Microsoft Research has recently developed a system, known as Project Freta, that can scan the cloud for malware. A prototype has since been launched for public use.
Virtual machines (VMs) are software versions of computers that run via the cloud. They mimic how PCs run operating systems such as Linux or Windows, and many can run on a single piece of hardware at one time. This has led to the concurrent use of VMs in cloud environments, creating a challenge for systems administrators who would like security in the fact that there is no malware running.
Cloud management tools have fought the issue by scanning the VMs for malware, but this usually requires supporting software. This can be time-consuming and can also alert the malware that it is currently a target.
Microsoft Research developed Project Freta to completely separate what is known as the security plane from the computing plane. It scans large numbers of VMs without being noticed by malware, using a scanning mechanism that doesn’t touch the VMs memory.
After scanning the VM memory without running anything on it, Project Freta learns the system objects being held by the VM using a live in-memory snapshot of the Linux system, looking for processes, in-memory files, kernel modules and more.
In a blog announcing the project, Microsoft said that the system can detect toolkits and other advanced malware. It processes numerous VMs in short order and can fingerprint operating systems from memory image. Linux was the first operating system to be scanned. “With Linux behind us, Windows support is on our roadmap,” the company said.
Admins have the ability to test the project by linking their Azure accounts to the portal. However, Microsoft is currently holding back extra functionality that enables it to copy memory from live VMs to an offline analysis environment. By doing this, it should scale more than 10,000 VMs at once.