Virtual Machine security
I read an interesting snippet from a security researcher the other day.
Apparently one of the recent bits of malware had specific code in it to detect if it was running on a virtual machine. And if so to shut down ASAP. Why? because the author knows that most researchers use VMs to investigate badware, reverse engineer it and come up with signatures that can be added to the AV detection list.
This then begs the question, would we be safer running on a virtual machine all the time? I keep meaning to do this, but never get around to investing the necessary time.
An interesting feature of VMware is the many freely available images you can download and try here. One thing someone pointed out to me that I had’t realised is any of these will run with the free version of VMware Player.
I don’t think Microsoft Virtual PC (also free now) can run them as they are mainly Linux based.
This strikes me as a great way to try out an operating system or product with no commitment, and no installation hassle. Stephane mentioned ages ago about distributing software as an ‘appliance’.
I love the idea, but I’m not clear how realistic it would be for a spreadsheet auditing tool for example. (compared to an xla and ignoring anyone who doesn’t use Excel). I have no idea of the licensing issues, but I assume using open source will be easier than proprietary.
Is anyone else evaluating their use of virtualisation s/w? What are your conclusions?
cheers
Simon
Thursday, 25th October, 2007 at 3:41 am
Hi Simon,
Recently, I got a new laptop which came with Vista pre-installed. Being a bit of a tech keener, I gave it a go, trying to install all the apps I needed for work. I ended up finding out that one will not work on Vista, and another blue-screens it constantly. While I could have wiped the laptop and installed XP, I figured that this would be a pain, as I’d have to try and find drivers for all the stuff that is built in to this machine.
I ended up migrating my old XP workstation into a VMWare image using their converter, and work in that VM every day at work. Vista is a pretty expensive host, granted, but my VM is still faster than my old PC.
For development and testing of apps, I honestly can’t think of a better way. VMWare’s snapshot ability absolutely rocks, and makes it super easy to have a variety of virtual machines at your disposal that you can activate at any time. Honestly, I’m floored that you don’t use it yet.
We’re actually planning to take this one step further next year, virtualizing all of our servers next year. :)
Thursday, 25th October, 2007 at 8:48 am
I’m beging to think about using VM, although i have not looked into it much, I’m not really ure how they work and feel, but i guess i will look into all fo that should i take the put.
What are peoples feelings on system specs to run a decent VM set up?
>>This then begs the question, would we be safer running on a virtual machine all the time?
If everyone ran on VM then it would just be the same for the hackers, No?
Thursday, 25th October, 2007 at 9:04 am
I use Mocha5 http://www.moka5.com/ (a VMware based desktop/USB virtual machine utility) to host a Windows 2000/Excel 2000 image to allow me to test for backward compatibility, I also have an a WindowsNT/Excel 97 image but rarely use it nowadays. I’ve also created a image using the trial versions of Vista and Office 2007 to see what the future holds!
But my real interest is in “virtual dedicated servers”. I’m a big fan of Amazon’s EC2 service (XEN based) and have been using it to test on-demand in-memory OLAP “appliances” (using PALO and SQLite). Such appliances (to use Stephane’s term) could then either be hosted on EC2 (or Scotland’s http://www.flexiscale.com which offers both Windows and Linux VMs) or on a local virtual machine.
Tom
Thursday, 25th October, 2007 at 1:47 pm
Since I have Ubuntu as the host system to all my wmWare’s configurations I work in a ‘virtualized mode’.
When it’s time to show customers the solutions I just copy the relevant configuration to my laptop and off I go.
Except for that, keep in mind that we non-English developers need localized as well as English versions of Excel 97 - 2007. That’s why I’m a happy user of vmWare for the last 5-6 years.
I have one security policy (out of several!) and that’s that no one of the vmWare configurations are allowed to access Internet.
Ross,
You need at least 1 GB RAM to use vmWare in an acceptable way. Of course, the more RAM and the more powerful processor the better.
Kind virtualized regards,
Dennis
Thursday, 25th October, 2007 at 4:07 pm
Dennis
Why no internet for your VMs? couldn’t you use rollbacks? I see there is a minimal web appliance that is a cut down Linux with only the key web bits running.
I think I should go the same way, linux base os plus complete Win VM dev machine, then i can just move from box to box. The only trouble with that is the 30 Gigs of spreadsheet monsters I keep on my dev box. Sounds like a good excuse for a new ipod!
cheers
Simon
Thursday, 25th October, 2007 at 4:50 pm
I have used Virtual PC over the last couple of weeks in order to accurately emulate a client’s install situation - and it works very well. I still have to tweak things because it takes longer than I expected to restart a saved state - but it only became obvious when the client was on the phone and I was trying to quickly answer their question.
The more VM machines, though, the more that need to be updated when there is a change in Office/Windows.
What do people do for AntiVirus protection? I am assuming it is needed on each VM.
–Charlie
Thursday, 25th October, 2007 at 5:46 pm
hmm - maybe its not that secure after all:
http://kerneltrap.org/OpenBSD/Virtualization_Security
oh well!
Thursday, 25th October, 2007 at 8:52 pm
Simon,
>>Why no internet for your VMs?
First of all, I’m a paranoid person. Second, when my present security system was built by a security consult the recommendation was to not have.
>>the 30 Gigs of spreadsheet monsters
C’mon, 30 GB is not that much. I recently updated my NAS so it now has 1 TB (2 x 500 GB).
Charles,
For some time ago I tested VPC 2004 and later 2007 as well. Compared with vmWare all I can say it’s slow, very slow.
Kind regards,
Dennis
Tuesday, 30th October, 2007 at 6:28 am
[...] saw that Ross was a little curious about virtualization at the Smurf on Spreadsheets blog, and figured I’d share my reasons, some experiences, and methods for working with this [...]