Even though server virtualization continues to evolve, it seems like antivirus software for virtual infrastructures is stuck in the past.
Traditionally, to protect against malware and viruses, antivirus agents must be placed in each virtual machine (VM). It’s no secret that this model is plagued with problems. Antivirus scans are resource-intensive, and they can cripple host performance if multiple VMs perform scans at the same time. But don’t blame antivirus vendors for this archaic protection method.
“It’s primarily the fault of VMware,” said Eric Siebert, senior systems administrator for Boston Market and regular TechTarget contributor. “It took awhile for VMware to develop a framework that looks inside the VM.”
In theory, this arrangement should reduce host-resource utilization problems. Instead of several antivirus agents running full bore, the virtual appliance — acting as a centralized hub — eases the load on the host. (For a closer look at vShield Endpoint, stay tuned for our upcoming series on vShield.)
According to Seibert, Endpoint is great for virtual desktop infrastructure, which already has extra overhead inside each VM. By reducing host-resource demands, Endpoint can also increase VM-to-host ratios, he said.
So far, Trend Micro’s Deep Security is the only antivirus product that taps vShield Endpoint’s capabilities. In a recent study commissioned by the security vendor, Deep Security consistently drew lower CPU, memory and disk I/O, compared to traditional antivirus offerings from McAfee and Symantec. (Granted, it’s a vendor-sponsored survey.)
If anything, these antivirus developments show a promising future for a critically important, but stagnant technology. Perhaps antivirus software for virtualization is coming out of the Dark Ages.