lastly, any Web browser installed on the virtual desktops should be configured to prevent unauthorized add-ins.

One of the main reasons virtual desktops are less prone to malware attacks than traditional desktop PCs is because it's easier to keep them up to date. Think about what it takes to patch and maintain a large number of physical PCs. In recent years, automated maintenance on PCs has become a lot more practical, but it's still anything but perfect. A desktop agent may malfunction. A user may override an impending reboot because she considers it to be disruptive. A number of things can make it more complicated for administrators to ensure they're properly maintaining their physical desktops. As a general rule, it is easier for admins to maintain virtual desktops, because they can change configurations and add updates via the golden image for several virtual desktops rather than updating physical desktops individually.

Finally, most of the virtual desktops in use today are nonpersistent. This means that the virtual desktops reset themselves to a pristine state at the end of each session. Several nonpersistent desktops are usually spun up from the same master image, but end users -- and any malware they run into -- can't affect that base image from their virtual desktop. If a nonpersistent virtual desktop became infected by malware, it would remove the malware at the end of the user's session when it resets.

Next Steps

Why federal agencies approve of VDI security

Guide to desktop monitoring tools

Some malware adapts to virtual machines

This was last published in December 2015

Dig Deeper on Virtual desktop management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you configure and manage virtual desktops to protect against malware attacks?
Cancel
The Sixth Flag uses cell structire security.
Cancel
Netwrix IT tools hould riven☺
Cancel

-ADS BY GOOGLE

SearchEnterpriseDesktop

SearchServerVirtualization

SearchCloudComputing

SearchConsumerization

SearchVMware

Close