Tag Archives: vOS

ThinApp Security Concerns

Since I blogged ThinApp – Licensing Issues – Ethics do not ship with the code I have been thinking about the security aspects of VMware ThinApp and similar virtualization technologies such as Microsoft App-V.

I came up with a set of questions to which I searched for some answers:

  1. ThinApp creates a self contained application within its Bubble. Is it possible for this Bubble to contain a Virus, RootKit, or Worm that could then infect the system on which it runs?
  2. ThinApp contains a set of libraries that could be less secure than those on the operating system on which the ThinApp Bubble is running. Can the system libraries override those within the Bubble?
  3. ThinApp contains a mechanism to update the ThinApp Bubble called AppSync, what is the security surrounding AppSync? Could an attacker include a attack payload within such a download?

In essence could ThinApp be used to subvert existing system security?

Continue reading ThinApp Security Concerns