Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.

Abstract: Migrating support for a web browsing session between a virtual machine and a host operating system. A web session is supported by a first virtual machine which executes on a computer system. Upon receiving a request for the web session to enter an unprotected mode, support for the web session is migrated from the first virtual machine to a host operating system of the computer system. In unprotected mode, web sessions are supported by the host operating system rather than by a virtual machine. After migrating support for the web session to the host operating system, a visual cue indicating that the unprotected mode is active is displayed. After receiving a request to exit the unprotected mode, support for the web session is migrated from the host operating system to a second virtual machine executing on the computer system and the visual cue is removed.

Abstract: A consistent user interface is provided in a virtualized environment. A first and second application are executed within first and second operating systems running within separate virtual machines upon the same device. A first application receives, from the second application, a request that identifies a particular type of text to be received from a user. The first application selects an associated text input type and displays a text input interface on the device in a configuration allowing text in the selected text input type to be submitted. Optionally, the first virtual machine may have exclusive permission to display a user interface on the device; however, the user interface may include elements whose appearance was determined within other virtual machines.

Abstract: Approaches for performing nested virtualization using a hypervisor which does not support nested virtualization. A first hypervisor is loaded upon booting a computing device. The first hypervisor instantiates a first virtual machine, exposes an emulated hardware virtualization support interface to the first virtual machine, and executes a second hypervisor, which does not support nested virtualization, within the first virtual machine. The first hypervisor provides nested virtualization support to the second hypervisor to allow the second hypervisor to execute a third hypervisor within a second virtual machine by the first hypervisor abstracting hardware virtualization support to the third hypervisor.

Abstract: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.

Abstract: Approaches for transferring control to a bit set. At a point of ingress, prior to transferring control to the bit set, a determination is made as to whether the bit set is recognized as being included within a set of universally known malicious bit sets. If the bit set is not so recognized, then another determination is made as to whether the bit set is recognized as being included within a set of locally known virtuous bit sets. If the bit set is recognized as being included within a set of locally known virtuous bit sets, then control is not transferred to the bit set. Upon determining that the bit set is not included within the set of locally known virtuous bit sets, then the bit set is copied into a micro-virtual machine and control is transferred to the bit set within the micro-virtual machine.

Abstract: Approaches for synchronizing resources of a virtualized web browser. When a virtualized web browser is instructed to display a web page, a host module executing within a host operating instructs retrieves, from each of one or more virtual machines, contents for a portion of the web page. The virtualized web browser assembles the contents and displays the web page. A web browser executing in the host operating system may, but need not, retrieve any of the content displayed thereby. Instead, the content retrieved by the web browser executing in the host operating system may be retrieved by and rendered within a virtual machine. The behavior of the virtualized web browser may be configured using policy data.

Abstract: Approaches for handling network resources in a virtualized computing environment. A first request for network resources is received from a first virtual machine. Policy data is consulted to determine how to service the first request. The first request is processed by providing the first virtual machine with access to only a first portion of network resources. A second request for network resources is received from a second virtual machine. Policy data is consulted to determine how to service the second request. The second request is processed by providing the second virtual machine with access to only a second portion of network resources that is not coextensive with the first portion. In this way, virtual machines may have access to particular resources and/or specific bounded areas of a network.

Abstract: The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Abstract: Approaches for launching an application within a virtual machine. In response to receiving a request to launch an application, a device instantiates, without human intervention and based on a policy, a virtual machine in which the application is to be launched. The policy determines which resources of a device, such as a mobile device or computer system, are accessible to the virtual machine. The policy may, but need not, determine whether the virtual machine has access to a type of resource which obligates the user of the device to make a monetary payment for the user of the resource.

Abstract: Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.

Abstract: Approaches for creating a template virtual machine. An in-memory state of a virtual machine and/or a set of applications executing within the virtual machine are adjusted and/or configured based on the intended use of the template virtual machine. Thereafter, the virtual machine is established as a template virtual machine. The template virtual machine may be used to create one or more virtual machines using a copy-on-write memory process.

Abstract: Approaches for protecting a computing device against malicious code using an attack vector involving a USB device. A computing device prevents a USB device from communicating operational input to the computing device using a USB port residing on or coupled to the computing device unless consent data is stored on the computing device. Consent data is data that affirms consent provided by a user of the computing device to allow the USB device to communicate with the computing device using the USB port. Note that the lack of consent data stored on the computing device does not prohibit the USB device from identifying itself to the computing device. In this way, if the USB device comprises malicious code or has been designed in a malicious manner, the USB device will be unable to submit operational input to the computing device without the consent of the user.

Abstract: Approaches for providing a guest operating system to a virtual machine. A read-only copy of one or more disk volumes, including a boot volume, is created. A copy of a master boot record (MBR) for the one or more disk volumes is also stored. The read-only copy may be, but need not be, made using a Volume Shadow Copy Service (VSS). A virtual disk, for use by the virtual machine, is created based on the read-only copy of the one or more disk volumes and the copy of the master boot record (MBR), wherein the virtual disk comprises the guest operating system used by the virtual machine. In this way, a single installed operating system may provide both the host operating system and the guest operating system.

Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and all versions, including temporary versions, of any files written to, updated by, or accessed by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.

Abstract: Approaches for synchronizing history data across a virtualized web browser. When a user instructs a virtualized web browser, executing on a host operating system, to display a web page, a host module executing on the host operating system may instruct a guest module executing within a particular virtual machine to retrieve the web page. The host module may provide to the guest module history data for the virtualized web browser. History data describes browsing history for the virtualized web browser, either in the current instance or for previous instances. The guest module performs operations in accordance with the history data. When the host module receives the screen data content from the guest module, the host module instructs the virtualized web browser to display the web page using the screen data content.

Abstract: Approaches for synchronizing cookie data across a virtualized web browser. When a user instructs a virtualized web browser, executing on a host operating system, to display a web page, a host module executing on the host operating system instructs a particular virtual machine to retrieve the web page within the particular virtual machine. The host module provides cookie data for the user to the guest module. The cookie data identifies one or more cookies deemed to be pertinent to the retrieval of the web page. The guest module provides, to the host module, screen data content for use in displaying the web page.

Abstract: Approaches for processing network requests based upon the perceived trustworthiness of the network. A software component renders a judgment, based on a policy that weighs one or more factors, about whether a network accessible to a device should be trusted. If the software component renders a judgment that the network should be trusted, then a network resource identified on a white list of trusted resources is allowed to be retrieved within a host operating system or in a first virtual machine. Conversely, if the software component renders a judgment that the network should not be trusted, then the network resource identified on the white list of trusted resources is prevented from be retrieved within the host operating system or the first virtual machine, and may instead be retrieved within a second virtual machine, which has a more restrictive set of access privileges than the first virtual machine.