Results 1 to 9 of 9

Thread: Should I be worried about my virtual machine's security?

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    1

    Should I be worried about my virtual machine's security?

    Hey all. I run ubuntu as my main OS, in which i run windows XP as a virtual machine.(my work requires a few windows programs that i can't seem to get away from). my virtual windows uses NAT to access the internet through my computers wireless NIC.

    my question is should i be concerned about security on my virtual machine? should i install antivirus / firewall / etc... on the virtual machine? if the vm is connect to the internet through NAT, that means it doesn't have its own ip address...so i can't figure out how to even ping the vm. is it possible for an attacker to target my vm? coudln't someone nmap and exploit my vm? the fact that its using NAT makes me unsure.

    thanks for any help, much appreciated

  2. #2
    So if I understand your use of terminology correctly, you're behind a router so your VM naturally doesn't have an external IP address. In which case a firewall isn't absolutely necessary as long as you know how to keep your vm clean of malware. So yes, you should at least install an antivirus program.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    If the Ip of the VM is something other then the one that your ISP gives you, essentially you are behind a router. I think you may be more concerned if the VM gets a virus then can it infect your computer? - no. If you think you might get viruses,trojans,malware,etc. on your VM you can make a snap shot of it as a "clean install" with all the things you need on it and restore it in case anything does happen.

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Just because nobody MAY be able to access you directly from the 'outside' does not mean, even by a long shot, that you are safe. A great number of the vulnerabilities out these days for windows / windows products revolve around client side vulnerabilities that can be activated through visiting a malicious web page (internet explorer, media player, adobe, quicktime, etc)...Even popular sites get compromised from time to time (or the ad servers they use), so limiting your browsing won't necessarily protect you...

    If your VM system did get compromised you could of course revert the image back, but you would lose whatever data you had on there from when the image was taken. There is also malware that is capable of detecting a VM environment and doing other nasty things with it...

    IMO, just because you can recover quicker and its in a VM environment does to remove the necessity to take minimal steps to secure that virtualized OS...

    my $0.02...
    /neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    You're never safe, ever. Most people think of virtual machines as expendable because if it gets infested with malware, oh well, copy the clean backup over and voila! all better.

    Not always the case. Core published a vulnerability in vmware just last month about how they could exploit the shared folders functionality in vmware to pop into the host system through the guest machine.

    Even if you don't use that feature, the point is you never know what other flaws are waiting to be found or when they will hit you. The threat of attacking your host machine through the guest is already real, so you can't have the 'i'll just use a clean copy' state of mind, it'll come back to bite you in the ass...

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Quote Originally Posted by xiphias360
    You're never safe, ever. Most people think of virtual machines as expendable because if it gets infested with malware, oh well, copy the clean backup over and voila! all better.

    Not always the case. Core published a vulnerability in vmware just last month about how they could exploit the shared folders functionality in vmware to pop into the host system through the guest machine.

    Even if you don't use that feature, the point is you never know what other flaws are waiting to be found or when they will hit you. The threat of attacking your host machine through the guest is already real, so you can't have the 'i'll just use a clean copy' state of mind, it'll come back to bite you in the ass...
    Glad you were a little more specific about Core's findings and some of the more recent vulnerabilities...I was a little too vague when I mentioned detecting VM's and doing nasty things...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Shared folders arent enabled by default.

  8. #8
    Banned
    Join Date
    Jan 2008
    Posts
    605
    The threat of attacking your host machine through the guest is already real, so you can't have the 'i'll just use a clean copy' state of mind, it'll come back to bite you in the ass...
    It's obvious people don't care if they've compromised an emulated environment or not. That's why you'll likely never see a bot in the wild that does anything outside of this.

    First of all, the bandwidth is real. Quite a lot of people spend the majority of their time doing things through VMware and whatnot anyway... so uptime isn't going to be a huge issue either.

  9. #9
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Quote Originally Posted by CoreLabs
    Successful exploitation requires that the Shared Folder's feature to be enabled which is the default on VMware products that have the feature AND at least one folder of the Host system is configured for sharing.
    http://www.coresecurity.com/?action=item&id=2129

    But the point is that the risk has already been proven once. Maybe only through this one vector for the time being, but you can't be certain that another wont appear that uses a different technique, one that exploits a more common feature.
    Last edited by xiphias360; March 27th, 2008 at 05:32 AM. Reason: typ0s

Similar Threads

  1. Apache, PHP, MySQL with basic security settings.
    By nightcat in forum The Security Tutorials Forum
    Replies: 9
    Last Post: May 28th, 2005, 02:47 AM
  2. WinXP SP2 = security placebo?
    By jinxy in forum Microsoft Security Discussions
    Replies: 8
    Last Post: September 3rd, 2004, 03:18 PM
  3. Security Policy
    By instronics in forum The Security Tutorials Forum
    Replies: 7
    Last Post: February 5th, 2003, 10:04 AM
  4. NEWS: This weeks security news. 10/9/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 9th, 2002, 09:21 PM
  5. NEWS: This weeks security news. 10/2/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 2nd, 2002, 09:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •