I recently learned about the capabilities of virtual machine technology. The issue I raise is whether VMware and similar software are superior to First Defense-ISR.

Could VMware spell the end of First Defense-ISR?

Dallen, I must confess my ignorance of VM programs, but do they allow backups of your entire system like FD does?

Acadia

Yes. It's even better than that. My suggestion is that you obtain the "Security Now!" podcast from the GRC.com website. Steve Gibson explains the capabilities better than I can. Let me just say, not only can you create "backups of your entire system," but you can have multiple systems and take them with you. You could even take your system to my house, install the free VM player on my system and use your system on my system.

When you are finished, every trace of your system is snuffed out of my system with the click of a button.

Depends on how you use VMware, virtual machines, etc.
Depends how you use FDISR. I use VM and FD I dont think they can be compared.

virtual machines isnt something new right? if it would be the end of Fd then it should have happened a long time ago.

Thanks, Dallen, I'll check it out. One thing that I have realized thru the few years that I have been computing, DO NOT close your mind to new ideas. If I had, I'd still be using GoBack! You never know when the next, new, best thing is going to come around the bend. ;)

Acadia

Dallen, I am finding two Security Now podcasts that discuss VM, which one is it, or is it both?

Acadia

I don't think in any way VM is the end of FD.

VM can be used for testing, and for developers it's essential. It could be used in many ways cover functions we use FD for like testing new software.

But VM does come at a price. Software wise VMWare isn't cheap if you want to do anything but playback a VM machine. However Microsoft gives away it's latest VM machine software. It's free.

However.....

1. Resources. FDISR only takes your disk space. VM requires not only disk space but memory. If you have 1gb of ram, in a FDISR snapshot you still have 1gb, but in a VM you would have to work with less.

2. If you corrupt something in a VM not a big deal, but if you corrupt something in the host, you can't fall back to booting to the VM, like you can with FDISR

3. If you are going to build a VM from scratch you have to know quite a bit about hardware.

4. The big gotcha. Licenses. Read the fine print in VM stuff on microsofts website and your licenses. If you put a VM machine on your system and want to run XP in it, you have to have a 2nd XP license. Developers get a developers license and can use their XP with that license on several machines. But if like me most of you got XP with your machine, you can only use that copy on the host machine, and not on a VM machine. This is a big rub assuming you want to stay legal.

Pete

I'm not really interested in VMware. I have already a solution for disasters : ATI + FDISR.
And I'm not impressed from what I read about VMware in this thread.
Advantages of VMware, I don't need or already exist in FDISR and Peter's post isn't encouraging either.

For the moment, I don't see VMware as a full replacement for FDISR, it is just another software, that needs to be studied, tested, evaluated and compared with FDISR.
Too much work and useless, because I've already a 99%-solution for disasters : ATI + FDISR
I have other problems that need a 99%-solution.

-{ Quote: "Dallen, I am finding two Security Now podcasts that discuss VM, which one is it, or is it both?

Acadia" }-
I'm referring to podcst # 53.

-{ Quote: "I'm not really interested in VMware. I have already a solution for disasters : ATI + FDISR.
And I'm not impressed from what I read about VMware in this thread.
Advantages of VMware, I don't need or already exist in FDISR and Peter's post isn't encouraging either.

For the moment, I don't see VMware as a full replacement for FDISR, it is just another software, that needs to be studied, tested, evaluated and compared with FDISR.
Too much work and useless, because I've already a 99%-solution for disasters : ATI + FDISR
I have other problems that need a 99%-solution." }-

Erik

VM applications have solid uses that justify the work involved. Just not as an FDISR application.

Pete

-{ Quote: "Erik

VM applications have solid uses that justify the work involved. Just not as an FDISR application.

Pete" }-
I see how it could be a different approach to accomplishing the same thing FDISR accomplishes. More research is required.

Perhaps virtualization may be a different approach for a clean snapshot of the system, but one thing come to my mind about replacing an imaging software.

a.] You need to own another license for installation of Windows onto a VM machine. For those with a limited budget, First Defense may be a more worthwhile buy.

[edited. Did not see your answer to the imaging harddrive/backing up option. Apologies.]

The benefits of VM's is that you can practically deploy and use them with very little difficulty. Maybe it's just another way of getting the same notion of "starting with a clean snapshot", but it's just another alternative, not a replacement, in my opinion.

-{ Quote: "You could even take your system to my house, install the free VM player on my system and use your system on my system." }-
That sounds interesting. Does that mean that a Virtual Machine installation is hardware independent?
Would you be able to create a VM image with network support based on a network card and then get online on another system that has dial-up?

Fascinating!

A Virtual Machine is comprised of virtual hardware and is therefore operating within a "shell" and "independent" of the host system. In that sense, it is indeed hardware independent.

VMWare is the future.
It is FDISR, ShadowUser, etc. on steroids.
VMWare is a virtual machine. FDISR and others are fine for what they do, but virtual machinization they are not.

for the time being i see VM, rollback, and imaging tools as coexisting products.

Dina and Peter pretty much summed it up. It all depends how you use teh software because they each work differently and each product may be better in a certain situation.

-{ Quote: "VMWare is the future.
It is FDISR, ShadowUser, etc. on steroids.
VMWare is a virtual machine. FDISR and others are fine for what they do, but virtual machinization they are not." }-

True enough but if your host machine gets messed up you sure can't recover from the VM. So in that sense one could also say VM's are fine for what they do but Recovery software they are not.

They really are two independent types of software, and I can see them easily coexisting with each other.

Pete

-{ Quote: "I see how it could be a different approach to accomplishing the same thing FDISR accomplishes. More research is required." }-


I would modify that statement from the same thing FDISR accomplishes, to some of things FDISR accomplishes.

Pete

-{ Quote: "VMWare is the future.
It is FDISR, ShadowUser, etc. on steroids.
VMWare is a virtual machine. FDISR and others are fine for what they do, but virtual machinization they are not." }-
Gerard Morentzy,
I have yet to use VMware, but from what I am reading and what I am learning your assessment of VMware is most accurate.

Peter2150,
If one stores a VM remotely, one could formulate a valid argument to say that VMware not only accomplishes everything that FDISR accomplishes [based on the fact that I can create "snapshots" and switch between them instantaneously], but that it also accomplishes everything a solid imaging program does [I can "restore" a broken system by simply installing VMware and re-loading my externally stored VM].

For all,
If you have not looked into virtual machine technology, you will eventually.

My conclusion is premature, admittedly. Based on what I know about VM technology, it is the future and its capabilities cover both FDISR and a solid imaging solution. Of course it is more hardware intensive, but if you have the hardware to support this software, you are doing yourself a disservice to underestimate it and fail to realize its capabilities.

One of the biggest things that will keep it from being used casually is that it's generally a pretty big install, installing a lot of drivers and services. It's also never going to run as fast as your actual system. VMs have been around some time. They're great for testing in a variety of ways, but I couldn't see using them all the time, except for public computers with very limited functions.

IMO it's the same argument as Linux being "the future". For some, and in some environments, it certainly is and will be but others will have entirely different demands.

I agree with Notok. I have used Wmvare, but decided not to continue with it because working in a guest OP was too slow for me even on Linux distros. I did only assign 756Mb memory to it so that might be it. Maybe if one assigns more than 1Gb RAM it would be faster.
But I do like the idea of virtualization and when (if) they ever make Wmvare guests run as fast as the host I will definetely try it again.

-{ Quote: "

Peter2150,
If one stores a VM remotely, one could formulate a valid argument to say that VMware not only accomplishes everything that FDISR accomplishes [based on the fact that I can create "snapshots" and switch between them instantaneously], but that it also accomplishes everything a solid imaging program does [I can "restore" a broken system by simply installing VMware and re-loading my externally stored VM].

" }-

Argument isn't valid. If you replace your hard drive, and have only a manufactures recovery disk, that and an external FDISR snapshot, you could recover your disk, Install FDISR, reload the snapshot putting your disk back to current state and then remove FDISR, and you would be back in business.

Can't to my knowledge to that with VM. Yes you could then run in your Virtural machine, but I don't think you could use that to restore your main drive, any more than FDISR can refresh an archive while you are in it, or IFW can restore the partition you are working in.

Pete

Pete,
I am of course talking about something that I've never used. So, everything that I say is theoretical, not actual. I hope to change that soon.

However, given your hypothetical scenario [HD failure], using VMware a "system restoration" would consist of reinstalling the VMware software. I know nothing about what that entails, but assuming that a reinstallation of the VMware software is fairly simple [maybe a gross assumption] the restoration is complete once the VMware is reinstalled because the next step is to import the VM of your system, which is stored externally.

Even if the reinstallation of VMware is difficult and tedious that will eventually change. When that does, VMware [or another similar software] will be an incredible solution. From a security standpoint, it would be amazing. Viruses, worms and trojans could be snuffed out with the termination of a VM.

You raise another good point about the type of Windows you have. Having a recovery disk as opposed to a retail copy of Windows could be problematic. This is why I would prefer to have a retail copy of Windows. However, couldn't you simply use the recovery disk inside a VM to accomplish the same?

-{ Quote: "Pete,
I am of course talking about something that I've never used. So, everything that I say is theoretical, not actual. I hope to change that soon.

However, given your hypothetical scenario [HD failure], using VMware a "system restoration" would consist of reinstalling the VMware software. I know nothing about what that entails, but assuming that a reinstallation of the VMware software is fairly simple [maybe a gross assumption] the restoration is complete once the VMware is reinstalled because the next step is to import the VM of your system, which is stored externally.

Even if the reinstallation of VMware is difficult and tedious that will eventually change. When that does, VMware [or another similar software] will be an incredible solution. From a security standpoint, it would be amazing. Viruses, worms and trojans could be snuffed out with the termination of a VM.

You raise another good point about the type of Windows you have. Having a recovery disk as opposed to a retail copy of Windows could be problematic. This is why I would prefer to have a retail copy of Windows. However, couldn't you simply use the recovery disk inside a VM to accomplish the same?" }-

Dallen

I think what you are missing is the VM runs on your desktop as another app, like Word. So if you install windows, and the VM, you know have a barebones windows, with one app which is your VM. I don't know as there is any way you can restore your host from a VM, or even if you would want to.


Pete

Pete,
Your last posting made me realize that either you or I misunderstands VMware. As I understand it, VMware has a bare metal solution that is totally independent of the OS and can be installed on the system without any OS. The OS is installed after VMware and inside a virtual machine.

That would be more like a hypervisor. VMWare installs inside of Windows. Hypervisors are something that were used quite some time ago, mostly in the Unix world. I still don't know that you'd get the same performance, but I'm sure it's better than VMWare and the like.

I don't think VMWare will ever be as fast as the host system, since every instruction will have to be essentially made twice (once on the host, then translated to the VM).

The more realistic options for casual home use are the virtualization programs like ShadowUser, BufferZone, DefenseWall, GeSWall, and so on. I wouldn't count on any of them being a panacea, though. As the pauldotcom podcast pointed out there is a big difference between two machines separated by some memory space and two machines separated by a physical air gap. You can pretty much bet that they will be breached at some point.

Notok,
My understanding is that if I create a virtual machine and allocate all of the system resources to that virtual machine, it will respond indistinguishably as fast as if the virtual machine were not a virtual machine.

Nope. You are essentially installing an entire second computer inside Windows. So when your browser requests something of the processor, it requests it from the virtual processor, which in turn translates that request to the physical processor, and then translates the output back to the browser. It may not be exactly twice the work, but it's still quite a bit more. The faster the virtualization is, the more it is tied into the host operating system, which is why DefenseWall is faster than BufferZone (which has the virtual file system), etc.

This also means that you must have TWO licenses for Windows, which is what Peter was saying.

-{ Quote: "Pete,
Your last posting made me realize that either you or I misunderstands VMware. As I understand it, VMware has a bare metal solution that is totally independent of the OS and can be installed on the system without any OS. The OS is installed after VMware and inside a virtual machine." }-

Hi Dallen

You are right to a degree. But as I understand it from my read of both the VM and microsoft site, you have a working machine, like you or I, and you install the VM software. You then create a VM on your desktop, that is indeed a bare metal machine. It has to have OS and software installed. That VM runs on your desktop, and can be moved. But still needs a running host machine on which to run.

Okay VM guys step and correct me if I am wrong. But I don't see anyway if all you had was a VM file that you could use it to rebuild the host machine disk if it crashed.

Pete

-{ Quote: "
Okay VM guys step and correct me if I am wrong. But I don't see anyway if all you had was a VM file that you could use it to rebuild the host machine disk if it crashed.

Pete" }-

The guest operating system is just a couple of (big) files on your harddrive. You have to have windows installed in order to install the program VMware, and WMvare creates the file (the guest OP) . You can not install WMvare without a host (Windows XP for example)
But you can export the guest to another drive and import it after you have reinstalled windows (the host OS) and Vmware in case of harddrive failure.
I hope I understood the questions right :)

Thanks Sukarof

Am I correct in assuming there is no way you can update the host from a VM guest.

Pete

-{ Quote: "Thanks Sukarof

Am I correct in assuming there is no way you can update the host from a VM guest.

Pete" }-
As far as I know, you are right. I have not seen such option in VMware. But then again I have only used it to install other operating systems.

I would like to have the option to clone my host into a guest though. It is a pain to install everything from scratch to get an identical system to try beta software on (or malware if you want) and then you have to keep the "cloned" guest updated ie: install everything you install in the host.

But if you are testing other OS it is good, but not merely for testing new software. It is much easier with FDISR, Rollback and similar software. So VMware is not the end of FDISR imho. Not yet anyway. But if they incorporate features of instant recovery programs, like the things I mention above, it might be.

Hi Sukarof

I have on other question. If I build a guest configured the same as the host, could I take a self booting DVD with a recovery image and load it into a guest?

Thanks,

Pete

Again I've never used this stuff, but we are obviously not on the same page here. I have copied a quote directly from the Security Now! podcast # 53 with Leo Laporte and Steve Gibson.

-{ Quote: "VMware used to only be hosted on top of another operating system. But they’ve even got a version called ESX which you install, like the first operating system, you install this VMware ESX on raw hardware..." }-

ESX is a server application made for large corporations, and is priced accordingly. I don't know that it would be suitable for everyday use (it's not made for it), and you still wouldn't get the same performance.

Vista will have a hypervisor as well, but only in the enterprise version.

FirstDefense and VMWare co-exist here, I'm very surprised not more people here use vms. I use workstation, ESX, XEN...work and surf vm all the time.
Anyone looking at this I would recommend the free player and now server and explore the appliances.
VMWare : http://www.vmware.com/
Community : http://www.vmware.com/community/index.jspa
Appliance info : http://www.vmware.com/appliances/
...and directory http://www.vmware.com/vmtn/appliances/directory/