Grafvision - Fotolia

Do you need malware protection on a VDI thin client?

There are plenty of options for VDI thin client devices out there, and most are safe to use without antimalware software. Learn which thin client needs extra protection and why.

Most thin client devices don't require malware protection, but PCs repurposed as thin clients do.

There is a huge variety of VDI thin client hardware on the market, and these devices have widely varying capabilities, but as a general rule thin clients are not extremely susceptible to malware. It's usually not worth an administrator's effort to add malware protection to these machines.

However, some organizations repurpose old desktop PCs for use as thin clients, and admins should add malware protection on those. Repurposed PCs often run a desktop operating system with a hardened security configuration and connect directly to a virtual desktop session. These devices are configured not to run software locally, but it is still technically possible for malware to infect a repurposed desktop. Malware on these types of thin client devices can also attack hardware redirection or hardware drivers, which might, for example, inject a key logger onto the device.

Of course, many organizations use traditional thin client hardware from vendors such as Dell Wyse and HP Inc., which typically consist of little more than a small plastic case with ports for the keyboard, mouse, monitor, network and power supply. These types of devices do technically contain an operating system, but the OS is designed to have an extremely minimal footprint and is not easily exposed to or exploited by malware. Most organizations do little, if anything, to protect the OS on traditional VDI thin client devices.

If they really need to, administrators can gain root level access to a thin client's OS and install antimalware software if the device has sufficient capacity. In most cases, repurposed PCs with a thick operating system are the only type of thin client that admins can add antimalware protection to.

By and large, thin clients don't really need malware protection because the odds of malware being able to reach and infect them are very low.

Next Steps

Guide to choosing and managing thin clients

Test your knowledge of VDI hardware

Use Citrix XenClient to change a PC to a thin client

The basics of mobile thin clients

Dig Deeper on Virtual desktop management