Running virtual machines makes you vulnerable

[ancient_mariner]

If I read this correctly, running (presumably Windows?) in a virtual machine actually made your system vulnerable. IIRC there were a couple of people who were running virtual machines in order to be more secure against viruses/malware.

Just a heads-up.

 

[neil_g]

i cant say i'm overly surprised, im more surprised that its taken this long for an exploit to surface.

using a VM as your day to day machine personally i don't think is of any benefit for security. i think people get a bit confused by VM sandboxes but those are very disposable VMs that are intended to be trashed via testing rather than being hooked up to your daily data.

 

[Byker28i]

Hyper-v runs on top of the windows operating system. Other virtual infrastructures don't work this way.

 

[neil_g]

*cough*

"An attacker who exploits a memory management error in the software can potentially execute code on the ESXi host remotely"

http://www.theregister.co.uk/2015/10/01/vmware_patches/

 

[Mr Bump]

A VM is still a machine with the same rules that affect a physical.
If you limp on the AV or malware protection then its just as easy to infect.

I use a Win 10 VM on Hyper V as my secure PC for banking and that's all.
It has AV and Malwarebytes and Rapport site protection and that's all it does.

I don't intend trashing it every few weeks as some have suggested, it juust means I can keep my more sensitive internet stuff on a separate PC.

 

[Carlh]

I use VirtualBox (it rocks) for WIn XP on development stuff, have 60GB SQL Server Databases attached as separate files - been using it for about 10 years and it works amazingly. Very handy to back up - very handy to restore if my machine goes t1ts up. Wouldnt run a main machine on there though.

Its also good to try out all the other OS's such as Mint, AmigaOS and IOS. I have a Win10 development machine set up on there too. Of course, I have bitdefender with licences on all of the machines including the host PC so feel pretty safe from any malware tbh and never have had any issues.

 

[neil_g]

I don't intend trashing it every few weeks as some have suggested

FWIW i wasnt suggesting you should intentionally trash your VM regularly. only that VM sandboxes were originally by design intended for intensive testing where rolling back to a snapshot is much quicker than reinstalling an OS for example.

 

[Mr Bump]

FWIW i wasnt suggesting you should intentionally trash your VM regularly. only that VM sandboxes were originally by design intended for intensive testing where rolling back to a snapshot is much quicker than reinstalling an OS for example.

Oh I wasn't suggesting you did, I just remember a few anarchists a while ago suggesting that was the way to go.

VMs for me work very well because you can shut them down copy the files and make them portable, I also use a VM for more risky internet such as torrents and again that's all that gets used for. I work all day in a virtual environment so it is easy to get on with. Also having these machines virtual means I can remote access very easy.

 

[andyscott]

windows is vulnerable full stop, unless you cripple it within an inch of its life.

 

[neil_g]

end users are vulnerable full stop, unless you cut their hands off.

FYP

 

[broc]

It's patch Tuesday (2nd Tuesday of every month) and Microsoft are shipping out a bunch of fixes, including one which fixes a vulnerability in Hyper-V that allows a VM to access & execute code in the Hyper-V host server.

I used to manage a virtual server environment, and I use VMs under Windows 10 Pro at home. You have to treat the security of a VM as seriously as you would any physical machine.

 

[petersmart]

I run Win 7 64 bit on a host machine with various VMs running both XP (SP3) and Win 7 32 bit and all my surfing is done within them.
Both OSs have had the updates turned off since they were installed.
I use Avast free but just for files since the web checking makes it too slow.
I also use a VPN which blocks dodgy websites.
Nothing of any value is installed on any of my PCs, everything is backed up to external HDDs which are never left plugged in.
I run a weekly scan using MalwareBytes Premium which never shows up anything.
I also use full disk encryption using TrueCrypt in case anything should ever happen to it; then no one can even get onto it - good luck trying to get past the 64 bit password!
I feel quite secure even without the so called security updates..