VMware on Linux box more secure than just M$ OS by itself?

Would running a Windows OS in a VMware session on a Linux box be any more
or less secure than if I ran the same PC with just the Windows OS? Would
the fact that I am running this OS on a Linux based host help or not, when
it comes to security and protection from outside network threats? Not
worried about it being slower, the system needing more RAM, etc., it's just
the security point of view that I am interested in. TIA.

Press Ctrl-Alt-Del Now

* Press Ctrl-Alt-Del Now <>:
> Would running a Windows OS in a VMware session on a Linux box be any more
> or less secure than if I ran the same PC with just the Windows OS? Would
> the fact that I am running this OS on a Linux based host help or not, when
> it comes to security and protection from outside network threats? Not
> worried about it being slower, the system needing more RAM, etc., it's just
> the security point of view that I am interested in. TIA.

No, its still windows and open to its flaws and perks. I know of one
person who was running windows in vmware on linux and got himself a
trojan through kazaa and watched the script kiddie mucking up his
windows install.

Jason

Jason

Press Ctrl-Alt-Del Now wrote:
> *Would running a Windows OS in a VMware session on a Linux box be an
> more
> or less secure than if I ran the same PC with just the Windows OS?
> Would
> the fact that I am running this OS on a Linux based host help or not
> when
> it comes to security and protection from outside network threats?
> Not
> worried about it being slower, the system needing more RAM, etc.
> it's just
> the security point of view that I am interested in. TIA. *

VMware emulates. It is still windows running on windows, just with a
additional emulated layer. Moral of the story, external *ni
firewall?

Cheer


-
soulja
-----------------------------------------------------------------------
Posted via http://www.forum4designers.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message134265.htm

souljah

"Press Ctrl-Alt-Del Now" <> wrote in message
news:Xns949A8658B216C3fingermssolutionreb@140.99.9 9.130...
> Would running a Windows OS in a VMware session on a Linux box be any more
> or less secure than if I ran the same PC with just the Windows OS? Would
> the fact that I am running this OS on a Linux based host help or not, when
> it comes to security and protection from outside network threats? Not
> worried about it being slower, the system needing more RAM, etc., it's
just
> the security point of view that I am interested in. TIA.

If it's emulating things properly, then the answer's "exactly the same".

OTOH, if someone thinks it's a honeypot then they'll either a) leave it
alone, or b) make it a matter of personal pride to kill the installation and
not get caught in the process..

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Hairy One Kenobi

On Wed, 25 Feb 2004 21:12:24 GMT, "Press Ctrl-Alt-Del Now"
<> wrote:

>Would running a Windows OS in a VMware session on a Linux box be any more
>or less secure than if I ran the same PC with just the Windows OS?

My primary machine is set up this way. The Windows VMware sessions are not
intrinsically any more secure than straight Windows, but you have additional
options and restrictions not readily available in straight Windows.

First any compromise is limited to the VM session and not your entire drive
and base machine, assuming you didn't give the VM session global access.

You can keep rotating copies of your VM images. If a Windows disaster occurs,
it's only minutes to nuke the entire image and duplicate the previous copy. If
you catch it right away, you can even revert to the previous start state.

Multiple VM images are especially useful if you're messing with malicious
code. "Sure I know what I'm doing. Oops!" Nuke the image and start again.

Another difference is that when a file is deleted in VMware, it's gone!
There's no undeleting it because it doesn't actually exist as an unlinked disk
sector. Vmware tracks it virtually and the actual disk structure is a complex
file. The side effect of this is that most disk managers or editors not only
don't work, they can mess you up royally.

There are of host of other potential differences depending on how you set it
up. For example you can have it NATing through the Linux host. This
automatically blocks externally initiated connections to your NAT'd VM
session. You can also set up iptables on the host Linux system for additional
control.

Dave

On Sun, 29 Feb 2004 20:37:45 -0500, Dave wrote:

> On Wed, 25 Feb 2004 21:12:24 GMT, "Press Ctrl-Alt-Del Now"
> <> wrote:

>>Would running a Windows OS in a VMware session on a Linux box be any
>>more or less secure than if I ran the same PC with just the Windows OS?

> There are of host of other potential differences depending on how you
> set it up. For example you can have it NATing through the Linux host.
> This automatically blocks externally initiated connections to your NAT'd
> VM session. You can also set up iptables on the host Linux system for
> additional control.

I currently use this and it's been most helpful, though it's not perfect.
Any VPN software on your windows partition will create a routable address
on your machine. One would hope that this address is protected somehow,
but that's not always the case. I often joke at work that my Windows VM is
more vulerable to attack from the internal network when I VPN into work
than when I'm on the LAN.

Bridging, while useful in some regards, is the riskiest thing you can do
to your VM from an external attack perspective. That interface is on the
network and nothing about your Linux host will protect you.

Back before NAT, I used a host only interface and proxied all of my
connections. That was the safest method and the most robust. It was just a
pain to configure so now I NAT and firewall on the host.

The obscurity afforded through VMWare is nice, but it's not a complete
protection. Outbound connections off the box are targets, as are
downloaded data executed and read locally.

--
-Brian James Macke
"In order to get that which you wish for, you must first get that which
builds it." -- Unknown

Brian Macke