Welcome, Guest. Please Login
 
  HomeHelpSearchLogin FAQ Radified Ghost.Classic Ghost.New Bootable CD Blog  
 
Pages: 1 2 
Send Topic Print
Using virtualization: a practical example (spam filters test) (Read 25094 times)
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Using virtualization: a practical example (spam filters test)
Reply #15 - Apr 8th, 2009 at 9:38pm
 
A virus/trojan/malware that attacks a virtual machine is typically confined to the virtual machine.  If you can revert the machine to a state before the virus infected the machine, you should be safe.  Since the virtual machine is just a file, you can easily back it up by simply making a copy of the file when the virtual machine isn't running.  Deleting the current copy and reverting to your most current back-up copy is akin to restoring a previous Ghost image (although faster and easier.)

One neat thing a paranoid person could do is make a copy of their virtual machine every day before booting it.  Then boot the new copy and do all your surfing there.  At the end of the day, shut down and delete the copy you have been running, leaving your previous VM in a (hopefully) pristine condition.  In fact, some new security software for web servers works on this exact concept.  Virtual machines are automatically rotated fast enough that any infection doesn't get to stick around for long.

There are a few cavets to keep in mind.  One is that if you share files between your VM and host, those shared files could be infected, spreading the infection to the host.  

Second, there could be security holes in the virtualization software that would allow an infection to jump from a virtual machine to its host.  That situation is currently incredibly rare; An attacker would have to find a vulnerability in both your virtualization software and an application running on the virtual host and exploit them both, and virtualization software is considered pretty secure right now.  

I'm unfamiliar with "Delete Undo Disk Changes".  Which VM software offers that?
 
WWW  
IP Logged
 

Brian
Demigod
******
Offline



Posts: 6308
NSW, Australia


Back to top
Re: Using virtualization: a practical example (spam filters test)
Reply #16 - Apr 8th, 2009 at 9:53pm
 
Microsoft Virtual PC. When you shut down the OS you have 3 choices...

Commit changes to the virtual hard disk
Save undo disk changes
Delete undo disk changes

Depending on which virtual machine I'm using, I choose the first or last.



 
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Using virtualization: a practical example (spam filters test)
Reply #17 - Apr 8th, 2009 at 11:26pm
 
Ah, ok.  I've never used Microsoft Virtual PC.
 
WWW  
IP Logged
 
Dan Goodell
Special Guest
*****
Offline



Posts: 552
N California


Back to top
Re: Using virtualization: a practical example (spam filters test)
Reply #18 - Apr 9th, 2009 at 12:13am
 
Brian wrote on Apr 8th, 2009 at 8:39pm:
If you are surfing the net from the virtual machine and download a few viruses, are they confined to the virtual machine and able to be removed by "Delete Undo Disk Changes"?


Yes . . . though you should never say never, as MrMagoo explained.  Just think of the virtual machine as though it is a separate, standalone computer on your home network.  If you have a standalone box on your LAN and it gets infected, can that infection spread to the other computers?  If it can spread across the network, it can do the same from a virtual machine.  So whatever safeguards you would use to insulate your LAN's machines from each other still apply to a vm.

In general, any infection that cannot jump across the network also cannot jump from the vm to the host--although you'll have to be more careful if you've enabled VirtualPC's "shared folders" option.

VirtualPC's "undo disk" option is one of its best features, and something I really, really miss with VMware or VirtualBox.  As MrMagoo mentioned, you can always make duplicates of your virtual hard disk beforehand so you dirty up only the duplicate, or you can make a snapshot beforehand and afterward revert to the snapshot, but "undo disks" is so much easier and more convenient, IMHO.  With the option enabled, VirtualPC leaves your virtual hard disk in its pre-session state and caches all disk changes in a separate file.  At the end of the virtual session, you tell VPC whether or not to merge all the changes into the virtual disk file.

In case anyone doesn't appreciate how fundamentally convenient this approach is, consider this example: let's say you startup and close your virtual session daily, and on the fourth day the vm gets infected.

With VMware or VirtualBox:  Copy virtual disk to a backup file.  Start/stop virtual session.  Infected?  No.  Copy the updated virtual disk to backup.  Second virtual session.  Infected?  No.  Backup the virtual disk again.  Third session.  Infected?  No.  Backup again.  Fourth session.  Infected?  Yes.  Copy from the backup file back to the virtual disk file.

(Note that using snapshots is really just the same--you would make a new snapshot in place of each "copy" operation above.)

With VirtualPC:  Start/stop virtual session.  Infected?  No, VPC merges the undo disk into the virtual disk.  Second virtual session.  Infected?  No, disks merged.  Third session.  Infected?  No, disks merged.  Fourth session.  Infected?  Yes, toss undo disk.

The problem is you never know when you're going to get infected, and the "snapshot" approach puts the onus on the user to make sure he's got a recent backup to revert to.  The VPC way says even though we don't know when you'll get infected, when it does happen we'll just use whatever you ended with last session.

And note it makes no difference if you choose not to backup after each and every session; it's the same principle, if just a longer timeline.

I use the undo disk feature all the time.  If someone asks me to take a look at some program they downloaded, I don't have to think twice.  Startup VPC, install the program, look at it, then delete undo disk changes.  Even if the program's not malware, I don't have to think about whether I want that program left on my vm, or bother uninstalling it, or have to remember to make a snapshot or backup before testing.  Quick and simple.

 
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Using virtualization: a practical example (spam filters test)
Reply #19 - Apr 9th, 2009 at 12:24am
 
Thanks, Dan.  Sounds like a good feature missing from other VM software.
 
WWW  
IP Logged
 
Pages: 1 2 
Send Topic Print