Microsoft Virtual PC. When you shut down the OS you have 3 choices...

Commit changes to the virtual hard disk
Save undo disk changes
Delete undo disk changes

Depending on which virtual machine I'm using, I choose the first or last.

Brian wrote on Apr 8^th, 2009 at 8:39pm:


Yes . . . though you should never say never, as MrMagoo explained.  Just think of the virtual machine as though it is a separate, standalone computer on your home network.  If you have a standalone box on your LAN and it gets infected, can that infection spread to the other computers?  If it can spread across the network, it can do the same from a virtual machine.  So whatever safeguards you would use to insulate your LAN's machines from each other still apply to a vm.

In general, any infection that cannot jump across the network also cannot jump from the vm to the host--although you'll have to be more careful if you've enabled VirtualPC's "shared folders" option.

VirtualPC's "undo disk" option is one of its best features, and something I really, really miss with VMware or VirtualBox.  As MrMagoo mentioned, you can always make duplicates of your virtual hard disk beforehand so you dirty up only the duplicate, or you can make a snapshot beforehand and afterward revert to the snapshot, but "undo disks" is so much easier and more convenient, IMHO.  With the option enabled, VirtualPC leaves your virtual hard disk in its pre-session state and caches all disk changes in a separate file.  At the end of the virtual session, you tell VPC whether or not to merge all the changes into the virtual disk file.

In case anyone doesn't appreciate how fundamentally convenient this approach is, consider this example: let's say you startup and close your virtual session daily, and on the fourth day the vm gets infected.

With VMware or VirtualBox:  Copy virtual disk to a backup file.  Start/stop virtual session.  Infected?  No.  Copy the updated virtual disk to backup.  Second virtual session.  Infected?  No.  Backup the virtual disk again.  Third session.  Infected?  No.  Backup again.  Fourth session.  Infected?  Yes.  Copy from the backup file back to the virtual disk file.

(Note that using snapshots is really just the same--you would make a new snapshot in place of each "copy" operation above.)

With VirtualPC:  Start/stop virtual session.  Infected?  No, VPC merges the undo disk into the virtual disk.  Second virtual session.  Infected?  No, disks merged.  Third session.  Infected?  No, disks merged.  Fourth session.  Infected?  Yes, toss undo disk.

The problem is you never know when you're going to get infected, and the "snapshot" approach puts the onus on the user to make sure he's got a recent backup to revert to.  The VPC way says even though we don't know when you'll get infected, when it does happen we'll just use whatever you ended with last session.

And note it makes no difference if you choose not to backup after each and every session; it's the same principle, if just a longer timeline.

I use the undo disk feature all the time.  If someone asks me to take a look at some program they downloaded, I don't have to think twice.  Startup VPC, install the program, look at it, then delete undo disk changes.  Even if the program's not malware, I don't have to think about whether I want that program left on my vm, or bother uninstalling it, or have to remember to make a snapshot or backup before testing.  Quick and simple.