Re: Virtual PC
- From: "VanguardLH" <VanguardLH@xxxxxxxxxxxx>
- Date: Tue, 1 Jan 2008 02:33:29 -0600
"carmen" wrote in message news:gzkej.58176$vd4.33154@xxxxxxxxxxxx
I'm looking to install Virtual PC (XP Pro) on my window which is also XP Pro.
If I was to get some spyware, malware, or a virus on the virtual pc, is there a risk of that infection spreading to the primary OS?
The vast majority of software will be isolated when installed in a VM. However, software can always detect that it is running within a VM. I attended a short seminar (4 hours) on this and was surprised at how easy it is for any software to detect it is running within a VM. Some VMs deliberately try to hide that it is a VM but more sophisticated mechanisms can be used to determine if software is running within a VM, like how many instructions cycles are executed in the processor (more in a VM). If the malware knows it is in a VM, it could, for example, decide to be quiescent under that environment. So you don't know it has nasty effects because it remains dormant under a VM. Your VM should contain all the normal anti-virus, anti-spyware, anti-malware, and other security software that you would use in a layered approach to detect pests. Then make sure to scan the trial software with all your security software to provide some non-absolute assurance that it doesn't contain a pest. Once you install the trial software, make sure to change the date to some far distant time in the future to see if it might trigger on a date (plus it is also a good way to see if that so-called "free" version is actually a time-expiring version that cripples or disables itself).
Virtual PC is handy but it lacks one important feature: the ability to save a snapshot and return to it after trialing some software. You can elect to discard all changes when the VM restarts but many installs require an OS reboot so discarding those install changes means you can't install the product. If you allow VPC to save the changes then you alter your VM from its base or clean state and will have to do the OS reinstall to get a clean copy. VMWare Server is also free and includes a snapshot feature (but only 1 snapshot so you might want to lock it after setting up your base VM to prevent your accidental pollution of it). You could unlock the snapshot to apply updates to Windows or your known good apps and then save another snapshot (you would override the one you get in the free version) and then lock that one to prevent accidental pollution. There is a way to somewhat do the same in VPC: after creating your VM in whatever base state you want to start with, copy the VM directory to a backup path. Then you can delete the current VM directory and copy the backup back to get back to that state. Of course, if you do system/data backups of your host then you could just restore the VM's directory from your backups. After all, if you don't backup your host then you have deemed your files to be trivial or reproducible.
So do you actually have a 2nd license of Windows XP (either a full version or an upgrade that is traceable to a full version that is NOT is inuse) to install in a VM? Since you are running the operating systems concurrently, and because you have to pay Microsoft to use a legitimate copy of Windows, you must have a legit license for Windows on which you run VPC or VMWare Server (i.e., the host OS) plus you need to have a legit license for each instance of Windows that you will be running in a VM (i.e., guest OS). This means you need at least 1 additional license for Windows since to use VPC or VMWare Server to run Windows in a VM means that guest OS is running concurrently with your host OS. However, the Microsoft Police aren't not of sufficient size and force to concern themself with someone who is using a "blue" version of Windows in a VM which is used merely to test new software, windows updates, or other very temporary usage. It is not strictly adhering to their EULA but then few drive under the speed limit on the highways, either.
Otherwise, rather than use a VM to test new software, you could pollute your current production environment with the new software and use something like ShadowSurfer to return the system back to its prior state but that occurs after a reboot and, as I mentioned, many installs require rebooting the OS which means the system state gets restored and you lose the [partial] install. I used to use ShadowSurfer but gave up on it because: (1) It used to be free but isn't anymore (I still have the same 2.5 version but from when it was free); and, (2) Restores the prior system state after a reboot which interferes with installs that require a reboot. ShadowUser is its big brother and was always commercialware. Considering the limitations of ShadowSurfer, it is surprising that they think anyone would pay for it. Microsoft has something very similar called SteadyState (http://www.microsoft.com/protect/products/family/steadystate.mspx). I gave up it very quickly because it was clumsy, poorly documented, and I no longer have it in my download directory to look it up to know its name (but then I already had the free version of ShadowSurfer that did the same thing so I wasn't really motivated to find an alternate free "partition virtualizer" (http://wiki.castlecops.com/System_Partition_Virtualization_-_Comparison).
While using a VM as a guest OS helps isolate new software install in it from polluting your host OS, you are basically letting your working or production OS get polluted and hope that these products remember all the changes and can back them all out. Under VMs, you get an very restricted and antiquated set of emulated hardware. However, when using partition virtualization (i.e., save state), you get to use the full hardware capabilities of your host, like decent video and audio, USB devices, installing drivers to support your [new] hardware, etc. So with a VM, you get safety at the cost of getting stuck with old [emulated] hardware, and with save-state you get to use all of your current hardware's features but risk not being to [exactly] restore to the prior state. So you could start with a VM to trial new software in a guest OS, run all the security scans against it, and, if it is okay there, then reinstall it in your host OS while under the protection of save-state software to see if it behaves any differently there. That is, you graduate out the unknown new software.
You might just go get an disk/partition imaging program and save an image before testing new software. Then when you are done, restore the image to return the system back to the same prior state. As stated, some malware will quiesce when ran under a VM because they know they would get caught there and probably would never get out to your host OS. And how well-layered is your security software that you also put in the VM will determine if it detects if the new software is a pest - but some pests still get by all that security software, even if you use HIPS. Since the PC is a *general* purpose machine, it can never be made absolutely safe for any OS that is ran on it. Not many PC users would want the OS to be in firmware for a single-purpose host that cannot be burned while inside the host and requires removal to use special equipment to alter its code. Users want to install software, not buy and replace chips.
.
- References:
- Virtual PC
- From: \(\( carmen \)\)
- Virtual PC
- Prev by Date: Re: Virtual PC
- Next by Date: Re: Start up error
- Previous by thread: Re: Virtual PC
- Next by thread: Re: Virtual PC
- Index(es):
Relevant Pages
|
