what virtulization software should i use ?

[Ranget]

i need system virtulization first Goal is security

vmware / vbox / v pc ?

or anyother options ?

i dunno the Leak of vmware source code made me think again what
should it chose

also is there any tweaking i could make to any of them ??

[Ranget]

i think i'm going to stick to VMware

but i want to ask about VMware Exploits
is there an exploit that will bypass the whole Guest OS with its protection ?

for an instance if i used an antiexcutable will that Protect the Host from being exploited ?

[bullmose]

vmware is a good choice. i have seen exploits where a piece of malware attempted to infect the host computer but was blocked by CIS D+ this was a year or two ago on version 7.1.2. As for an anti-executable you will have to do a lot of config esp to just get vmware running properly.

[Cutting_Edgetech]

Vmware, Vbox , V PC are great options if you are also going to be conducting Malware and / or software testing. Is this for a business that requires additional functionality that light virtualization can not facilitate? If security is your only concern I would go with light virtualization such as Shadow Defender, Return Virtual System, Deep Freeze, etc.. If you don't want to go that route then Citrix Desktop is another application that supports full blown virtual machines -http://www.citrix.com/English/ps2/products/product.asp?contentID=163057&ntref=prod_cat I would say its comparable to Vmware.

[Ranget]

mmm i think i'm going to stick with Vmware

[TheMozart]

Quote:

Originally Posted by Ranget

mmm i think i'm going to stick with Vmware

I think your mind was made up even before you created this thread.

[Cutting_Edgetech]

You will never know until you give the other ones a try. When it comes down to it that's the only way to really know.

[Dark Shadow]

Quote:

Originally Posted by TheMozart

I think your mind was made up even before you created this thread.

LOL,he was just confirming his mind

[TheMozart]

Quote:

Originally Posted by djohn

LOL,he was just confirming his mind

[Ranget]

still didn't decide

but i don't know which is more secure ?

also what is the diffrence between

Oracle VM and Virtual Box ?

[TheMozart]

Quote:

Originally Posted by Ranget

still didn't decide

but i don't know which is more secure ?

also what is the diffrence between

Oracle VM and Virtual Box ?

Im not sure which is most secure, but I have used VB in the past and it seems secure, but Im not sure sorry.

[mirimir]

Quote:

Originally Posted by Ranget

still didn't decide

but i don't know which is more secure ?

What do you mean by "secure"? If you mean hiding VM data from hosts, none are "secure". Hosts can always see everything about VMs. So you must secure host machines.

Quote:

Originally Posted by Ranget

also what is the diffrence between

Oracle VM and Virtual Box ?

VirtualBox is open source. Oracle VM VirtualBox includes proprietary extensions for USB etc. Just get VirtualBox, and install the extension pack.

[Ranget]

Quote:

Originally Posted by mirimir

What do you mean by "secure"? If you mean hiding VM data from hosts, none are "secure". Hosts can always see everything about VMs. So you must secure host machines.


VirtualBox is open source. Oracle VM VirtualBox includes proprietary extensions for USB etc. Just get VirtualBox, and install the extension pack.

i want the most secure Like Malware not leaking out from the Guest to Host

anyway virtual Box seem good and Free

[noone_particular]

Quote:

i want the most secure Like Malware not leaking out from the Guest to Host

Then you also need to secure the host system. Regardless of whether you choose VMware, VBox, or VPC, it's part of your attack surface and should be treated as exploitable. In this respect, it's no different than any other user app that can come into contact with malicious code. Limit permissions, restrict interprocess activity, etc.

Regarding the VMWare source code leak, unless there's some big, unfixed vulnerability (or something else) that they're trying to hide, it shouldn't be any big deal. The source code for VirtualBox is available for all to see. This hasn't made it any less secure.

[Kyle1420]

Been using VirtualBox for a long time, very happy with it

[Ranget]

i will try it on one of the Linux machines before starting it as my main VMM

[KelvinW4]

I use VirtualBox, I find it quite fast and easy to understand.

[xxJackxx]

VirtualBox is great for free. It does not support drag and drop between the host/guest like VMWare does though. My only current gripe about VirtualBox is that it does not run Windows 8 well as a guest.

[Mrkvonic]

If your first goal is security, virtualization is not what you want.
This kind of technology can be used for security, but that's not the primary goal.
Mrk

[Ranget]

i don't understand you Mrkvonic
for instace i use a VM machine to do the dirty work that won't infect my system

so what do you recomend

[Mrkvonic]

Virtualization was not designed for security, although it can be used that way. It was designed for other things. The choice of software is not that important really, it's the overall understanding how things correlate, how your network works, etc.
Mrk

[Ranget]

thanks but i was looking for the best of
most professional users use VMware
one of them our beloved Meriadoc

vmware according to some post i read is the most identifed Virtual enviroment
by malware

anyway your first response invoked the question

what was designed for security as a main goal ?

[Mrkvonic]

Security as end user or security as researcher?
Mrk

[CyberMan969]

Full virtualization software (as well as snapshot solutions) are both great technologies for testing software across several reboots, allowing you to easily undo most non-malicious changes. With such software you can also undo basic infections by 'dumb' malware, but more sophisticated malware may leak to the host; so it would be best to also use additional software installed both to the VM AND the host machine.

A decent HIPS Firewall with antiexecution functions is essential (I use Comodo Internet Security with Defense+ configured for max protection). Also antivirus/antimalware protection is essential (MalwareBytes' AntiMalware plus Avast free is what I use), plus a decent light-virtualization app like Shadow Defender (which would keep most sturdy rootkits at bay).

For full protection I also use keystroke encryption software (KeyScrambler), plus Sandboxie (in order to test any suspect executables). With Sandboxie you can safely see what changes an executable would have applied to the real system if it was allowed to run outside the sandbox. If you install all that both in the real machine and in the VM, then you should be paranoidly safe regardless of which VM software you would choose to use!

[littleturle]

I share the same feeling. There are so many out there and it is confusing.