This recent Mac/virus thread got me thinking about browsing security. If I set up Ubuntu to run as a virtual machine (using the steps outlined here and other places), load up an updated version of FireFox and surf around, am I virtually (heh) immune to malicious website-based code? Assuming that I stumble upon a site that exploits an Ubuntu/FF vulnerability, could it escape the VM and cause havoc to my “regular” system?
Since it would be easily re-installed and only-for-casual-surfing (e.g. the Dope), do I need to make sure I keep it updated and patched? Are there security concerns? Would it be wise to run Adblock only and forget NoScript?
You would be doing a very smart thing. Don’t set up any shared folders (used to transfer files into/out of a VM) and you will be fine. You should update the VM regularly and then snapshot it for rapid reversion in case of problems, or use a read-only Live Image (like a CD-ROM bootable image).
Sorry to bother, but I just thought of something else: At the moment I have an old 500GB HDD in my machine that I had has a full Ubuntu install. I’d parted out an older Ubuntu box, had the extra drive around when I built my current Win machine, and stuck it in there assuming someday I’d reformat. I never needed the space and so it’s still sitting there just like I yanked it a year or so ago.
Before I go though downloading a new image, can I get the ‘add new machine’ routine to look there? But since it’s not readable by Windows, it can’t see it. Hmm… maybe I should just do a regular install then post if I need to about navigating Ubuntu to that drive.
Depends on your VM - most will let you point the new VM at partitions, but the boot menu (grub2) may need to be edited to reflect the new paths. Easier to start again, plus your install will be more up-to-date.
There’s a handful of particularly nasty malwares that can actually determine if they’re being run on a VM, using methods I don’t understand (a professor who studies malware described it to me), and “escape.” This is mostly used to screw with researchers who study malware in VMs, hoping they can infect the careless ones who don’t have a dedicated, isolated lab machine or something.
However, these are very, very rare and you’d probably be completely safe.
It sounds like I’d have a much greater chance of running into a site that takes out my Win7 box than escapes the Ubuntu/VM setup. I imagine keeping Ubuntu updated will limit that further, as would running NoScript anyway (even if not for safety, I don’t like Doubleclick or Facebook running code on every site I visit).
But for the cost of some installation (which as a wanabee-geek I find some flavour of fun in anyway), it seems like it will change nothing. For work and “serious” downloading I can still use the regular FF; for anything else there’s the Ubuntu window. From what I’m hearing, it would live up to the generic condom ad’s ‘you’ll never notice it’s there’ concept several orders of magnitude better.
Reassuringly, when actual malware employs VM-detection at all, overwhelmingly, the most common aim is to simply terminate the malware. (The rationale for this is that it makes its behaviour more difficult for security analysts to observe, thereby extending the window of vulnerability for the malware and extending its spread.)
I am aware of some documented vulnerabilities in some versions of VMWare which might potentially allow execution of code on the host machine, but have not heard of any actual exploits spotted in the wild - and (to return to a theme familiar from the referenced thread) there isn’t any practical incentive for malware authors to go this route.
Don’t forget that the target OS for any malware would be Linux, so there’s even less incentive.
I’ve actually taken this one step further in the past: I ran Wine in the Linux VM. I didn’t have a license for an actual Microsoft OS, and I needed to test a Windows only feature. Now I mostly use Sandboxie.
BTW, do note that Netflix will not run in neither your configuration, nor mine. The DRM portion of Silverlight will not be ported. Netflix is having to write their own software to work on Linux boxes.
Indeed, usually the malware just detects the VM and goes into hiding. My professor was describing one nasty one that COULD escape, but it had other really annoying bells and whistles too (self modifying code for obfuscation, for instance). However, I think it’s the sort of thing you have to try and find.
VM’s are awesome indeed for this sort of thing – set one up just for your browsing pleasure, and whenever it gets trashed, simply delete it and start over. As others say, VM’s run is a reasonably well-isolated sandbox and tend not to trash the host OS. I’ve been using VM’s for a while for CS classes. (And my host OS is Ubuntu besides.) You can even run Windows Server with Active Directory in a VM like this, and use it to serve your home LAN (at least for playing around with).
Warning about doing snapshots now and then, let alone regularly: They tend to consume BEAUCOUP disk space! If your VM is just for browsing, I say don’t bother. Just back up your entire VM folder once in a while to a memory stick or somewhere, if even that.
Besides VMWare, there is also Virtual Box by Oracle (originally by Sun). There’s a freeware version you can get!
Do I sound different? I’m inside a VM. Is there an echo? Technicolors? Anyone see Tron?
So had a couple hiccups with Windows VM so went with Oracle’s VirtualBox and** poof**, here I am—Ubuntu 11.10. Large change from 6.x I was used to. It went shockingly smoothly—I can copy/paste text and see/login to an NAS for file transfer, and even my mouse shortcuts work! I now have a Windows FF window open for work-related stuff and a VM window open for the Dope and other fluffery.
Security-wise, it’s not that I’m planning on doing anything nefarious or risky per se. But I use this machine for work and it would be nice to not be so paranoid about browser security (e.g. not opening any shortened urls). The initial seed was ending up with 18 GB of RAM and wondering what to do with it. One of the suggestions I received here was to install a few VMs, so here I am.
Now that it’s up and running, is there any way to utilize the installed old Linux-formatted HDD? Windows Disk Manager can see it but can only delete the volume. I’d love to be able to use the VM to access it—can I? Any way to move the bulk of the OS files there to minimize the space on my regular data drive?
I guess that’s a bit out of scope of my original question—I’ll probably be posting a new thread shortly.
Glad VirtualBox is working for you - we use it all the time. Our laptops are Ubuntu, and we use VirtualBox for Windows-specific software.
You might like to look at another (Windows) VM for your work setup (if it is amenable) - you get the snapshot functionality and additional security.
As I said, you should be able to use your old linux disk - in the VirtualBox console you should be able to add partitions to a VM, not just VMDK. Notes here.
