Protecting the Windows using Linux
in [Setup]
|
Prev: Intel Graphics Under Debian Lenny (Blank Screen)
Next: Newbie looking for advice on Linux distribution
From: Nico Kadel-Garcia on 13 Feb 2010 04:45 On Feb 12, 3:55 pm, The Natural Philosopher <t...(a)invalid.invalid> wrote: > Karthik Balaguru wrote: > > On Feb 13, 12:37 am, "Bill Yanaire, ESQ" <b...(a)yanaire.org> wrote: > > Do you mean to say that windows will get infected > > even if it runs as a guest OS on linux OS ? > > Strange !! Certainly! By emulating the full OS, you emulate the bugs and vulnerabilities. > Of course. It's effectively a standalone machine. Running on some > curious hardware.. There are some interesting approaches to this. Using ClamAV and the like to scan the Windows filesyste, from the safe Linux world, is very handy at spotting some kinds of infected files. But other vulnerabilities, such as website infection attacks, can use holes in the existing Windows software that ClamAV has no chance of detecting. Another approach I've just heard about is using VMWare and a kernel in the Hypervisor that hosts the guest operating systems to provide certain types of protection: this might work best with para- virtualized kernels in the guests. Now, if our friend was running WINE, and using that to run Windows applications actually on the Linux host and not in a virtualized operating system, *THAT* gets you some protection from virus trouble. But not everything runs well that way.
From: Hans-Peter Diettrich on 13 Feb 2010 01:23 Karthik Balaguru schrieb: > The internet connection is in Linux (Host OS). > I am just eager to know if i have Windows as a > guest OS on Host OS(Linux), is it less possible > for Windows to get infected by virus ? The guest systems are not protected in any special way. > If Windows crashes, is there a mechanism > to recover it from Host OS(Linux) ? No, except for easy backups of entire VM's, or the ability of the virtualization software to reset a VM into some previous state (snapshot). Both methods have their pro's and con's, with regards to performance and disk space. I'd go for backups of entire machines, which are easy to restore (simply copy the VM folder). If you want to preserve huge downloads, put them on an independent virtual disk (not affected by snapshots), then you can backup the system and data disks independently. I found it good practice to separate system and data disks anyway. You can have any number of virtual disks, for different purposes, and with some experience you can use them in multiple VMs. E.g. I have independent disks for my many software projects, so that I can start updating a particular project by attaching the virtual disk to my development VM. Shared folders are another way for persistent data storage. The folders can be used in multiple VM's at the same time, and also are accessible from the host OS. Shared folders may be slower than virtual disks, because they are implemented as remote (network) resources, so that they should not normally be used for life data; but they can hold downloads very well, where the duplicate network traffic (from Internet to guest to disk) is almost neglectable. In any case you should consider that a virus can spread onto *every* attached R/W disk or folder. That's why IMO restarting infectable guests from a clean state is essential. Where Windows systems have a higher risk of infection, because they are the preferred targets of malware producers. While newer Windows versions (Vista...) have acceptable admin/user isolation, its administration (ACL, UAC...) IMO still is a mess. At least it's easier to protect a Linux system by simply logging in as non-privileged user - the essential system files and folders are always owned by "root", without any need for special administration efforts. > Also, is there any mechanism to debug windows > from linux ? Any ideas ? No idea. Remote debugging may be possible, but that's not related to virtualization. > I am planning to use Ubuntu as Host OS and > Windows Vista as Guest OS and either > Vmware or VirtualBox (Virtual machines). If you want a stable host system, then do not use it for surfing at all. I'm using a tiny Win98 VM for surfing, which is easy to backup and also to restore to its "virgin" state after every Internet session. Any Life CD (Ubuntu, Knoppix...) can be used for that purpose as well, where a VM will boot the CD faster from the ISO image than from a CD drive. BTW creating and burning ISO images is built-in with almost every Linux, no need for additional (expensive and/or unreliable) burning tools. DoDi
From: Aragorn on 13 Feb 2010 05:20 On Friday 12 February 2010 20:37 in comp.os.linux.setup, somebody identifying as Bill Yanaire, ESQ wrote... > "Karthik Balaguru" <karthikbalaguru79(a)gmail.com> wrote in message > news:7386f63f-909d-4ce6-8f4d-55a8ef44c0b0(a)x10g2000prk.googlegroups.com... >> >> The internet connection is in Linux (Host OS). >> I am just eager to know if i have Windows as a >> guest OS on Host OS(Linux), is it less possible >> for Windows to get infected by virus ? > > No - Make sure you have a good antivirus program on your Windows OS. That would be correct, and better still would be to use one of the many antivirus tools available for GNU/Linux, since those tools are designed to scan for *Windows* viruses, and given that a Windows virus cannot affect GNU/Linux, it is safer to scan Windows filesystems from within GNU/Linux. A Windows machine infected with a virus can scan its filesystems for viruses, but the virus could be hiding from the scanner in RAM. This is not possible in GNU/Linux. >> If Windows crashes, is there a mechanism >> to recover it from Host OS(Linux) ? To the OP: that depends on what you mean by recovering. Since it is a virtual machine, you could make a backup copy of the entire guest OS image and restore it from the host operating system if anything ever goes wrong with the guest. >> Also, is there any mechanism to debug windows >> from linux ? Any ideas ? OP: that depends on how you define "debugging". Since the Windows system runs inside a virtual machine which in turn runs on top of a host operating system - as opposed to running on top of a bare metal hypervisor such as Xen - it should be possible to access the guest operating system's memory from within the host operating system, but this will require a root privilege debugger. Given the context of using virtual machines, I don't know whether any such specialized utilities would exist, but the access to the guest from within the host is there. Just keep in mind that a Windows environment is entirely different from a UNIX environment. > It's best not to use Linux at all if you can help it. And that must be the joke of the year - see your own reply to the first paragraph. The internet would be a much safer place for everyone if Windows didn't even exist. -- *Aragorn* (registered GNU/Linux user #223157)
From: Karthik Balaguru on 13 Feb 2010 05:22 On Feb 13, 3:40 am, ray <r...(a)zianet.com> wrote: > On Fri, 12 Feb 2010 11:36:18 -0800, Karthik Balaguru wrote: > > Hi, > > The internet connection is in Linux (Host OS). I am just eager to know > > if i have Windows as a guest OS on Host OS(Linux), is it less possible > > for Windows to get infected by virus ? > > > If Windows crashes, is there a mechanism to recover it from Host > > OS(Linux) ? > > Also, is there any mechanism to debug windows from linux ? Any ideas ? > > > I am planning to use Ubuntu as Host OS and Windows Vista as Guest OS and > > either > > Vmware or VirtualBox (Virtual machines). > > > Thx in advans, > > Karthik Balaguru > > You'd probably get better answers in a virtualization related group. > Since you specifically mentioned vmware, you might try something like: > vmware.for-linux.general.- Hide quoted text - > Okay, regd vmware i will be checking with vmware.for-linux.general. VirtualBox related links/usermanuals seems to convey some info, but not clearly. The usermanaul seems to have some info - In bridged networking, all traffic goes through a physical interface of the host system for communicating with the guest system. However, the data passes through the host system networking stack. In internal networking , Guest OS directly communicate among them and is independent of the physical interface. In host only networking, a loopback interface is created on Host and the traffic between the Guest OS can be seen. The below link is also interesting - http://www.virtualbox.org/wiki/Advanced_Networking_Linux If a firewall is already installed you may also enable/disable the access to the internet calling Came across the below link, but does not convey w.r.t having the Linux as Host OS - http://opensourceexperiments.wordpress.com/2008/04/18/virtualbox-case-study-making-host-only-networking-work-between-two-ubuntu-guest-os-virtual-machine-on-windows-vista-host/ But, i am unable to confirm the clear method that would be able to filter the virus in the Host OS itself ? Thx in advans, Karthik Balaguru
From: Aragorn on 13 Feb 2010 05:23
On Friday 12 February 2010 20:58 in comp.os.linux.setup, somebody identifying as Karthik Balaguru wrote... > On Feb 13, 12:37 am, "Bill Yanaire, ESQ" <b...(a)yanaire.org> wrote: >> "Karthik Balaguru" <karthikbalagur...(a)gmail.com> wrote in message >> >> news:7386f63f-909d-4ce6-8f4d-55a8ef44c0b0(a)x10g2000prk.googlegroups.com... >> >> > Hi, >> > The internet connection is in Linux (Host OS). >> > I am just eager to know if i have Windows as a >> > guest OS on Host OS(Linux), is it less possible >> > for Windows to get infected by virus ? >> >> No - Make sure you have a good antivirus program on your Windows OS. > > Do you mean to say that windows will get infected > even if it runs as a guest OS on linux OS ? > Strange !! From the network point of view, the Windows machine is just another node on the network, and the GNU/Linux machine will (normally) be its gateway. Even when Windows runs inside a virtual machine context, it still *is* Windows, with all of its vulnerabilities. However, the viruses would only affect the Windows system, not the host operating system. -- *Aragorn* (registered GNU/Linux user #223157) |