I have gotten to like Ubuntu even though I realize the learning curve is
going to be rather long. One of the things I do is help poor people acquire
computers and Ubuntu is perfect if all they need is an office program, internet
browsing and email .
I have started to learn wine but I think a VM might be a good idea as well.
I am limited to 4 gigs but I don’t game so speed is not that important.
My question is if I run XP PRO on a VM inside of my Linux box will I still
retain the advantage of virus resistance? And will I be able to save data on
the drive when using the VM. Also would using Win98 be just as well as some of
the older people I help have games that they are convinced will only run on 98
even when I show them the compatibility mode.
Yes and no.
Virtual machines, or VMs for short, are one of the coolest technologies I’ve
seen come along for some time. They’re still pretty geeky, but as you can tell
– I’m impressed.
Before relying on VMs for security purposes, though, we need to understand
exactly what they are, and of course, what they are not.
]]>
A virtual machine is, to put it simply, a program that you run on your computer that creates a simulation of a “machine within a machine”.
For example, I’ll run Windows 7, and within Windows 7 I’ll run a virtual machine that will start with it’s own virtual BIOS and boot (from a CD or an iso image or its own virtual hard disk) into a completely different operating system. Within that VM the operating system behaves as if it’s on its own dedicated computer, because that’s all it sees. It has no knowledge of the fact that it’s actually running within a VM.
I regularly run Windows XP, Windows Vista and even Ubuntu Linux within VMs.
It’s kind of like running those operating systems as if they were standalone programs themselves. Of course they are not; they assume that they’re installed on a computer, and that’s where virtualization comes in: it simulates a computer on which they can install and run.
When it comes to security, the best way to think about a VM is as if it were a separate physical machine. All the rules, techniques and cautions that you might apply to a separate physical machine apply to a virtual machine.
So, let’s say you’re running a Windows XP VM within a actual machine also running Windows XP. With the exception of networking, which I’ll speak to in a moment, any viral infection that happens on one installation will be limited to that one installation – just like separate physical machines. So if the VM gets an infection, the physical machine will not necessarily.
That fact VMs are isolated this way from their host machine and from other VMs is one of the biggest reasons security folks like them. You can do something “risky” in a VM without putting the actual host computer at as great a risk. If the VM becomes infected, you discard it.
But before we get to complacent with that scenario, we need to understand some of the ramifications.
As I said, a VM is best thought of as “just another physical machine”, so “discarding it” means discarding the VM and recreating it from scratch – i.e. the virtual equivalent of a reformat and reinstall. Fortunately, many VM tools provide the ability to “snapshot” or “clone” VMs, so that you can very easily perform the virtual equivalent of an image backup. Rather than reformat and reinstall, then, “discarding it” simply means reverting to that prior VM snapshot, clone or backup.
If you plan to use a VM long term, as in your scenario, running a Windows XP VM on an Ubuntu machine, then you need to treat it exactly as you would any other Windows XP installation. While your Ubuntu machine itself is protected two ways: by XP being isolated in a VM, and by Ubuntu being Ubuntu and not Windows, that Windows VM itself can most certainly become infected if normal security advice is not followed.
The only time it’s “kind of” OK not to follow that security advice is when a VM lives only a relatively short time – say you create a VM simply to test out some feature of the operating system, or install some test version of a program, after which you destroy the VM.
Now, I spoke of networking above; there are both security issues to be aware of and an answer to your second question as well: how do we share data between the VM and and host machine.
VMs are typically set up with networking enabled, and even some default network shares that make the host machine’s hard drive appear as a connected network drive and potentially vice versa. This makes sharing files between the host and VM simple: just use the appropriately connected drives.
But it also opens up another potential vulnerability: networking.
Your host and your VMs are networked. There’s no network cable, or even network hardware perhaps, but they are connected via Windows (or other OS) networking support. And that means that they may be vulnerable to network based threats from each other. And again, the best way to think of this is simply as if they were two physical computers connected to the same network.
Depending on how you use your machines and VMs, and the various operating systems involved, that means you may want to enable software firewalls as appropriate, and of course keep those Windows VMs up-to-date on their assorted updates that often correct network based vulnerabilities.
The important thing to realize is that even without a network, there’s a network.
And finally, sure – go ahead and throw Windows 98 in a VM. That’s another of the really nice aspects of virtual machine technologies – you don’t need to dedicate a machine to the various oddball scenarios you might come up with. Be it Windows 98, MS-DOS itself, or any of a number of other PC-compatible operating systems, virtual machines allow you to install and run them fairly easily.
I would suggest that we use different VM for different purposes. For example, one VM for critical activities only (like banking), and the rest would be for general purposes.
That way, we have created an isolated environment for critical activities.
Selinap.
Leo discusses the pros and cons of that here. It sounds like you’ve got a good suggestion for the “complexity” drawback he mentions at the very end of that article. While it does add complexity to a users daily computing, I could see having a dedicated VM that I ONLY use to:
1) Open Internet Explorer
2) Browse to BankA, BankB, or BankC to handle all of my personal banking needs
3) Close the browsers and then close the VM
I like it!
Firstly, I am one who believes VMs are one of the most incredible tools available. Even among ‘cool’ IT geeks, we almost gush over what we can achieve using a VM. For what it’s worth, I use Virtual Box from SUN – its simplicity to setup and use puts it in the category of ‘worth checking just to see what it does’.
I use Ubuntu for day-to-day work for all the typical Linux reasons, performance, reliability, security, support, etc. Now, due to the usability work done on the major distros such as Ubuntu, it’s also an easy environment to work within.
Anyway, back to the topic, I have many reasons to keep a lot of alternative OS’s in my computer all available in a VM. Customers and friends often ask me to show them how something is meant to work or whether it works properly in a certain environment. I have every Windows release(except ME which I could but don’t use) from 2000 up to Win 7). Being able to jump in and out without rebooting is just so useful.
As Leo states, all the connectivity, shares, etc. are as difficult or easy to setup as they are in a traditional environment. I therefore treat a VM as an easily infected environment and so keep all my anti-virus software up-to-date (something that needs to be understood BTW, is that although Linux is virtually ‘virus or germ proof’, passing on or sharing infected files onto an unprotected Windows machine is the same as passing that same dirty file onto a normal unprotected Windows computer – the germ simply ‘wakes up’.
WINE in Linux is pretty cool – I use it occasionally for MYOB simply because in WINE it runs almost natively. In Virtual machines, there is nothing that doesn’t work in my experience. In fact, with the caveat that you do need modern quantities of memory, VM performance feels identical to working in a sole environment.
To Selinap and Gabe, I need to point out that using a VM for banking is a complete waste of time in 99.9% of cases. In banking, all your work is done behind a fortified encryption SSH screen (shown by a Padlock somewhere in your Window). A VM is no safer than your normal session.
The exception might be (because I haven’t tested it) that a VM provides you with a layer of protection against a key-logger if you share your computer or if it’s been accessible to someone malicious enough to install a key-logger application. A VM might protect you due to the fact that you’ve crossed over into a clean environment as you enter the VM. I’m open to correction on that though.
In order to help out other people and keep them away from Windows: I’d like to learn a great deal about Ubuntu (Linux) and how to set up a VM in there to run XP. As I use Kingwin drive racks, would plug in a new HDD, install Linux and go from there. I do have a boxed set of Linux distro which came from them–is this the same as Ubuntu?
To reach the goal of “a computer for every kid” in our school system, Linux is the only way to go. Kids need to learn from their start they can do all sorts in Linux without that M$$$ stuff.
I’m especially angry with M$$$$ over their peremptory discontinuance of XP. I’m the decision maker for 200 computers in our various businesses and it’s XP forever, and friends who are IT guys in large companies tell me they aren’t scrapping all their computers for new ones just to pay M$$$ for a new operating system they don’t need anyway, either.
M$$$$$ is a stupid greedy company caring only for itself and not the world “out there” which wants to keep using XP. That Ballmer person ought to be “whacked upside the head,” a phrase used by Judge Jackson in the anti-trust case. There’s no excuse for not continuing to sell it, expand site licenses, etc. particularly since support will continue until 2016. XP+SP4 could be very profitably sold in huge quantities @$50 per copy on hooks in stores; and it would be appropriate to charge existing users something for SP4 if there were to be such a thing.
Greed leads to piracy and ultimately will be its own comeuppance for M$$$$. It’s history.
j
Seems to me you could greatly mitigate the networking issue of VM’s by shutting down the networking feature, at least temporarily. If it is possible, for example, to bar the VM from sending any data to the physical machine, but only to certain peripherals (particularly the monitor and printer), you could then, while this state lasts, safely use the VM for web browsing, knowing that all downloads, cookies, malware, etc., is being written EXCLUSIVELY to the VM, and NOT to the physical computer. Toss the VM session down the drain, and all malware, etc., vanishes with it.
But now for the BIG Question: Is this scenario even possible?
Please expand on your article and answer this, Leo!!! It’s IMPORTANT!!!
I second the question above from Glenn P.
PLEASE let me know by email if you respond to this question
(copied response)
Seems to me you could greatly mitigate the networking issue of VM’s by shutting down the networking feature, at least temporarily. If it is possible, for example, to bar the VM from sending any data to the physical machine, but only to certain peripherals (particularly the monitor and printer), you could then, while this state lasts, safely use the VM for web browsing, knowing that all downloads, cookies, malware, etc., is being written EXCLUSIVELY to the VM, and NOT to the physical computer. Toss the VM session down the drain, and all malware, etc., vanishes with it.
But now for the BIG Question: Is this scenario even possible?
Actually, there have been instances of virtual machine escape, which is when malware is able to get out of the virtual environment and run directly in the host environment. Most, as you allude, use defects in the network interface between the virtual machine and the host. However, I know of at least one that got out using a defect in the virtual machine’s display driver.
To mitigate this, for the internet I use virtual machine software that is regularly maintained (i.e. VMWare and not QEMU), use Linux as the host and Windows as the guest in the virtual machine, run all virtual machines that access the internet under a regular Linux user account (i.e. not root), use host only networking under VMWare for all virtual machines that access the internet and tell the host Linux firewall to block all services for that VMWare host only network except for file sharing (Samba) and the web server (Apache). Then, I use a Windows 95 virtual machine to do my regular internet access, the reason being that, for the last several years, every instance of malware that has invaded my Windows 95 virtual machine has caused it to promptly crash, thereby stopping the malware in its tracks before it can do worse damage and also immediately making me aware that I just came across malware. So far, I have yet to be able to duplicate this type of protection in later versions of Windows.