Prev: Intel Graphics Under Debian Lenny (Blank Screen)
Next: Newbie looking for advice on Linux distribution
From: Karthik Balaguru on 13 Feb 2010 07:59 On Feb 13, 3:32 pm, Aragorn <arag...(a)chatfactory.invalid> wrote: > On Saturday 13 February 2010 07:18 in comp.os.linux.setup, somebody > identifying as Karthik Balaguru wrote... > > > On Feb 13, 1:13 am, "David W. Hodgins" <dwhodg...(a)nomail.afraid.org> > > wrote: > > >> As with any m$ software, make sure it's protected by > >> a properly configured router. > > > Okay, but it is strange that there is no mechanism/tricks > > in VirtualBox/Vmware to make the packets to flow > > through the host OS to the guest OS ? > > I have no experience with VMWare or VirtualBox, but in my humble > opinion, it should be possible to set up the virtual machine so that it > uses the host OS as a router - I know that Xen supports different types > of networking, so I would imagine this to apply to VMWare or VirtualBox > as well. > It is available ! > Your guest OS will then not have an IP address on the same subnet as the > host OS, though, so the host will have to be set up as a NAT. This > gives you control over the firewalling towards the guest via iptables. > I think, by using the network option(NAT) of virtualbox can provide some protection. But, i do not find clear links that conveys complete virus protection kind of mechanism while sending internet traffic from the Host to Guest OS. Thx in advans, Karthik Balaguru
From: Karthik Balaguru on 13 Feb 2010 08:15 On Feb 13, 5:20 pm, The Natural Philosopher <t...(a)invalid.invalid> wrote: > Karthik Balaguru wrote: > > On Feb 13, 1:13 am, "David W. Hodgins" <dwhodg...(a)nomail.afraid.org> > > wrote: > >> On Fri, 12 Feb 2010 14:36:18 -0500, Karthik Balaguru <karthikbalagur....(a)gmail.com> wrote: > >>> The internet connection is in Linux (Host OS). > >>> I am just eager to know if i have Windows as a > >>> guest OS on Host OS(Linux), is it less possible > >>> for Windows to get infected by virus ? > >> Using VirtualBox, I have xp running as a guest under > >> Mandriva linux, with the network setup as a bridged > >> adapter on eth0. > > >> The guest gets it's own ip address, and the packets > >> going to/from the guest, do not pass through the > >> linux firewall. > > > Okay. > > Another possible thought is disabling the > > internet support in the guest OS. But that would > > be blocking the applications that are running on > > the guest OS to access internet. :-( > > precisely. > > In my setup..I have just switched to Virtualbox .. the ONLY app that > touches the internet is IE6, which I need to test websites. > > I found screen was too slow and networking strangely odd, with VMware. > > all internet related stuff is done under Linux. > > The approach I have taken, is to reduce Windows to the four programs I > need that will only run on it. > > >> From the point of view of the guest os, it's as if it > >> had it's own real network interface card, so it's just > >> as susceptible to network attacks, as it would be if > >> running on native hardware. > > >> As with any m$ software, make sure it's protected by > >> a properly configured router. > > > Okay, but it is strange that there is no mechanism/tricks > > in VirtualBox/Vmware to make the packets to flow > > through the host OS to the guest OS ? > > Oh, I am sure you could use some kind of packet filtering and or virus > scanning..BUT thats not what virtualisation is normally designed to do. > Okay, So how can we tweak either VirtualBox or Vmware and other configurations so that the packets get filtered/scanned before going to the Guest OS(Windows) . Forcing through some firewalls on the Host OS(Linux) would be another thought, but that will not help completely. Is the method of scanning all the packets that arrive at the NIC for virus signatures the only way ? But, that would tremendously slow the system as many virus definitions should be available and it should be done at the level of NIC which inturn loads the NIC heavily. If not at the NIC level, it can be thought of as a separte software that scans all the packets that are going to the Guest OS(Windows) from Host OS(Linux), but i think that would also slow down the system tremendously even though it is independent of NIC. Any thoughts ? > Its not in the business of protecting Windows from its own ghastliness: > It's there to present as clean an interface to windows with as much > speed as possible. Agreed :-) > > FWIW I have Debian install, with fairly late kernels and Virtualbox from > backports. > > Its clean and works better than VMware server or Vmplayer IME.- Hide quoted text - > Thx in advans, Karthik Balaguru
From: Aragorn on 13 Feb 2010 08:32 [Follow-up set to comp.os.linux.setup] On Saturday 13 February 2010 13:59 in comp.os.linux.setup, somebody identifying as Karthik Balaguru wrote... > On Feb 13, 3:32 pm, Aragorn <arag...(a)chatfactory.invalid> wrote: > >> On Saturday 13 February 2010 07:18 in comp.os.linux.setup, somebody >> identifying as Karthik Balaguru wrote... >> >> > On Feb 13, 1:13 am, "David W. Hodgins" >> > <dwhodg...(a)nomail.afraid.org> wrote: >> >> >> As with any m$ software, make sure it's protected by >> >> a properly configured router. >> >> > Okay, but it is strange that there is no mechanism/tricks >> > in VirtualBox/Vmware to make the packets to flow >> > through the host OS to the guest OS ? >> >> I have no experience with VMWare or VirtualBox, but in my humble >> opinion, it should be possible to set up the virtual machine so that >> it uses the host OS as a router - I know that Xen supports different >> types of networking, so I would imagine this to apply to VMWare or >> VirtualBox as well. > > It is available ! The alternative would be to use firewalling at the router level if you opt for bridging. I guess this all depends on the firewalling capabilities of the router. Using the GNU/Linux host operating system as a NAT may provide for a solution if the router doesn't have an adequate firewall, given the flexibility of iptables. >> Your guest OS will then not have an IP address on the same subnet as >> the host OS, though, so the host will have to be set up as a NAT. >> This gives you control over the firewalling towards the guest via >> iptables. > > I think, by using the network option(NAT) of virtualbox > can provide some protection. But, i do not find clear links > that conveys complete virus protection kind of mechanism > while sending internet traffic from the Host to Guest OS. Viruses and network traffic are two different things. Viruses may *use* network connections, but in my humble opinion it would then be far wiser to try and rid the guest of viruses instead of letting the viruses run amok and only block them at the firewall level. And that brings you back to running antivirus software on the guest itself, I'm afraid. -- *Aragorn* (registered GNU/Linux user #223157)
From: David Brown on 13 Feb 2010 10:42 Bill Yanaire, ESQ wrote: > > > "Karthik Balaguru" <karthikbalaguru79(a)gmail.com> wrote in message > news:7386f63f-909d-4ce6-8f4d-55a8ef44c0b0(a)x10g2000prk.googlegroups.com... >> Hi, >> The internet connection is in Linux (Host OS). >> I am just eager to know if i have Windows as a >> guest OS on Host OS(Linux), is it less possible >> for Windows to get infected by virus ? >> > > No - Make sure you have a good antivirus program on your Windows OS. > Running Windows as a guest within Linux will not protect it from viruses as such - you do that by using common sense, and by avoiding risking programs (such as Internet Explorer, Outlook / Outlook Express, and MSN client - use Firefox, Chrome, Opera, etc., instead). If the windows guest is connected to the network through the Linux machine (typically using NAT through the host, rather than bridging) then the Linux machine will act as a solid firewall and protect the Windows guest from worms and network attacks. There are *no* "good" antivirus programs. Anything that runs on-access is a waste of computer resources, and you run a continuous risk that useful or essential files will be blocked as false positives. None of them spot more than a fraction of malware, and none are any good against new threats. Use clamav for on-demand scanning if you need to check specific files (such as downloaded software). So running the Windows machine as a guest on Linux will protect your windows machine to some extent - but no more so than if you simply used a decent hardware firewall on your network. The biggest protection Linux offers here is that you would be using it for most of your browsing and emails, and only using windows for software that has to run under windows. This hugely reduces your chances of getting anything unfortunate on the windows machine. >> If Windows crashes, is there a mechanism >> to recover it from Host OS(Linux) ? If you use Virtual Box, you can take snapshots of your Windows guest - that makes it easy to roll back if you do catch something. It is also easy to boot the virtual machine with a Linux live "cd" (i.e., an .iso file on your disk) for recovery. But the host cannot typically read the guest's virtual disk directly, and therefore your recovery possibilities from the host are limited (though it's possible, depending on the type of virtual disk you are using). >> Also, is there any mechanism to debug windows >> from linux ? Any ideas ? > Debugging windows itself is simply not practical. > It's best not to use Linux at all if you can help it. > It's best to ignore astroturfers if you can help it. Malware is a tiny problem in Linux because of it being a more sturdy design (roughly speaking, Windows is designed to allow everything unless it is explicitly blocked, while *nix is designed to block everything unless it is explicitly allowed. Windows thus aims for ease-of-use for users and developers, but simultaneously gives ease-of-use to malware writers). However, you must remember that it is not immune - malware of various sorts have been created for Linux, and a well configured and well maintained Windows system can be safer than a badly configured and maintained Linux system. >> >> I am planning to use Ubuntu as Host OS and >> Windows Vista as Guest OS and either >> Vmware or VirtualBox (Virtual machines). >> Go for Virtual Box. It's easier, freer, and the free-beer version is a better choice for typical desktop use than VMWare's free-beer version. Pick the free-beer version of Virtual Box rather than the free-speech version - the USB functionality is worth the money.
From: David Brown on 13 Feb 2010 11:11
ToddAndMargo wrote: > > On 02/12/2010 11:36 AM, Karthik Balaguru wrote: <snip> >> I am planning to use Ubuntu as Host OS and >> Windows Vista as Guest OS and either >> Vmware or VirtualBox (Virtual machines). > > I use Virtual Box with CenOS as host. > Guest: Xp, Vista, W7, others. > > Vista is horriale as a guest. Xp and W7 as > well behaved. > I recommend W2K as the best windows version for guest OS's. Typically you use a windows guest for only one or two programs - the OS and its features are of little interest. Since most windows software runs fine on W2K, but often not on previous versions (NT4.0), it makes sense to use the smaller and lighter W2K over XP (and certainly compared to W7). It also saves you from the inconvenience of "activation" (though I assume that you have a valid license for the windows guest...). |