From: Karthik Balaguru on
On Feb 13, 3:32 pm, Aragorn <arag...(a)chatfactory.invalid> wrote:
> On Saturday 13 February 2010 07:18 in comp.os.linux.setup, somebody
> identifying as Karthik Balaguru wrote...
>
> > On Feb 13, 1:13 am, "David W. Hodgins" <dwhodg...(a)nomail.afraid.org>
> > wrote:
>
> >> As with any m$ software, make sure it's protected by
> >> a properly configured router.
>
> > Okay, but it is strange that there is no mechanism/tricks
> > in VirtualBox/Vmware to make the packets to flow
> > through the host OS to the guest OS ?
>
> I have no experience with VMWare or VirtualBox, but in my humble
> opinion, it should be possible to set up the virtual machine so that it
> uses the host OS as a router - I know that Xen supports different types
> of networking, so I would imagine this to apply to VMWare or VirtualBox
> as well.  
>

It is available !

> Your guest OS will then not have an IP address on the same subnet as the
> host OS, though, so the host will have to be set up as a NAT.  This
> gives you control over the firewalling towards the guest via iptables.
>

I think, by using the network option(NAT) of virtualbox
can provide some protection. But, i do not find clear links
that conveys complete virus protection kind of mechanism
while sending internet traffic from the Host to Guest OS.

Thx in advans,
Karthik Balaguru
From: Karthik Balaguru on
On Feb 13, 5:20 pm, The Natural Philosopher <t...(a)invalid.invalid>
wrote:
> Karthik Balaguru wrote:
> > On Feb 13, 1:13 am, "David W. Hodgins" <dwhodg...(a)nomail.afraid.org>
> > wrote:
> >> On Fri, 12 Feb 2010 14:36:18 -0500, Karthik Balaguru <karthikbalagur....(a)gmail.com> wrote:
> >>> The internet connection is in Linux (Host OS).
> >>> I am just eager to know if i have Windows as a
> >>> guest OS on Host OS(Linux), is it less possible
> >>> for Windows to get infected by virus ?
> >> Using VirtualBox, I have xp running as a guest under
> >> Mandriva linux, with the network setup as a bridged
> >> adapter on eth0.
>
> >> The guest gets it's own ip address, and the packets
> >> going to/from the guest, do not pass through the
> >> linux firewall.
>
> > Okay.
> > Another possible thought is disabling the
> > internet support in the guest OS. But that would
> > be blocking the applications that are running on
> > the guest OS to access internet. :-(
>
> precisely.
>
> In my setup..I have just switched to Virtualbox .. the ONLY app that
> touches the internet is IE6, which I need to test websites.
>
> I found screen was too slow and networking strangely odd, with VMware.
>
> all internet related stuff is done under Linux.
>
> The approach I have taken, is to reduce Windows to the four programs I
> need that will only run on it.
>
> >>  From the point of view of the guest os, it's as if it
> >> had it's own real network interface card, so it's just
> >> as susceptible to network attacks, as it would be if
> >> running on native hardware.
>
> >> As with any m$ software, make sure it's protected by
> >> a properly configured router.
>
> > Okay, but it is strange that there is no mechanism/tricks
> > in VirtualBox/Vmware to make the packets to flow
> > through the host OS to the guest OS ?
>
> Oh, I am sure you could use some kind of packet filtering and or virus
> scanning..BUT thats not what virtualisation is normally designed to do.
>

Okay, So how can we tweak either VirtualBox or Vmware
and other configurations so that the packets get filtered/scanned
before going to the Guest OS(Windows) .
Forcing through some firewalls on the Host OS(Linux) would
be another thought, but that will not help completely.
Is the method of scanning all the packets that arrive at the NIC
for virus signatures the only way ? But, that would tremendously
slow the system as many virus definitions should be available
and it should be done at the level of NIC which inturn loads the
NIC heavily.

If not at the NIC level, it can be thought of as
a separte software that scans all the packets that are going
to the Guest OS(Windows) from Host OS(Linux), but i think
that would also slow down the system tremendously even
though it is independent of NIC.
Any thoughts ?

> Its not in the business of protecting Windows from its own ghastliness:
> It's there to present as clean an interface to windows with as much
> speed as possible.

Agreed :-)

>
> FWIW I have Debian install, with fairly late kernels and Virtualbox from
> backports.
>
> Its clean and works better than VMware server or Vmplayer IME.- Hide quoted text -
>

Thx in advans,
Karthik Balaguru
From: Aragorn on
[Follow-up set to comp.os.linux.setup]

On Saturday 13 February 2010 13:59 in comp.os.linux.setup, somebody
identifying as Karthik Balaguru wrote...

> On Feb 13, 3:32 pm, Aragorn <arag...(a)chatfactory.invalid> wrote:
>
>> On Saturday 13 February 2010 07:18 in comp.os.linux.setup, somebody
>> identifying as Karthik Balaguru wrote...
>>
>> > On Feb 13, 1:13 am, "David W. Hodgins"
>> > <dwhodg...(a)nomail.afraid.org> wrote:
>>
>> >> As with any m$ software, make sure it's protected by
>> >> a properly configured router.
>>
>> > Okay, but it is strange that there is no mechanism/tricks
>> > in VirtualBox/Vmware to make the packets to flow
>> > through the host OS to the guest OS ?
>>
>> I have no experience with VMWare or VirtualBox, but in my humble
>> opinion, it should be possible to set up the virtual machine so that
>> it uses the host OS as a router - I know that Xen supports different
>> types of networking, so I would imagine this to apply to VMWare or
>> VirtualBox as well.
>
> It is available !

The alternative would be to use firewalling at the router level if you
opt for bridging. I guess this all depends on the firewalling
capabilities of the router. Using the GNU/Linux host operating system
as a NAT may provide for a solution if the router doesn't have an
adequate firewall, given the flexibility of iptables.

>> Your guest OS will then not have an IP address on the same subnet as
>> the host OS, though, so the host will have to be set up as a NAT.
>> This gives you control over the firewalling towards the guest via
>> iptables.
>
> I think, by using the network option(NAT) of virtualbox
> can provide some protection. But, i do not find clear links
> that conveys complete virus protection kind of mechanism
> while sending internet traffic from the Host to Guest OS.

Viruses and network traffic are two different things. Viruses may *use*
network connections, but in my humble opinion it would then be far
wiser to try and rid the guest of viruses instead of letting the
viruses run amok and only block them at the firewall level.

And that brings you back to running antivirus software on the guest
itself, I'm afraid.

--
*Aragorn*
(registered GNU/Linux user #223157)
From: David Brown on
Bill Yanaire, ESQ wrote:
>
>
> "Karthik Balaguru" <karthikbalaguru79(a)gmail.com> wrote in message
> news:7386f63f-909d-4ce6-8f4d-55a8ef44c0b0(a)x10g2000prk.googlegroups.com...
>> Hi,
>> The internet connection is in Linux (Host OS).
>> I am just eager to know if i have Windows as a
>> guest OS on Host OS(Linux), is it less possible
>> for Windows to get infected by virus ?
>>
>
> No - Make sure you have a good antivirus program on your Windows OS.
>

Running Windows as a guest within Linux will not protect it from viruses
as such - you do that by using common sense, and by avoiding risking
programs (such as Internet Explorer, Outlook / Outlook Express, and MSN
client - use Firefox, Chrome, Opera, etc., instead). If the windows
guest is connected to the network through the Linux machine (typically
using NAT through the host, rather than bridging) then the Linux machine
will act as a solid firewall and protect the Windows guest from worms
and network attacks.

There are *no* "good" antivirus programs. Anything that runs on-access
is a waste of computer resources, and you run a continuous risk that
useful or essential files will be blocked as false positives. None of
them spot more than a fraction of malware, and none are any good against
new threats. Use clamav for on-demand scanning if you need to check
specific files (such as downloaded software).

So running the Windows machine as a guest on Linux will protect your
windows machine to some extent - but no more so than if you simply used
a decent hardware firewall on your network.

The biggest protection Linux offers here is that you would be using it
for most of your browsing and emails, and only using windows for
software that has to run under windows. This hugely reduces your
chances of getting anything unfortunate on the windows machine.

>> If Windows crashes, is there a mechanism
>> to recover it from Host OS(Linux) ?

If you use Virtual Box, you can take snapshots of your Windows guest -
that makes it easy to roll back if you do catch something.

It is also easy to boot the virtual machine with a Linux live "cd"
(i.e., an .iso file on your disk) for recovery. But the host cannot
typically read the guest's virtual disk directly, and therefore your
recovery possibilities from the host are limited (though it's possible,
depending on the type of virtual disk you are using).

>> Also, is there any mechanism to debug windows
>> from linux ? Any ideas ?
>

Debugging windows itself is simply not practical.

> It's best not to use Linux at all if you can help it.
>

It's best to ignore astroturfers if you can help it.

Malware is a tiny problem in Linux because of it being a more sturdy
design (roughly speaking, Windows is designed to allow everything unless
it is explicitly blocked, while *nix is designed to block everything
unless it is explicitly allowed. Windows thus aims for ease-of-use for
users and developers, but simultaneously gives ease-of-use to malware
writers). However, you must remember that it is not immune - malware of
various sorts have been created for Linux, and a well configured and
well maintained Windows system can be safer than a badly configured and
maintained Linux system.

>>
>> I am planning to use Ubuntu as Host OS and
>> Windows Vista as Guest OS and either
>> Vmware or VirtualBox (Virtual machines).
>>

Go for Virtual Box. It's easier, freer, and the free-beer version is a
better choice for typical desktop use than VMWare's free-beer version.
Pick the free-beer version of Virtual Box rather than the free-speech
version - the USB functionality is worth the money.
From: David Brown on
ToddAndMargo wrote:
>
> On 02/12/2010 11:36 AM, Karthik Balaguru wrote:
<snip>
>> I am planning to use Ubuntu as Host OS and
>> Windows Vista as Guest OS and either
>> Vmware or VirtualBox (Virtual machines).
>
> I use Virtual Box with CenOS as host.
> Guest: Xp, Vista, W7, others.
>
> Vista is horriale as a guest. Xp and W7 as
> well behaved.
>

I recommend W2K as the best windows version for guest OS's. Typically
you use a windows guest for only one or two programs - the OS and its
features are of little interest. Since most windows software runs fine
on W2K, but often not on previous versions (NT4.0), it makes sense to
use the smaller and lighter W2K over XP (and certainly compared to W7).
It also saves you from the inconvenience of "activation" (though I
assume that you have a valid license for the windows guest...).