The document summarizes the Rapid Recovery System, which uses virtualization to isolate a user's activities and protect their computer from malware. It describes how typical user actions like opening an infected attachment, visiting a malicious website, or installing a problematic update could compromise the system without the Rapid Recovery System's protections. With the system, these actions would be contained to a virtual machine while the user's data remains protected by rolling back to the previous known good state.

1. An Example-Driven Look at the Rapid Recovery System A CS Seminar Presentation by Todd Deshane

3. John is a typical desktop computer user that uses his computer to communicate with friends on IM and email, and surf the web. Ooooh! I got some pics from my buddy Joe :)

4. Without the Rapid Recovery System John didn't know that the pics were actually a trojan, and now his computer is part of a botnet that is sharing all of his personal information to the world. 010010000100000101000011010010110100010101000100 Credit Card Numbers, Email Contacts, Passwords

5. With the Rapid Recovery System John tries to load the pictures in his photo VM, but the action is denied, since the “pics” are actually executables. An error message is displayed to John.

6. With the Rapid Recovery System John really wants to see the pics, so he ignores the error and copies the “pics” to his Internet VM and clicks on them. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.

7. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.

8. SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management

9. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus Without the Rapid Recovery System Newest backup is 1 month old, some recent reports and pictures lost 3 weeks later get the machine back with the OS re-installed Call tech support, make an appointment to take the computer into the shop Look in process list, attempt to kill suspicious process, regenerates itself Reboot machine, still slow Notice a slow down of the machine, unsure of cause.

10. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Open an attachment containing a mass emailing virus With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image. The NET-VM flags a violation of the network contract and pauses the VM. The attachment is written into the email log. Some system data (logs, etc.) in VM appliance is lost, but no personal data is lost. The machine is back in working order in less than 1 hour.

11. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website Without the Rapid Recovery System The program installs a backdoor for later use by the attacker The program sends out a small amount of data containing the information discovered The user does not notice any sign of trouble A malicious program scans the hard drive for credit card numbers

12. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Surf to the wrong website With the Rapid Recovery System Rollback and remount personal data store The system asks the user if they want to rollback to the last known good image The FS-VM triggers a violation of the data access contract and pauses the VM The malicious programs begins to read the hard drive for credit card numbers The scan is not completed, the information is not sent, the backdoor is prevented

13. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update Without the Rapid Recovery System It takes a few hours to assemble the installation media, to find the product keys, and to follow the instructions The best recommendedation is to completely uninstall and re-install the applications The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components

14. THE MINEFIELD OF PERSONAL COMPUTER USE The seemingly innocent things you can do to render your PC unusable Scenario: Install a required software update With the Rapid Recovery System The machine is back up in running in minutes The user decides to rollback to the last known good image The user calls tech support and they confirm the problems with the patch After the update, several applications cannot find some required components

15. SYSTEM ARCHITECTURE Internet Internal Network Segment Isolated Network Segment Management Management Hardware Xen Hypervisor NIC NET-VM VMA 1 VMA 2 VMA N FS-VM Disk Domain 0 Management

16. SYSTEM PERFORMANCE

18. Questions/Comments?