35 replies to this topic 1 votes

[Dan~]

My server has anti virus, and I have a virtual machine on that too, is it recommened to install anti virus on the virtual machine aswell?

To me it seems pointless, using more resources for nothing considering the host has the anti virus.

Whats your thoughts?

[+Brando212]

no, it's not necessary, the VM is completely isolated from the host as long as you don't have shared folders turned on (even then it's highly unlikely that any virus would know to make use of that)

[AJerman]

That very much depends on what you are using the VM for. The VM can definitely still get a virus. And the VM isn't completely isolated from the host if it's on the same network. You could easily spread the virus back to the host over that network, just like any other two computers on the same network. If it's just a temporary VM that you are going to tear down, or can afford to wipe out and replace if it does get a virus, then maybe you don't care. If it's a VM that's going to stay running and is daily use, you'll probably want to put AV on it. AV on your host has nothing to do with your VM, so treat it as if it is it's own machine.

[+Brando212]

^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given
though i definitely agree with you that it also depends on how the VM is being used

[TheReasonIFailed]

If it's on the network; I suggest you treat it like you would any physical server/workstation on that network.

[AJerman]

Brando212, on 24 October 2012 - 18:42, said:

^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given
though i definitely agree with you that it also depends on how the VM is being used

Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network.

[Kami-]

AJerman, on 24 October 2012 - 19:12, said:

Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network.

Well actually, if you're using VirtualBox there's an exploit for that...

[AJerman]

Kami-, on 24 October 2012 - 19:16, said:

Well actually, if you're using VirtualBox there's an exploit for that...

Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs?

[+sc302]

AJerman, on 24 October 2012 - 19:18, said:

Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs?

Most hypervisors are free. vmware, microsoft hyperv, for example are free.

[n_K]

Kami-, on 24 October 2012 - 19:16, said:

Well actually, if you're using VirtualBox there's an exploit for that...

From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware.

[ChuckFinley]

TheReasonIFailed, on 24 October 2012 - 18:45, said:

If it's on the network; I suggest you treat it like you would any physical server/workstation on that network.

QFT

[AJerman]

sc302, on 24 October 2012 - 20:34, said:

Most hypervisors are free. vmware, microsoft hyperv, for example are free.

n_K, on 24 October 2012 - 20:40, said:

From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware.

I actually meant to say open source, not free, but either way, that exploit is obviously much more complex than I originally thought. Judging from what I read, it looks like everyone has it patched by now though.

[TrekRich]

Treat it like any other machine on the network. The fact that its running virtual means nothing. Its still got a tcp/ip stack and will still have security hole's so best keep it patched as well

[cybertimber2008]

It really depends what your host's AV can do. I know at a vmware class I was at last week, they have antivirus plugins (vSphere 5.1) at the hypervisor level which scan and monitor the VMs instead of clients on each VM. Why? To prevent scan storms... you know, when all your VMs suddenly decide to run antivirus scans at the same time and murder your storage and performance... yea.

[Xoligy]

Simple solution, Sandbox.