Protecting the Windows using Linux
in [Setup]
|
Prev: Intel Graphics Under Debian Lenny (Blank Screen)
Next: Newbie looking for advice on Linux distribution
From: The Natural Philosopher on 13 Feb 2010 11:26 Karthik Balaguru wrote: > Okay, So how can we tweak either VirtualBox or Vmware > and other configurations so that the packets get filtered/scanned > before going to the Guest OS(Windows) . run a mail server obn linux, scan there and pickup from then on. use linux as a proxy web server. Maybe. >
From: spike1 on 13 Feb 2010 12:32 And so it was that in the sacred domain of comp.os.linux.advocacy, Karthik Balaguru <karthikbalaguru79(a)gmail.com> uttered the following pearls of wisdom: > On Feb 13, 12:37�am, "Bill Yanaire, ESQ" <b...(a)yanaire.org> wrote: >> "Karthik Balaguru" <karthikbalagur...(a)gmail.com> wrote in message >> >> news:7386f63f-909d-4ce6-8f4d-55a8ef44c0b0(a)x10g2000prk.googlegroups.com... >> >> > Hi, >> > The internet connection is in Linux (Host OS). >> > I am just eager to know if i have Windows as a >> > guest OS on Host OS(Linux), is it less possible >> > for Windows to get infected by virus ? >> >> No - Make sure you have a good antivirus program on your Windows OS. > > Do you mean to say that windows will get infected > even if it runs as a guest OS on linux OS ? > Strange !! Not really, all a virus is, is data. Different viruses get in in different ways. If, say, it exploits IE to run itself when you land on a certain webpage, then whether you're using IE on windows virtualised on native, it won't make a snot of difference. IF your linux is properly firewalled so nothing else can get in through the back door on your virtual windows that's ONE added layer of protection. >> >> > If Windows crashes, is there a mechanism >> > to recover it from Host OS(Linux) ? >> > Also, is there any mechanism to debug windows >> > from linux ? Any ideas ? >> >> It's best not to use Linux at all if you can help it. >> Ignore him. In that respect at least. Linux is safer. -- | spike1(a)freenet.co.uk | Windows95 (noun): 32 bit extensions and a | | | graphical shell for a 16 bit patch to an 8 bit | | Andrew Halliwell BSc | operating system originally coded for a 4 bit | | in |microprocessor, written by a 2 bit company, that| | Computer Science | can't stand 1 bit of competition. |
From: Lusotec on 13 Feb 2010 13:24 Karthik Balaguru wrote: > (...) If you want to protect Microsoft Windows using GNU/Linux the don't let Windows connect to the Internet directly. Use a proxy HTTP (e.g. squid) and set it up to scan for malware. The same for email. Setup a email server that get the mail from your accounts and scans the email for malware. Malware also moves through IM protocols but I don't know of any IM proxy that scans for malware. The above can be used with MS Windows running on the hardware on in virtual machines. A better solution would be to move to GNU/Linux for all your Internet activities and use MS Windows inside a VM for what ever Windows programs you may need or want to use. Regards.
From: Karthik Balaguru on 13 Feb 2010 15:00 On Feb 13, 9:26 pm, The Natural Philosopher <t...(a)invalid.invalid> wrote: > Karthik Balaguru wrote: > > Okay, So how can we tweak either VirtualBox or Vmware > > and other configurations so that the packets get filtered/scanned > > before going to the Guest OS(Windows) . > > run a mail server obn linux, scan there and pickup from then on. > > use linux as a proxy web server. Maybe. > > I think i need to go in for some content filtering web proxy, and mostly a web proxy that would be based on ICAP . The ICAP(Lightweight HTTP based protocol (RFC3507)) based web proxy can communicate to daemon- based ICAP-based antivirus softwareto anti-virus capabilities and can also remove other malware by scanning incoming content in real time before it enters the network. Extract from RFC 3507 - " ICAP, the Internet Content Adaption Protocol, is a protocol aimed at providing simple object-based content vectoring for HTTP services. ICAP is, in essence, a lightweight protocol for executing a "remote procedure call" on HTTP messages. It allows ICAP clients to pass HTTP messages to ICAP servers for some sort of transformation or other processing ("adaptation"). The server executes its transformation service on messages and sends back responses to the client, usually with modified messages. The adapted messages may be either HTTP requests or HTTP responses. Surrogates or origin servers can avoid performing expensive operations by shipping the work off to other servers instead. This helps distribute load across multiple machines. For example, consider a user attempting to download an executable program via a surrogate (e.g., a caching proxy). The surrogate, acting as an ICAP client, can ask an external server to check the executable for viruses before accepting it into its cache. " So, i think, this is one better way of providing the data from internet to windows(Guest OS) from linux(Host OS). Any other thoughts ? Thx in advans, Karthik Balaguru
From: M0she_ on 13 Feb 2010 15:16
On Sat, 13 Feb 2010 12:00:35 -0800 (PST), Karthik Balaguru wrote: > Any other thoughts ? > > Thx in advans, > Karthik Balaguru Yea. You'll never get a decent answer to your question in comp.os.linux.advocacy because most of the so called Linux "advocates" run Windows. |