The CSIRO has developed a tool it says will prevent criminals snooping on online communications, but hacking experts say the system is not foolproof.
The tool, dubbed the Trust Extension Device (TED), developed by the government research body, is a set of software tools loaded on to a portable storage device, which the CSIRO claims will allow online banking customers to create a quarantined desktop environment on computers that have been compromised by trojans, viruses or other malware.
"The TED is a set software components currently because it's implemented on a USB stick. It essentially starts a virtualisation machine. It's built on top of QEMU virtualisation software," TED's developer, Dr John Zic, research director of the CSIRO's Networking Technologies Laboratory.
"When you plug the device in, it then starts this virtualisation software, creating a separate bubble if you will -- an execution environment within which a small operating system starts up," he said.
The virtual operating system also contains a set of cryptographic functions as well as an e-mail client or banking client. Before it runs an application or allows a transaction to occur, the TED establishes trust with the remote enterprise server requiring both ends to prove their identities to each other.
Want to know more?
For all the latest news, analysis and opinion on security, click here
Dr Zic also hopes to see the technology applied to secure communications in the healthcare sector.
"What we're proposing is an extension to that where you can have a whole group of people each with their own TED to start up their own secure collaboration environment," he said.
But not everyone is convinced by the technology because the virtualised environment still shares some components of a computer with the base operating environment.
"Because the virtualised environment comes up within that base operating system, a trojan is still able to capture screenshots, see what windows you're viewing, and see what numbers you're typing in with your Internet banking," Pure Hacking penetration tester Ty Miller told ZDNet.com.au.
"Keylogging may be a bit more difficult, but it depends on whether the host [base] operating system can detect the keystrokes that are being entered into the virtualised environment," he added.
Another question is whether the tool is a read-only device. If files can be written to the location of the operating system, the trusted environment can be also compromised, said Miller.
Nonetheless, over the next month the CSIRO will be seeking expressions of interest to commercialise the product.
As a long-term QEMU fan and user, I'm delighted to hear that CSIRO have chosen it...
...but I simply don't agree with the opening sentence that this will "prevent" criminals snooping on on-line conversations. It will not.
If the virtual machine is running in a compromised host operating system, then the guest operating system (the one inside the virtual machine) _must be considered compromised too_.
You can't uncompromise a computer simply by launching a virtualisation layer on top of the compromise!