Virtual PC Security

Discussion in 'other security issues & news' started by CountryGuy, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. CountryGuy

    CountryGuy Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    139
    Hello all!

    As background: I have a 64 bit Vista Ultimate rig running Virtual PC 2007 (SP1), with a Vista 32 bit VPC set with Shared Networking (NAT) and with Undo disk turned on (i.e. you can dispose of changes after each session). The host machine runs Windows Live OneCare (firewall, AV/AS, etc.), and I run as an Administrator on this machine, but with UAC turned on.

    The virtual PC is running NOD32 2.7, and I run as a Standard User on this instance. I fully patch Windows when updates come out, and update NOD32 before going on the internet with this virtual PC.

    How great is the risk of the host becoming infected with a virus from the virtual PC in such a configuration? I know its theoretically possible, but how realistic?

    Thanks in advance!
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    If you are doing everything in your VM, it very hard for anything in the virtual machine to infect your actual computer unless there is a vulnerability in VirtualPC. Additionally, the chances that malware will actually check if it is in a VM is quite small (though it has the capability). Additionally, actually having the exploit code in the virus is even rarer.
     
  3. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    How do you update the Virtual's AV prior to putting it online? doesn't that mean your getting your AV updates from your host?
     
  4. CountryGuy

    CountryGuy Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    139
    I don't -- When I bring up the Virtual PC, it runs its update (like when you boot your machine).
     
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Nowadays malware should take notice of residing inside a box.
    If direct hardware access is possible through any kind of virtual machine or os there should be no problem to own your system from the inside. If sophisticated malware reaches hardware level all other things such as operating systems or vms of any kind become meaningless. But this is just a worst case scenario this is not valid for usual malware.

    Also think about the fact that things like deeper door attack network cards and dns malware will try to own routers so in many cases the attack scenario may take place long before your virtual machine, desktop or operating system and in several cases may be out of users control. DD will communicate directly with your lan card, your os will take zero notice. Security apps are useless in such a worst case scenario. In the end it doesn´t matter if vm is present or not. Ethernet card is your gate, you can chose whatever you want to access internet but they will get you in all events in case your network card is already owned. :)
     
    Last edited: Aug 15, 2008
  6. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Just be careful with what you share between the guest and host. If possible don't share anything and you'll be fine.
     
  7. CountryGuy

    CountryGuy Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    139
    The only sharing is the wireless NIC via Virtual PC's NAT. Only disk is the VHD of the instance - No sharing files between the host and VPC.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Then i'd say you'll be fine.

    There are some people who do run something like returnil on the host just to be sure but personally i don't worry about it. I don't run any security except for the inbuilt vista security on my host. I run vmware on top of that and install my security apps in the virtual machine.
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I use VMWare Workstation with NAT enabled and various Linux distros some set-up for sharing and LAN access and some not.

    Had an interesting experience the other day: NIS flicked up a "an attempt to attack your computer has been blocked" message from the Host OS : XPSP2, the host OS is on a LAN.

    This happened while in a Linux VM with FW enabled and behind a router and no sharing
    ( ie what I had thought was REALLY safe ) cruising some darker sites and using NAT : ie host's IP address.

    I suspect this is not as secure as maybe thought.
    I am trying to figure out if bridged networking is safer or better.

    I am trying to do that again to get some log info.

    I would be very interested if anyone had a comment or some experience.

    o_O
     
    Last edited: Aug 17, 2008
Loading...
Thread Status:
Not open for further replies.