Did you tell him I said, hey? -----Original Message----- From: Webster [mailto:[email protected]] Sent: Thursday, March 17, 2011 5:57 PM To: NT System Admin Issues Subject: RE: App-V (response from original product designer)
<quote> It depends... Never say never, but at a minimum, the chance of infection and the impact of any vulnerability are greatly reduced by virtualizing the application with App-V. Only executables within the package have a chance to alter any bits in the streamed package. So if you package up Excel by itself, no email or browser can mess with it. As email, web browsing, and running an executable that you downloaded are the three most likely sources of infection, none of these can get there, except if you run an infected XLS file that you received. Starting with App-V 4.6, you can make the executable components you are concerned with getting altered read only inside the package. Originally App-V made all files inside the package writable in order to solve problems with apps written assuming users have power or admin privileges. Now, you have the option of enabling permissions on those files. If a file is changed, the file is captured and isolated to the user PKG. So something in your Excel package can't affect other apps on the system, or in a TS case, other users of Excel on the same system. The name we gave the isolation component, SystemGuard, came from our thinking about this in the sense of anti-virus when we developed the product 10 years ago. Fortunately, we were smart enough to realize that this wasn't as good as AV software and threw the Marketing people off from advertising it as such, but it is a significant advantage to fighting malware, even in combination with AV which uses a pattern match for known things. I hope this answers the query. Tim Mangan Founder, TMurgent Technologies [email protected] President, Virtualization Boston User Group Microsoft MVP and Citrix CTP </quote> > -----Original Message----- > From: Rankin, James R [mailto:[email protected]] > Subject: App-V > > Is an App-V streamed application, say, Excel 2000, still vulnerable to > exploitation in the same way as a traditionally-installed app? Or does > the streaming somehow insulate the process? My gut instinct says it > can still be > exploited, maybe someone can provide a little irrefutable clarity. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
