All of the above attacks focus on gaining access to the host machine. Once accomplished, an attacker has the ability to access all of the guest operating systems and applications being hosted.
So now let's look at application virtualization. Application virtualization focuses on virtualizing applications and the necessary operating system components for the app to function. While I think that the technology helpfully reduces the attack surface available to an attacker, many of the same attack and escape vectors will remain.
What we must be cautious of is falling into the same trap that many security professionals were caught in with virtual machines. Just because no exploits are currently available for virtualized applications, it does not mean one will not surface in the near future. Development of our architectures in such a fashion -- where our public and sensitive data is hosted on different host machines -- is necessary. The arrangement would prevent a compromise on a public system or the exposing of sensitive data from a virtualized application.
Dig Deeper on Virtualization security issues and threats
Related Q&A from John Strand
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks. Continue Reading
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign. Continue Reading
Expert John Strand reveals two exciting trends in antivirus software. Continue Reading