Dan~ Posted October 24, 2012 Share Posted October 24, 2012 My server has anti virus, and I have a virtual machine on that too, is it recommened to install anti virus on the virtual machine aswell? To me it seems pointless, using more resources for nothing considering the host has the anti virus. Whats your thoughts? Link to comment Share on other sites More sharing options...
Brandon H Supervisor Posted October 24, 2012 Supervisor Share Posted October 24, 2012 no, it's not necessary, the VM is completely isolated from the host as long as you don't have shared folders turned on (even then it's highly unlikely that any virus would know to make use of that) Link to comment Share on other sites More sharing options...
AJerman Posted October 24, 2012 Share Posted October 24, 2012 That very much depends on what you are using the VM for. The VM can definitely still get a virus. And the VM isn't completely isolated from the host if it's on the same network. You could easily spread the virus back to the host over that network, just like any other two computers on the same network. If it's just a temporary VM that you are going to tear down, or can afford to wipe out and replace if it does get a virus, then maybe you don't care. If it's a VM that's going to stay running and is daily use, you'll probably want to put AV on it. AV on your host has nothing to do with your VM, so treat it as if it is it's own machine. Link to comment Share on other sites More sharing options...
Brandon H Supervisor Posted October 24, 2012 Supervisor Share Posted October 24, 2012 ^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given though i definitely agree with you that it also depends on how the VM is being used Link to comment Share on other sites More sharing options...
c.grz Posted October 24, 2012 Share Posted October 24, 2012 If it's on the network; I suggest you treat it like you would any physical server/workstation on that network. goretsky, Mando and TPreston 3 Share Link to comment Share on other sites More sharing options...
AJerman Posted October 24, 2012 Share Posted October 24, 2012 ^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given though i definitely agree with you that it also depends on how the VM is being used Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network. Brandon H 1 Share Link to comment Share on other sites More sharing options...
Kami- Posted October 24, 2012 Share Posted October 24, 2012 Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network. Well actually, if you're using VirtualBox there's an exploit for that... ;) goretsky 1 Share Link to comment Share on other sites More sharing options...
AJerman Posted October 24, 2012 Share Posted October 24, 2012 Well actually, if you're using VirtualBox there's an exploit for that... ;) :laugh: Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 24, 2012 Veteran Share Posted October 24, 2012 :laugh: Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs? Most hypervisors are free. vmware, microsoft hyperv, for example are free. Link to comment Share on other sites More sharing options...
n_K Posted October 24, 2012 Share Posted October 24, 2012 Well actually, if you're using VirtualBox there's an exploit for that... ;) From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 24, 2012 MVC Share Posted October 24, 2012 If it's on the network; I suggest you treat it like you would any physical server/workstation on that network. QFT Link to comment Share on other sites More sharing options...
AJerman Posted October 24, 2012 Share Posted October 24, 2012 Most hypervisors are free. vmware, microsoft hyperv, for example are free. From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware. I actually meant to say open source, not free, but either way, that exploit is obviously much more complex than I originally thought. Judging from what I read, it looks like everyone has it patched by now though. Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2012 Share Posted October 24, 2012 Treat it like any other machine on the network. The fact that its running virtual means nothing. Its still got a tcp/ip stack and will still have security hole's so best keep it patched as well :rofl: Link to comment Share on other sites More sharing options...
cybertimber2008 Posted October 24, 2012 Share Posted October 24, 2012 It really depends what your host's AV can do. I know at a vmware class I was at last week, they have antivirus plugins (vSphere 5.1) at the hypervisor level which scan and monitor the VMs instead of clients on each VM. Why? To prevent scan storms... you know, when all your VMs suddenly decide to run antivirus scans at the same time and murder your storage and performance... yea. Link to comment Share on other sites More sharing options...
Xoligy Posted October 24, 2012 Share Posted October 24, 2012 Simple solution, Sandbox. Link to comment Share on other sites More sharing options...
the_architect Posted October 24, 2012 Share Posted October 24, 2012 From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware. VMWare isn't immune from host->VM viruses, however: https://blogs.vmware.com/workstation/2012/08/crisis-virus-attempts-to-infect-vmware-workstation-or-player-virtual-machines-on-windows.html Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 24, 2012 Veteran Share Posted October 24, 2012 VMWare isn't immune from host->VM viruses, however: https://blogs.vmware.com/workstation/2012/08/crisis-virus-attempts-to-infect-vmware-workstation-or-player-virtual-machines-on-windows.html That is vmworkstation not vsphere. Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted October 25, 2012 Supervisor Share Posted October 25, 2012 Hello, Yes. You could download a file over a connection the host OS doesn't scan (SSL) and then would be unable to scan the guest OS for malware from the host OS. It would essentially be a "black box" in terms of the host OS not being able to scan inside of it for threats. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
the_architect Posted October 25, 2012 Share Posted October 25, 2012 That is vmworkstation not vsphere. I know - I assumed that was what he was referring to as it was not specified which version he meant. The home user is more likely to be using workstation. Link to comment Share on other sites More sharing options...
Dan~ Posted October 25, 2012 Author Share Posted October 25, 2012 Cool thanks guy, general consensus is too go with AV, so I will. Thanks goretsky 1 Share Link to comment Share on other sites More sharing options...
Phouchg Posted October 25, 2012 Share Posted October 25, 2012 More or less proper system and network configuration, firewall, access control and safe browsing practices over antivirus cascade every day. Antiviruses are reactive measures - a virus must already be inside the system to be detected by one. If there is such a hole, however, anything else can get in, given time. Link to comment Share on other sites More sharing options...
f0rk_b0mb Posted October 25, 2012 Share Posted October 25, 2012 Just throw MSE on it to be safe. Link to comment Share on other sites More sharing options...
n_K Posted October 27, 2012 Share Posted October 27, 2012 I upgraded from ESXi 5.0 to 5.1 yesterday and ironically there's an interesting section in the upgrade guide about some modular AV for guests and the host machine, not sure if you need the paid version or just free but it might do exactly as you want, http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf ? VMware vShield EndpointTM ? Delivers a proven endpoint security solution to any workload with an approach that is simplified, efficient, and cloud-aware. vShield Endpoint enables 3rd party endpoint security solutions to eliminate the agent footprint from the virtual machines, offload intelligence to a security virtual appliance, and run scans with minimal impact. Remixedcat will know more about it. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 29, 2012 MVC Share Posted October 29, 2012 ^ you can run endpoint shield vm on esxi - but you can not do it for free. In a nutshell the guest vms hand off the work of scanning and such to a different VM. A central point for all your vms antivirus/malware scanning. You then only need to update 1 location for new signatures/dats - and work is done on 1 vm vs every vm having to use resources to scan, etc. This is not something you would normally have available in a "home" lab sort of setup. But if you have budget, and you have enough vms then it does make sense to go this route. But I do believe that the agent is now part of 5.1 (free) so I guess if you had a FREE dedicated VM appliance that would do the scanning you could do it for free? I would also assume you need vcenter, the few companies I looked at that supply appliances, etc. State you need vcenter - which is not free again. Link to comment Share on other sites More sharing options...
n_K Posted October 31, 2012 Share Posted October 31, 2012 Sandbox ,which protect your host from virus.A sandbox is use for separating two programs , so that one cannot affect the other. It's a form of security for when there is uncertainty of one program's effect on the other. :) NO! People assume a sandbox protects them well NO! IT DOES NOT! Sandbox traps calls and emulates functions, but if someone wants to bypass it then they can and will. Here's one that targets sandboxie for example http://www.wilderssecurity.com/showthread.php?t=251456 It's good practise to use but do NOT assume it gives you 100% protection or any kind of protection. Jone11 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts