Surviving the virtual machine buzz.

What do virtual machines mean to you ...... something for geeks or is it now everyday software ? Are you a conservative home user who thinks of them as an unnecessary waste of hard drive, or maybe you're more experienced and see them as just the opposite, they're a way to extend the scope and security of your hdd ?

Maybe you're interested in Linux - you've not been keen on the idea of dualbooting and see this is a great workaround...... particularly if you have the onboard resources with which to be generous. Now you can have Windows & Linux operating on the same box at the same time - how great is that ? Perhaps you're a gamer with a powerful machine, lots of resources and like the idea of having a dedicated virtual game machine that you can clone and keep at different stages or even export to another box ?

Maybe you've just had your interest tweaked to the point where you wanna give the idea a whirl .......... there are paidware, freeware, beta-ware and open source versions.

Whatever - if you do go the virtual way, take a few minutes to look at your own set-up and also to look at the options on offer in the virtual machine(s) of your choice.

For instance, do you really need to permit file & folder sharing ?

Similarly, particularly if you want to run a virtual Windows machine to experiment with malware, you might want to understand the differences between the various networking options........Do you really need bridged networking ? Essentially, do you really want to provide your virtual testing box the potential to be on speaking terms with the whole rest of your network - when it doesn't have to be ?

I'm not a geek and I don't speak much techno language, but I do flavours fairly well. At the moment virtual machines are fairly sweet, a lot of smart malware will deliberately fail to install if it detects a virtual environment and that's good for now ........ but it's not guaranteed to stay that way. It seems a shame for all that sweetness to end up a bitter aftertaste, just because no-one thought to check their settings and infected their whole network because of it.

So I reckon it pays to be smart from the start and check out those options - if you're not sure about networking, don't just settle for guesswork, check it out .....

If you've got some guidelines or maybe you think they aren't needed with vm's - please add your thoughts ......

 

Hello,

I don't do malware testing as I see no goal in doing it.

Most of my vm testing is for benevolent purposes, so to speak. That said, all of my computers are firewalled and only specific non-OS folders are shared.

I don't run bridged - I use NAT for my machines - with one-way sharing into the machines but not out of them. NAT means a subnet behind the vmnet drivers, as if you open a side dimension to your home network:

192.168.0.x - home machines
192.168.x.x - vmware - 192.168.x.y virtual machines

This applies for both Windows, Linux and mixed networks.

Besides, containing malware in vm is a very simple thing - delete file or revert to snapshot. That said, 90% of all testing I do is on non-Windows operating systems, real and guest alike.

Mrk

P.S. Got another laptop at work - Centrino Duo 1GB RAM - but with so much corporate evil on it, it's a sad thing ....

 

Hello, eyes-open,

I'm glad you brought up this topic.

The term "virtual machine" (like HIPS) is used in different ways these days. From wikipedia:

1) Hardware virtual machine
The original meaning of virtual machine, sometimes called a hardware virtual machine,
is that of a number of discrete identical execution environments on a single computer,
each of which runs an operating system.

2) Application virtual machine
Another meaning of virtual machine is a piece of computer software
that isolates the application being used by the user from the computer.

3) Virtual environment
A virtual environment (otherwise referred to as Virtual private server)
is another kind of a virtual machine.
__________________________________________________________

"Virtual environment" is also loosely used by some to refer to programs
like ShadowUser and Deep Freeze which restore to a good previous state on reboot.

Do "sandbox" programs qualify for any of the above?

So, it's not always clear to me what people are referring to in using these terms. For example,

I'm not sure which of the above he is referring to.

For me, a program like SU or DF is the simplest way to use something "virtual."



regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Hello,
I was talking about complete OS virtualization. For instance, SU does not allow you to install a firewall - or any software that requires reboot to commit changes. Virtualization of entire OS, as a whole, gives you far more testing flexibility. SU / DF are excellent for given setups.
Mrk

 

Hello Mrk,

Can you give an example of a product that is OS virtualization? Would this be a hardware or application virtual machine?

Thanks,

-rich

 

WMware = hardware virtual machine (?)
Very useful for testing OSes, applications, tweaks.

 

Hello,
Well Peter pretty much covered it.
The beauty of testing OS in VMware, for example, allows you to test every possible aspect of OS, including network, printer, file sharing, NAT, partitioning, dual boot. Expendable computers that run as files on your machine. Once you don't like something - you start anew. Also highly recommendable for trying DOS, older Windows, Linuxes, things that cannot or might not or you would not want to run natively....
Mrk

 

Pete and Mrk,

thanks for the explanations!


-rich

 

Hi

Initially I was aiming at hardware virtualisation - VMware, Parallels, Microsoft Virtual PC, VirtualBox etc.....

It's understandable that there's some cross over - and that's fine. I'm only looking to promote a gentle discussion around the subject of securing virtual environments. Maybe begin to indentify potential problem areas and see if there are any patterns of good practice being developed by the enthusiast. Just stuff that gives the first time user, or less technically adept person like myself, a bit of a head start.

Locally, file sharing and networking seemed to be a useful kick off point and is a point at which the user is able to make a choice that affects permissions attributed to the virtual machine.

I'm equally happy to look at other wider possibilities. For instance, I guess at some point the fact that a virtual machine can be downloaded the same as any other file is going to be abused. Potentially then, the possibility exists to trick a user into importing a 3rd party machine that has been designed to subvert the host system. So a basic guideline such as being sure you only import machines from verifiable sources is added to the list.

 

1. All boxes I build are now equipped with quasi-virtualization as a primary defense (sandboxes)
and the clients instructed in their daily application

2. Ive had enough of Microsoft between DRM and forced upgrading, I quit (as far as I can without abandoning my software investment) So my boxes will now rely on virtualization to run W2K

3. I do plan on building a virtualized zoo testbed, eventually
as the only real means to determine trust first hand


Virtualization (in its various grades) is thus IMO
the best defense
the best hope and
the definitive means of establishing trust we have currently

 

I love virtual machines, save a few default images on a central place (W2K, XP/sp1, XP/sp2, W2003, etc) with and without office and other security apps preloaded, and you can test a whole matrix of products in a very short time with very little hardware. You don't have to re-ghost drives.

However, controlling them is a major problem. Virtual machines are not part of the domain, and are not managed with a domain admin account. Policies are also not enforced, such as AV or security settings or logging. It's easy for a rogue machine to become an inside man for someone outside, or a departing employee to save a completely trojaned machine image in the library. It's very hard to track down a running VM machine if it isn't generating traffic, or has stealth software added. It should be possible for one virtual machine to create an entire running ghost domain inside a host domain watching every move of data.

Bill

 

eyes-open said :
What do virtual machines mean to you ...... something for geeks or is it now everyday software ?

Virtulization gives me flexability to run different operating systems, many oses on the same machine with their own configurations and able to save them, copy or move to another destination.
Virtualization saves me money and time through consolidating and testing.

 

I would think MS shared computer toolkit would be an OS virtual machine wouldn't it? Can install software and reboot with or without changes. It is completly IT oriented with permissions which can be tweaked per user.
I know there aren't many here that have tried it but there is a few from over at DSLReports. Zoverlord has written a bunch on the toolkit.

controler

 

@ controler: I think it's a slightly different aspect of management. You probably know this stuff anyway, but I'll try not to trip myself up.......

The field of virtualisation in respect of this thread, is probably focussed more on software that owes it's success to technology built around the VMM (virtual machine monitor). or it's more racy term the 'hypervisor'.

As I think it helps a little with the terminology; hypervisor technology is said to be a play on supervisor, an older term for a program which basically managed the kernel of an OS. So a hypervisor is a program able to manage multiple instances of kernels on a host at the same time.

I've no experience with it, but I'm guessing the MS Shared Computer Toolkit is probably more about the management of seperate accounts on the host kernel ?

@ Bill@GreenBorder: Thanks for raising the additional point about the disgruntled individual with physical access to the host machine.

Cheers all

 

I use virtulization products from VMWare.

Workstation. Lets you use multiple virtual computers simultaneously with the host operating system, you can also nominate multiple virtual machines as a team. Multiple snapshots can be taken of an operating system and each snapshot allows you to roll back the virtual machine to the saved position at any time. You can power on and off, suspend and resume a VM.

Player. Lets you run VMs and is apart of the VMWare Workstation package and also free to download.

ESX. Enterprise-architecture that comes from a modified version of Red Hat Linux. It provides me with control while saving time and money with lower overhead.

Infrastructure. ESX, SMP, Virtual Center amoungst other allow me to see 4 cpus in the VM. Basically a suite that virtualizes servers, storage and networking.

Getting to see the benefits?

Lab. Saves time and money in development. Share resources across development and testers.

ACE. Manage unmaned PCs while running multiple VMs.

 

eyes-open

I see what you mean about terminology. I was thinking hypervisor was the CPU built in VM with the new AMD and Intel CPU's. LOL

You are correct in the fact that the toolkit is directed more at public places just like deepfreeze is.
Here is an overview of the toolkit.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sct/default.mspx


I guess the toolkit is more like deepfreeze in the fact that after reboot all is back to before changes unless you allow them. MS Virtual PC is more like VMware, where you have a host and guest.
I used it for a while out of curiousity and the only thing I noticed with the version i used was a limited amount of AV's that could be used with it. For now it is free. I never used MS's Virtual PC but see some still testing with it.
I have used VMware before and like it but the price is too steep for me.

controler

 

Most of the work I do with VMs is at work and use them for two main reasons.
1. Cost, consolidation, the money it saves me.
Reduced space, work hours, manpower and IT costs.
2. Testing/Development, simulation, without affecting the host and rollback, share configurations without the user having to worry about the computer management.
Virtual Machines have also overflowed into the home network and not just homework.

At work amoungst other things I use VMWare for virtualizing servers. Help in application rollout and testing, using on different OSes without rebooting, and simulations while also protecting productive systems. Virtual networking, managing unmaned PCs with VMs, storage.

At home virtual networks, a replacement for dual booting, security, managing PCs amoungst others, but I'm interested in what others are using VMs for...

What things are you doing with Virtual Machines at work? What are you doing with VMs as a home user?

 

For now, it's allowing me to check out Linux and OpenBSD, etc. I think everyone considering changing OS should take a look at VM. I only have one pc, so it's like magic .
Suddenly, i find myself downloading OS's, not just programs or files.

 

Someone

Even though it is fun and nice to use VMware to load Linux ect., there are a lot of CD, DVD Linux OS you can load on boot without installing which work great. Linux has come along ways in the past three years but I don't know if they are using it in High schools, collages ect. yet.
I think for the most part, you can do anything with Linux you do with Windows except for maybe games. It has Firefox and mail LOL


controler

 

Indeed. But with VM i only need to download, not burn CD's, nor reboot (which is slow).
I continue on in Windows, checking out Linux, and when i'm done, close it.

The games part can be a downside, but not a big issue for me. I do play, but not essential. Also, America's Army can be run in Linux i'm told. There could be others.
The upside is VM. I suppose i can run a VM in Linux, to run windows and load the game, am i wrong or is it too slow?
Feedback is much appreciated.

 

Linux as host, of course to run vm. game, unsure.

 

Hello,
As another gamer, I can say that America's Army is no longer supported on Linux since version 2.4. Time to move to different FPS. It's no longer fun anyway....
Mrk

 

I asked a guy who had a name Linux something, and he told me you could.
Anyway, Mrk, add that section to your site, games for Linux

Meriadoc: yes, i was referring to Linux as host, windows as guest, with the game.
It's the opposite of what i run now, except for the games part.

 

Hi, VMs are secure by nature, they are highly secured by hardware isolation.
Our virtual networking and infrastructure; server, storage communicates through the network and certain operations require user authentication. compliance making an audit trail.