VIRTUAL MACHINE ~ Can Guest OS become Infected Through Host OS ? ? ?

[kij123]

VIRTUAL MACHINE ~ Can Guest OS become Infected Through Host OS ? ? ?

If I setup and use a virtual machine running/containing both a Host OS and a guest OS ... do they remain completely separate entities when operating one or the other?

My main concern is Virus related ... if for instance I'm Running Windows 7 as the host and XP as the guest and I get the host OS infected, will the guest XP OS also contract it by default because it is operating on the same disk? . . . same question applies vice~versa

thanks

 

[ssjwizard]

No they cant cross contaminate eachother directly. Now if you had a virus propigating through network packets and both OS are accessing your network then its possible for something like this to happen.

Ever since I helped a buddy get his system running all internet activity through a VM Ive pretty much been on the bandwagon. I keep an ultra lite linux VM preconfigured in a zipfile in the parent directory of the VM files, when/if it gets infected I can restore it to default config in a few minutes.

 

[kij123]

Do you recommend using Linux as the main and Windows as a secondary OS as the guest or does it matter?

 

[ssjwizard]

Personally I run my main rig on Windows due to various software/games that require it, and run Linux as a guest OS. The same idea applies with Win7 / XP though. I would only suggest Linux as your native OS if it does not impair your daily activities.

 

[Automata]

Do they get it "by default"? No.

Is it possible for the host to contaminate the virtual machine (and vice versa)? Yes, it is possible, but fairly difficult. It also depends on what type of vector you are talking about. If you mean straight through the virtual machine software, that is pretty hard and you probably aren't going to see that happen. But, for example, if you get one that spreads via the network, both the host and client and connected to the network, so they are only secure as how they are setup.

I'd be more concerned with either system getting infected in the first place rather than it crossing virtual machine boundaries. What you use for the host OS is up to you. If you are more comfortable using Windows, use Windows. Personally, all my computers are Linux in the first place, so naturally all my hosts are Linux based. Would I suggest it over Windows? Not really.

 

[kij123]

It's been suggested to me that another strategy would be in having a dual boot system however utilizing separate drives to run each OS .. (is this better or worse???)

... but from what you both just spoke about, infection is not completely avoidable unless i have a single dedicated machine for this task.

 

[Automata]

It depends on your goal. If you want to run both operating systems at the same time, then putting them on different disks and doing "bare metal" installs is going to be pretty useless.

So the question then becomes: What are you doing with these operating systems?

 

[ssjwizard]

The short story is if its connected to a network it CAN get infected. The real question is how hard are you making it for such a thing to happen, and what is your plan should it happen? If you cant answer either of those questions you need to spend some time on your security setup(like your doing now), and which is not a simple task.

If your getting infections frequently then perhaps the issue lies with your browsing habits.

 

[kij123]

True enough it does come to how i use my OS and browsing habits.

Perhaps also i am a tad bit paranoid, having close friends that experienced similar issues with compromised systems. There are hackers and software built to operate stealthily such as the case with one of my friends. His personal system was hacked and discovered when it was too late ... brought his PC to an expert who found a maliciousness program running incognito. He had firewalls and antivirus programs installed however none provided security to prevent all of this.

Can you both tell me what measures you take including what software and configurations you use to ensure your security is tight?


Thanks

 

[Automata]

No offense to your friend, but if he had to bring his computer to an expert to find an infection, he probably doesn't know what he is doing. Firewalls and antivirus only do so much and are no where near complete protection. Heck, even what I run isn't complete protection - nothing is.

I have a bit of an advantage by using an operating system that isn't popular, Linux. Regardless of what you are told, any operating system can be infected (yes, even Linux and Mac), so you should always take multiple steps. I use Firefox for my browser and use NoScript, FlashBlock, and AdBlock Plus to filter out websites and scripts that will try to run stuff on my system. If you are paranoid, as you claim, you should at least be running something similar. I use pfSense for my firewall, which is a standalone Linux distro. This allows me substantial control over traffic in and out of my network. That is all I can think of off the top of my head, but I'm sure I have a lot more in place.

You still haven't answered my question as to what your goal for the virtual machines was.

 

[kij123]

No offense to your friend, but if he had to bring his computer to an expert to find an infection, he probably doesn't know what he is doing. Firewalls and antivirus only do so much and are no where near complete protection. Heck, even what I run isn't complete protection - nothing is.

I have a bit of an advantage by using an operating system that isn't popular, Linux. Regardless of what you are told, any operating system can be infected (yes, even Linux and Mac), so you should always take multiple steps. I use Firefox for my browser and use NoScript, FlashBlock, and AdBlock Plus to filter out websites and scripts that will try to run stuff on my system. If you are paranoid, as you claim, you should at least be running something similar. I use pfSense for my firewall, which is a standalone Linux distro. This allows me substantial control over traffic in and out of my network. That is all I can think of off the top of my head, but I'm sure I have a lot more in place.

You still haven't answered my question as to what your goal for the virtual machines was.

I apologize for seemingly evading your question ..not intended.

I am mainly concerned regarding my online financial/commerce related transactions .. would hopefully like to keep this as secure as possible.

Since i also do a lot of browsing and downloading i don't want to compromise one with the other.

Thank you for sharing your preferences and prevention tactics. If you think of anything else such as best Malware & antivirus protection ..etc ..for both OS's, please do mention it.

I do appreciate all of your insight,advice and patience.

 

[Automata]

The answer to this depends on how paranoid you want to be.

Even if you were running a Linux live CD in a virtual machine on your system (which is destroyed when the virtual machine is halted), your system is still vulnerable. For example, if a keylogger was installed on the host, it wouldn't matter if you were typing your password into your heavily invested Internet Explorer window (with 400 addon bars) or a completely clean virtual machine. The keys are still being intercepted on the host. There is no virtual machine boundary to cross and the malicious software doesn't even notice that you are using a virtual machine -- it doesn't care.

An acceptable solution (again, depending on how far you want to take this) is to boot a Linux live CD on the host OS and do whatever you need to. You will be in a clean operating system that is destroyed the moment the computer is shut down. The problem then becomes how secure the websites you use are. One could take it even farther than that, but we are at the point of being ridiculous.

I didn't give an answer to one of your questions and it deserves an answer. You mentioned two different installs on different disks. This seems good in theory, but is actually really bad in practice. When you are using either operating system, you are (likely) running as an administrator, which means you have control over the hardware on the system. If you there is a piece of malicious software running on the system, it is running as you, which means it also can control hardware. You can see where this is going. It has access to the other hard drive, and if it is programmed to do so, it could infect the other operating system without it even being booted.

Personally, I think this is all absolutely silly with proper measures taken, including responsible browsing habits combined with good safeties in case something goes wrong. Out of all the years that I've been using computers, I've not once had an infection on a system (Windows or Linux) because I always take precautions and verify what I'm doing. For example, if I don't know the domain of a link sent to me from someone I know, I do quick research into it to find out what it is. I've seen quite a few friends have their MSN accounts stolen and seen the thief start sending out links to further infect other people. I'm rambling at this point, but I'm saying that blindly clicking is bad.

 

[c627627]

Easiest solution before any virtual machines existed in the last century was to install Windows 98 on one partition and Windows 2000 on another. Then reboot quickly from one into the other and reimage.

Today 32-Bit Windows XP / 64-Bit Windows 8 dual boot combo installed on relatively small partitions gives you the advantage of not only extended compatibility for old apps/hardware but you can simply nuke one OS from the other then reimage in a couple of minutes - in less time than a short bathroom break takes.



The moment I see either one of my OS's hickup or take a full 1 second to do something instead of zero point one seconds to do it, I don't spend time diagnosing the problem - I reboot and nuke and reimage and problem solved.

If experimenting with new software, you can nuke when you're finished on general principle since the main OS image contains only the programs you want installed with every setting and font set up just like you like it - nothing gets added to it unless it's tested and tried to be useful as part of the permanent image...

 

[Automata]

The problem is that if both disks are hooked up and the system is infected, that program has access to both operating systems. While I wouldn't expect malware/virii to look for other installs, I wouldn't use this as a safeguard, because it certainly isn't one.

 

[c627627]

Right. If you chose not to reboot into another OS for valid reasons or otherwise, then why not simply reboot from USB, and reimage?

Matter of fact, the dual boot nuke and reimage [for me 'holy grail'] solution to all Windows problems can be improved upon by doing that because you can program imaging software, Terabyte Image software for example, on a USB stick.

Then you just reboot and it boots from USB and nukes and reimages and reboots and everything is pre-programmed and automatic so you don't even have to spend time starting the reimaging program and selecting partitions to reimage. So you just reboot from USB and it automatically does all the work from there and you're back into clean Windows.


Additional safety improvement imo would be to store images on an external USB 3.0 hard drive connected to a power surge strip with an ON and OFF switch.

So it's only turned on when reimaging. How about that?

 

[Automata]

That would be a lot better, but still a bit too paranoid for my tastes.

But hey, if it works for you, I'm not going to say anything.

 

[c627627]

I make a new image every month to include the monthly OS update and make changes to settings and install new programs if necessary.

But the image itself is used frequently to restore the system to its freshly installed state. Couple of months without a fresh reimage is the most I ever went on in the past 10-15 years.

It's so simple and fast to do, why not do it all the time and not even worry if it's necessary

 

[petteyg359]

It's so simple and fast to do, why not do it all the time and not even worry if it's necessary

It's also simple and fast for me to set up a recurring order from Amazon.com every two weeks for a new power cable, cut half off the new cable, cut half off my current power cable, and splice them together to avoid any kind of spy devices in the cables... why not do that all the time and not even worry if it's necessary That's a few too many levels of paranoia for me

 

[c627627]

lol


I do reimage > apply monthly update + any corrections to main image > make new image.


Otherwise I reimage only when noticing something fishy, or a lag of 0.5 seconds in place of something I know should be instantaneous. If what you describe can be done by costing you nothing to press a button before going on a short bathroom break and by the time you come back, it's all new and done, then what's the downside?

In other words and imho, there's no paranoia in having everything run as instantaneously fast as on day 0 of install. So this brings us to the following question: when people say that *everything* on their Windows machine runs as fast on day 1,460 after install as it did on day 0, are they really correct?

That's how I look at it, permanent fresh install with everything running at peak and everything opening instantaneously. Of course, you need top of the line CPU, SSD etc. to notice, but anyone who jumped to the top of the line Intel i7 when it first came out or replaced their mechanical drive with a super-fast SSD knows what I'm talking about when it comes to noticing even slight hick-ups after getting used to high-end speed computing.

 

[petteyg359]

Otherwise I reimage only when noticing something fishy, or a lag of 0.5 seconds in place of something I know should be instantaneous.

So when your drive has a hiccup, or just happens to have the platter spun 0.00001% of a rotation past the data you want, you blame it on the OS? Sure, there's nothing wrong with doing that, but it seems rather silly to me. Seems like you're just putting undue stress on the hardware for no reason. Maybe you should invest in a nice SSD

when people say that *everything* on their Windows machine runs as fast on day 1,460 after install as it did on day 0, are they really correct?

I have no idea. I haven't used a stopwatch for everything I've ever installed. I do, however, run periodic defrag (UltimateDefrag), uninstall old versions of stuff like Java, let Calibre/VLC/whatever uninstall old versions when they update, etc., and I'd say my system runs as fast as when it was freshly installed two years ago. The only thing noticeably slowing it down is the occasional relocation of data by the failing hard drive.

OP was talking about malware protection, though. While I honestly think your method is silly for fixing slowdowns, it's probably effective malware protection, at least until somebody includes VirtualBox drivers in their malware