Virtual box and security

Questions about virtualization software
Forum rules
Before you post please read how to get help
User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Virtual box and security

Post by Sir Charles » Wed Jan 31, 2018 5:48 am

Mattyboy wrote:Just use a none-persistent ( after you've updated it ) Linux VM for banking if it really concerns you.
Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?

Edit: I am sorry you have already answered that "after you update it". But generally speaking, is an installed OS in virtualbox less vulnerable than the same OS running in the host?
Last edited by Sir Charles on Wed Jan 31, 2018 6:05 am, edited 1 time in total.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 6:06 am

Marziano wrote:Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?
Using a live system for banking is something, what you can often read. IMO a bad advice, as the software is far away from current security patches. Updating the browser would be the very minimum measurement, but in the days of Spectre and Meltdown not enough. And obviously updating the kernel is impossible on a live system.

I wrote already in the past on several places, that this is a not a good advice, nowadays it is a disaster.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 6:22 am

Cosmo. wrote: Using a live system for banking is something, what you can often read. IMO a bad advice, as the software is far away from current security patches. Updating the browser would be the very minimum measurement, but in the days of Spectre and Meltdown not enough. And obviously updating the kernel is impossible on a live system. I wrote already in the past on several places, that this is a not a good advice, nowadays it is a disaster.
Am I right in assuming that an installed OS in VB can be equally vulnerable as the same OS installed already in the host? Or...?
Anyhow what one does within the VB is of importance also here, right?
Last edited by Sir Charles on Wed Jan 31, 2018 6:29 am, edited 1 time in total.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 6:28 am

Marziano wrote:Am I right in assuming that an installed OS in VB is equally vulnerable as the same OS installed already in the host?
Yes.
Marziano wrote:Anyhow what one does within the VB is of importance also here, right?
Can you please rephrase; I don't understand this question.
If you mean, if assumed attacks do also affect the host: Well that depends from several conditions. E. g. if you use a shared ciipboard for host and guest.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 6:35 am

Cosmo. wrote:
Marziano wrote:Anyhow what one does within the VB is of importance also here, right?
Can you please rephrase; I don't understand this question.
If you mean, if assumed attacks do also affect the host: Well that depends from several conditions. E. g. if you use a shared ciipboard for host and guest.
I mean, since even an installed OS in the VB is equally vulnerable as the one in the host, then the same security thinking and measures must be applied even there. Otherwise you are equally exposed to "dangers" even in there.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Mattyboy
Level 6
Level 6
Posts: 1196
Joined: Thu Mar 26, 2015 2:17 pm

Re: Not another Mint anti virus question.

Post by Mattyboy » Wed Jan 31, 2018 6:36 am

Marziano wrote:
Mattyboy wrote:Just use a none-persistent ( after you've updated it ) Linux VM for banking if it really concerns you.
Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?
Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.

This is all kinda moot I trust a bare bones, updated Linux, for security more than any other OS.

I don't even use third party anti virus programs on my Windows. Windows defender, a user account and a properly set up browser and that's it. Never had an issue. There's no replacement for common sense and basic education to avoid falling into traps.

Paranoia to generate income, its a powerful tool. Linux simply isn't Windows.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 6:45 am

Marziano wrote:I mean, since even an installed OS in the VB is equally vulnerable as the one in the host, then the same security thinking and measures must be applied even there. Otherwise you are equally exposed to "dangers" even in there.
Correct. If you use the same OS as host and guest, you have to apply all security fixes on both.

A VB guest has in this regard 2 advantages:
At first VB guests use a virtual hardware which is equal for all. A number of developers use VMs, so they can see there, if their software creates a software. A regression because of different hardware is extremely unlikely.
At second you can create in VB snapshots for the guests. So it is very easy to revert completely, if something should really go wrong. I use this sometimes to do really weird things for experimenting. If I have set a snapshot beforehand and the system gets really unusable I simply revert to the snapshot and I am back in business.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 6:58 am

Mattyboy wrote: Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.
@cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.
By the way, can a system like Tails be an alternative. If I am not mistaken an installed Tails on USB is updatable/upgradable.
I don't even use third party anti virus programs on my Windows. Windows defender, a user account and a properly set up browser and that's it. Never had an issue. There's no replacement for common sense and basic education to avoid falling into traps.

Not me either. I just run occasionally the free edition of Malwarebytes, just in case, for a second opinion kind of and I turned it of when it's down. Common sense and basic education are the keywords here, as you say. One should always be updated, apparently not only the systems need that.
Last edited by Sir Charles on Wed Jan 31, 2018 7:16 am, edited 1 time in total.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 7:13 am

Cosmo. wrote: At second you can create in VB snapshots for the guests. So it is very easy to revert completely, if something should really go wrong. I use this sometimes to do really weird things for experimenting. If I have set a snapshot beforehand and the system gets really unusable I simply revert to the snapshot and I am back in business.
Please correct me if I got it wrong. Everything here applies to what is going on in the VB, no? So you make an snapshot of the machine at a point when everything is stable and fine and the you go on doing all those weird things you do and if/when things go wrong you just restart the machine from the snapshot. Right?
How funny, I just set up my first install of Mint in VB a couple of hours ago this morning, updated with new kernels and all :D
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 7:21 am

You are right.

More technically: If you create a snapshot, VB creates a so called differential drive. The original virtual hard drive does now only get used for reading, all changes get written to the differential drive. If you now revert to the snapshot, the differential drive gets no longer used by VB and so it reads again all from the original virtual hard drive.

Snapshots can get created as often as you want - and as long, as you have enough room on the drive of the host. So you can even go forward and backwards to all existing snapshots.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 7:39 am

Cosmo. wrote:
More technically: If you create a snapshot, VB creates a so called differential drive. The original virtual hard drive does now only get used for reading, all changes get written to the differential drive. If you now revert to the snapshot, the differential drive gets no longer used by VB and so it reads again all from the original virtual hard drive.


So in a sense, one can think of a differential drive as virtual drive within "the" virtual drive, but on that gets annulled when you revert back to a previously made snapshot. That's really cool stuff :D
Snapshots can get created as often as you want - and as long, as you have enough room on the drive of the host. So you can even go forward and backwards to all existing snapshots.

Kind of like choosing to restore to different restore points in Windows for example, right? Or maybe rather more like system images.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Moem
Level 17
Level 17
Posts: 7229
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Not another Mint anti virus question.

Post by Moem » Wed Jan 31, 2018 7:46 am

Gentlefolks, we're getting far beyond the scope of the question. Let's not bore the OP; discussions of virtual machines are fine, but they deserve their own topic.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 7:55 am

You can really see it like a couple of system images. Not as Windows restore points, as a restore point does not revert the user data, an image does of course.

VB can even use write-through drives. Example: You create a separate virtual drive to place home inside, than make it write-through. If you now go back to an stored snapshot this write-through drive does not get reverted. Now it would behave similar to a Windows restore point or as TimeShift in Linux.

P. S. I just saw the post by Moem, which is correct. Can you move those posts to a separate thread (e. g. in the virtualization board)? I think, that the discussion by itself would be worth it.

User avatar
Moem
Level 17
Level 17
Posts: 7229
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Virtual box and security

Post by Moem » Wed Jan 31, 2018 8:05 am

Mod note:
The original thread about online banking security on Mint is here.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Virtual box and security

Post by Sir Charles » Wed Jan 31, 2018 8:23 am

Thank you Moem for making this a topic of its own. It just happened spontaneously.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Mattyboy
Level 6
Level 6
Posts: 1196
Joined: Thu Mar 26, 2015 2:17 pm

Re: Not another Mint anti virus question.

Post by Mattyboy » Wed Jan 31, 2018 9:28 am

Marziano wrote:
Mattyboy wrote: Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.
@cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.
By the way, can a system like Tails be an alternative. If I am not mistaken an installed Tails on USB is updatable/upgradable.
.
Not really an opinion to be fair, more a suggestion or 'making you aware'. I don't do it, I don't feel I need to. I'm comfortable with online banking, making purchases etc on my daily Linux install. I wouldn't do it on my Windows install because I feel less secure ( regardless of if I were running anti virus or not ) .. not to mention M$ know everything I do on that machine and send the telemetry off to the wild. Who knows where, what and to whom?

Just make sure you're updated, using browsers that are reliably updated ( Firefox ) and you see the https padlock symbol on any page you enter private information into.... and that, on Linux, is that.

( installing ppa software and 'stuff from the internet is a whole other security discussion ).

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 11:50 am

Cosmo. wrote: VB can even use write-through drives. Example: You create a separate virtual drive to place home inside, than make it write-through. If you now go back to an stored snapshot this write-through drive does not get reverted. Now it would behave similar to a Windows restore point or as TimeShift in Linux.
This is really interesting! Is this done once you have already installed the guest OS?
I mean.... since this has been my first VM setup, I am at the stage acquainting myself with it. I totally get the idea but I am afraid I don't know how to implement it just yet.

I have just done a "traditional" install of 18.3 and just let Ubiquity take care of everything. Though I did try to create /, /home and swap with Gparted prior to the installation but the installer somehow refused to recognize the partitions which I could't understand why.

The only additional thing was to a have a shared folder with my host. I have this separate "Storage" partition which I wanted to share with the guest and even though it is mounted automatically, it always denies me access. I have to sudo-open it with Thunar.

Now if you can make a separate virtual write-through drive for home, you are free to do as many system restore you want as long as you create those snapshots beforehand and all the while without your home being affected. That's great!

I am beginning to realize that probably a nice set up would be a nicely done host system with as many VMs as the hardware is capable to pull through. Then you are free to do all those weird things without risking any harm to be done to your system. I can't wait!
Of course you already know all that. i am just "thinking aloud".
P. S. I just saw the post by Moem, which is correct. Can you move those posts to a separate thread (e. g. in the virtualization board)? I think, that the discussion by itself would be worth it.
You are so right! I just got carried away in the other thread by all the interesting topics that popped up. AVs, security, vulnerabilities and ... :D
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Not another Mint anti virus question.

Post by Sir Charles » Wed Jan 31, 2018 12:48 pm

Mattyboy wrote:
Marziano wrote: @cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.
Not really an opinion to be fair, more a suggestion or 'making you aware'.
You are right, it was a bit unfortunate wording from my side. I understood Cosmo was pointing out the security risks involved even in such a procedure.
Just make sure you're updated, using browsers that are reliably updated ( Firefox ) and you see the https padlock symbol on any page you enter private information into.... and that, on Linux, is that.
Yes, I've learned to pay attention to these things. One thing that I still have to learn or rather get used to, is to do everything in a new surrounding which is that of Linux.
.. not to mention M$ know everything I do on that machine and send the telemetry off to the wild. Who knows where, what and to whom?
There was this thread viewtopic.php?f=58&t=262833 with the following link to an article on the subject of privacy and/or security:
http://www.zdnet.com/article/meltdown-s ... -contract/

Alarmingly interesting or interestingly alarming read :D
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: Not another Mint anti virus question.

Post by Cosmo. » Wed Jan 31, 2018 4:23 pm

Marziano wrote:This is really interesting! Is this done once you have already installed the guest OS?
This does not care. In practical sense you will do it mostly afterwards. The point is, that you need to have for a VM more than 1 virtual drive. (Having several partitions on the same virtual drive is not enough, as the drive gets set to write through state, not a partition.) The setting gets done in the manager for virtual drives (ctrl-d from the VB manager) via the change icon. third option in the sub-dialog.
Marziano wrote:I have just done a "traditional" install of 18.3 and just let Ubiquity take care of everything. Though I did try to create /, /home and swap with Gparted prior to the installation but the installer somehow refused to recognize the partitions which I could't understand why.
Installing Mint with ubiquity does not work differently in a VM than on bare metal. That means, you go via "something else" in the Mint installer.
Marziano wrote:The only additional thing was to a have a shared folder with my host. I have this separate "Storage" partition which I wanted to share with the guest and even though it is mounted automatically, it always denies me access. I have to sudo-open it with Thunar.
You mean sudoing from the guest?
At first the old story: Never use sudo for launching graphical programs. This will(!) break things in your home.
Second: Don't launch VB Manager or any VM with elevated rights. It will(!) break things.
Third: "Denies access" in which kind? Error messages? Is the user account inside of the guest OS (Linux) member of the group vboxsf? Are the guest additions installed inside of the running guest OS?

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: Virtual box and security

Post by Sir Charles » Wed Jan 31, 2018 4:57 pm

Thanks Cosmo for taking your time and going through all this.
I thought I had at least some stuff under control, now there are more questions than I can answer right now. I'll check things up and will get back to you. Thanks once again
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Post Reply

Return to “Virtualization”