Virtual PC Security

Hello all!

As background: I have a 64 bit Vista Ultimate rig running Virtual PC 2007 (SP1), with a Vista 32 bit VPC set with Shared Networking (NAT) and with Undo disk turned on (i.e. you can dispose of changes after each session). The host machine runs Windows Live OneCare (firewall, AV/AS, etc.), and I run as an Administrator on this machine, but with UAC turned on.

The virtual PC is running NOD32 2.7, and I run as a Standard User on this instance. I fully patch Windows when updates come out, and update NOD32 before going on the internet with this virtual PC.

How great is the risk of the host becoming infected with a virus from the virtual PC in such a configuration? I know its theoretically possible, but how realistic?

Thanks in advance!

 

If you are doing everything in your VM, it very hard for anything in the virtual machine to infect your actual computer unless there is a vulnerability in VirtualPC. Additionally, the chances that malware will actually check if it is in a VM is quite small (though it has the capability). Additionally, actually having the exploit code in the virus is even rarer.

 

How do you update the Virtual's AV prior to putting it online? doesn't that mean your getting your AV updates from your host?

 

I don't -- When I bring up the Virtual PC, it runs its update (like when you boot your machine).

 

Nowadays malware should take notice of residing inside a box.
If direct hardware access is possible through any kind of virtual machine or os there should be no problem to own your system from the inside. If sophisticated malware reaches hardware level all other things such as operating systems or vms of any kind become meaningless. But this is just a worst case scenario this is not valid for usual malware.

Also think about the fact that things like deeper door attack network cards and dns malware will try to own routers so in many cases the attack scenario may take place long before your virtual machine, desktop or operating system and in several cases may be out of users control. DD will communicate directly with your lan card, your os will take zero notice. Security apps are useless in such a worst case scenario. In the end it doesn´t matter if vm is present or not. Ethernet card is your gate, you can chose whatever you want to access internet but they will get you in all events in case your network card is already owned.

 

Just be careful with what you share between the guest and host. If possible don't share anything and you'll be fine.

 

The only sharing is the wireless NIC via Virtual PC's NAT. Only disk is the VHD of the instance - No sharing files between the host and VPC.

 

Then i'd say you'll be fine.

There are some people who do run something like returnil on the host just to be sure but personally i don't worry about it. I don't run any security except for the inbuilt vista security on my host. I run vmware on top of that and install my security apps in the virtual machine.

 

I use VMWare Workstation with NAT enabled and various Linux distros some set-up for sharing and LAN access and some not.

Had an interesting experience the other day: NIS flicked up a "an attempt to attack your computer has been blocked" message from the Host OS : XPSP2, the host OS is on a LAN.

This happened while in a Linux VM with FW enabled and behind a router and no sharing
( ie what I had thought was REALLY safe ) cruising some darker sites and using NAT : ie host's IP address.

I suspect this is not as secure as maybe thought.
I am trying to figure out if bridged networking is safer or better.

I am trying to do that again to get some log info.

I would be very interested if anyone had a comment or some experience.