anti virus Anti Virus on Virtual Machine

[Dan~]

My server has anti virus, and I have a virtual machine on that too, is it recommened to install anti virus on the virtual machine aswell?

To me it seems pointless, using more resources for nothing considering the host has the anti virus.

Whats your thoughts?

[Brandon H Supervisor]

no, it's not necessary, the VM is completely isolated from the host as long as you don't have shared folders turned on (even then it's highly unlikely that any virus would know to make use of that)

[AJerman]

That very much depends on what you are using the VM for. The VM can definitely still get a virus. And the VM isn't completely isolated from the host if it's on the same network. You could easily spread the virus back to the host over that network, just like any other two computers on the same network. If it's just a temporary VM that you are going to tear down, or can afford to wipe out and replace if it does get a virus, then maybe you don't care. If it's a VM that's going to stay running and is daily use, you'll probably want to put AV on it. AV on your host has nothing to do with your VM, so treat it as if it is it's own machine.

[Brandon H Supervisor]

^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given

though i definitely agree with you that it also depends on how the VM is being used

[c.grz]

If it's on the network; I suggest you treat it like you would any physical server/workstation on that network.

[AJerman]

^ i was talking completely isolated as in file system wise, the fact that it's still using the same network should (i at least hope) be a given

though i definitely agree with you that it also depends on how the VM is being used

Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network.

[Kami-]

Oh, right, it won't spread from the VM's HDD to the host's HDD. But it can still propagate over the network.

Well actually, if you're using VirtualBox there's an exploit for that... ;)

[AJerman]

Well actually, if you're using VirtualBox there's an exploit for that... ;)

:laugh: Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs?

[sc302 Veteran]

:laugh: Really? I'm really not that surprised. If the files are on the same hard drive, I suppose there's always the possibility. You could say that's what you get for using a free VM. Any issues like that on more trusted VMs?

Most hypervisors are free. vmware, microsoft hyperv, for example are free.

[n_K]

Well actually, if you're using VirtualBox there's an exploit for that... ;)

From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware.

[+John Teacake MVC]

If it's on the network; I suggest you treat it like you would any physical server/workstation on that network.

QFT

[AJerman]

Most hypervisors are free. vmware, microsoft hyperv, for example are free.

From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware.

I actually meant to say open source, not free, but either way, that exploit is obviously much more complex than I originally thought. Judging from what I read, it looks like everyone has it patched by now though.

[Guest]

Treat it like any other machine on the network. The fact that its running virtual means nothing. Its still got a tcp/ip stack and will still have security hole's so best keep it patched as well :rofl:

[cybertimber2008]

It really depends what your host's AV can do. I know at a vmware class I was at last week, they have antivirus plugins (vSphere 5.1) at the hypervisor level which scan and monitor the VMs instead of clients on each VM. Why? To prevent scan storms... you know, when all your VMs suddenly decide to run antivirus scans at the same time and murder your storage and performance... yea.

[Xoligy]

Simple solution, Sandbox.

[the_architect]

From what I remember of the intel advisory that remixedcat posted, it effects hyperV, virtualbox and nearly every other VM system except vmware.

VMWare isn't immune from host->VM viruses, however: https://blogs.vmware.com/workstation/2012/08/crisis-virus-attempts-to-infect-vmware-workstation-or-player-virtual-machines-on-windows.html

[sc302 Veteran]

VMWare isn't immune from host->VM viruses, however: https://blogs.vmware.com/workstation/2012/08/crisis-virus-attempts-to-infect-vmware-workstation-or-player-virtual-machines-on-windows.html

That is vmworkstation not vsphere.

[goretsky Supervisor]

Hello,

Yes. You could download a file over a connection the host OS doesn't scan (SSL) and then would be unable to scan the guest OS for malware from the host OS. It would essentially be a "black box" in terms of the host OS not being able to scan inside of it for threats.

Regards,

Aryeh Goretsky

[the_architect]

That is vmworkstation not vsphere.

I know - I assumed that was what he was referring to as it was not specified which version he meant. The home user is more likely to be using workstation.

[Dan~]

Cool thanks guy, general consensus is too go with AV, so I will.

Thanks

[Phouchg]

More or less proper system and network configuration, firewall, access control and safe browsing practices over antivirus cascade every day.

Antiviruses are reactive measures - a virus must already be inside the system to be detected by one. If there is such a hole, however, anything else can get in, given time.

[f0rk_b0mb]

Just throw MSE on it to be safe.

[n_K]

I upgraded from ESXi 5.0 to 5.1 yesterday and ironically there's an interesting section in the upgrade guide about some modular AV for guests and the host machine, not sure if you need the paid version or just free but it might do exactly as you want, http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf

? VMware vShield EndpointTM ? Delivers a proven endpoint security solution to any workload with an approach that is simplified, efficient, and cloud-aware. vShield Endpoint enables 3rd party endpoint security solutions to eliminate the agent footprint from the virtual machines, offload intelligence to a security virtual appliance, and run scans with minimal impact.

Remixedcat will know more about it.

[+BudMan MVC]

^ you can run endpoint shield vm on esxi - but you can not do it for free. In a nutshell the guest vms hand off the work of scanning and such to a different VM. A central point for all your vms antivirus/malware scanning.

You then only need to update 1 location for new signatures/dats - and work is done on 1 vm vs every vm having to use resources to scan, etc.

This is not something you would normally have available in a "home" lab sort of setup. But if you have budget, and you have enough vms then it does make sense to go this route.

But I do believe that the agent is now part of 5.1 (free) so I guess if you had a FREE dedicated VM appliance that would do the scanning you could do it for free? I would also assume you need vcenter, the few companies I looked at that supply appliances, etc. State you need vcenter - which is not free again.

[n_K]

Sandbox ,which protect your host from virus.A sandbox is use for separating two programs , so that one cannot affect the other. It's a form of security for when there is uncertainty of one program's effect on the other. :)

NO! People assume a sandbox protects them well NO! IT DOES NOT!

Sandbox traps calls and emulates functions, but if someone wants to bypass it then they can and will.

Here's one that targets sandboxie for example http://www.wilderssecurity.com/showthread.php?t=251456

It's good practise to use but do NOT assume it gives you 100% protection or any kind of protection.