Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Do I gain any security by running my distro within a local VM?

  1. #1
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Question Do I gain any security by running my distro within a local VM?

    Hi Everyone: Is there any general opinion on the security of the various VM's discussed in this forum? The linked article (below) is an example for VBox, which I have been using for years. My goal is to protect my personal data on main computer by "sandboxing" (I'm not sure that's the right term) the entire OS in a VM, but I don't really know enough about computers to know if that offers any extra security. For instance, I remember that some (all?) VM's report to at least some applications that they are indeed executing within a VM - so a worm within the VM could then know to hack the Host kernel (see article). So am I really gaining any protection by running my main computer within a VM sitting on top of my Host OS? (in this case, LEAP 15.1)
    https://www.zdnet.com/article/virtua...ed-researcher/

    Specificially, I'm wondering if Xen or KVM are known to be any more secure than VMW and VBox.

    Thanks, PattiM

  2. #2
    Join Date
    Jul 2018
    Location
    Loma Linda, Mo
    Posts
    153

    Default Re: Do I gain any security by running my distro within a local VM?

    The easy fix for Virtualbox is to change the network card from Intel E1000 to the PCI-net adapter.
    The hole is in the Intel 1000 Vbox guest code. The example uses a defective buffer to overflow and execute his Vbox hole code (the stuff that the shared buffer code uses to go from the guest to the host as root).
    The application would have to have access to do it. you would have to allow an install of a bad firefox or chromium extension to allow this or download a program with the sample code in it.
    All virtual os schemes that are run under and OS (windows or linux) have the same potential problems. Only running a virtual system as the OS (VMware) makes this exploit less likely as VMware does not show their source code.
    Hopefully a replacement kernal module for the VBox Intel E1000 file will be out soon and that issue will go away.
    Full offline backups are the only sure protection from malware.
    A good backup and tested restore is a must. Run it until it works. I have a copy of the blkid's of all my drives in the backup so that I can set the uuid's of the replacement drives like the original drive so that grub and linux do not see any differences from the original and the restored copy.
    Opensuse 15.1 with VirtualBox VM's (Windows 98, XP, 7, 8.1, 10 & OpenSUSE 15.0)

    Unix since 1974 (pdp-11 in "B" , Interdata 7/32 in "C") (AT&T, Tandy, Convergent, IBM, NCR, HP flavors)
    Linux since 1995 (mandrake, redhat, fedora, centos, now OpenSUSE)

  3. #3
    Join Date
    Jul 2018
    Location
    Loma Linda, Mo
    Posts
    153

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by [URL
    https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/[/URL]

    Specificially, I'm wondering if Xen or KVM are known to be any more secure than VMW and VBox.

    Thanks, PattiM
    That is almost 2 years old and probably has been fixed by now.
    Opensuse 15.1 with VirtualBox VM's (Windows 98, XP, 7, 8.1, 10 & OpenSUSE 15.0)

    Unix since 1974 (pdp-11 in "B" , Interdata 7/32 in "C") (AT&T, Tandy, Convergent, IBM, NCR, HP flavors)
    Linux since 1995 (mandrake, redhat, fedora, centos, now OpenSUSE)

  4. #4
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by larryr View Post
    That is almost 2 years old and probably has been fixed by now.
    Well, I know it's an old article (but what new day-zero exploit will show up?) - my point was, is running your main computer "sandboxed" (if that's the right term) in a virtual machine any more secure than running it on the bare metal?

  5. #5
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by larryr View Post
    The easy fix for Virtualbox is to change the network card from Intel E1000 to the PCI-net adapter.
    The hole is in the Intel 1000 Vbox guest code. The example uses a defective buffer to overflow and execute his Vbox hole code (the stuff that the shared buffer code uses to go from the guest to the host as root).
    The application would have to have access to do it. you would have to allow an install of a bad firefox or chromium extension to allow this or download a program with the sample code in it.
    All virtual os schemes that are run under and OS (windows or linux) have the same potential problems. Only running a virtual system as the OS (VMware) makes this exploit less likely as VMware does not show their source code.
    Hopefully a replacement kernal module for the VBox Intel E1000 file will be out soon and that issue will go away.
    Full offline backups are the only sure protection from malware.
    A good backup and tested restore is a must. Run it until it works. I have a copy of the blkid's of all my drives in the backup so that I can set the uuid's of the replacement drives like the original drive so that grub and linux do not see any differences from the original and the restored copy.
    Thanks for the excellent reply. But any thoughts about my main question? Is running in a VM safer than running on bare metal? It seems easier to back up everything in a VM (just back up the VM) but is it less vulnerable to the ever-increasing malware storm out there?

  6. #6
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    28,124
    Blog Entries
    15

    Default Re: Do I gain any security by running my distro within a local VM?

    Hi
    To be honest, in your case I don't think it makes a difference, good backups of your data on and off-site, along with a restore plan (test it!) is all you should need. More power on bare-metal, less things to maintain as well I only backup data, re-installing the OS if required doesn't take long these days.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  7. #7
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    To be honest, in your case I don't think it makes a difference, good backups of your data on and off-site, along with a restore plan (test it!) is all you should need. More power on bare-metal, less things to maintain as well I only backup data, re-installing the OS if required doesn't take long these days.
    Hi Malcom! I hope you're well. I agree - bare metal is bestest. But since I've been following Krebs and Schneier and seeing linux rootkits on the rise (and added to malware), I've been worried about my home network being compromised in the months/years to come. If that happens I can see two outcomes (there may be more) - hard drive encrypt/ransom and/or the installation of a rootkit+malware. If the former, I could just restore a VM without even needing to reinstall (assuming the VM is secure - which was my original question). If the latter (rootkit) - well, I'm not sure what would happen - but at least my bare metal install would be (more or less) protected from the rootkit, assuming the VM successfully blocks rk's access to the bare metal.

    Best,
    PattiM

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,025
    Blog Entries
    2

    Default Re: Do I gain any security by running my distro within a local VM?

    Historically, there may be 3 vulnerabilities I'm aware of similar to what what is described where isolation between Guests or Guest and Host has happened, and not more than once for the given virtualization technology. The Virtualbox incidents are likely special due to its connection to Oracle despite Virtualbox's relative autonomy... Oracle has a long history of not addressing vulnerabilities in numerous products, the most notorious not addressing common SQL injection attacks for over a decade on it's flagship Oracle Database product (Oracle's position is that you're supposed to put a firewall in front).

    In every other incident I'm aware of, the problem was patched immediately and distributed within a couple weeks and this was when patches commonly took a month or longer to be tested sufficiently for release.

    I don't know that problem exists today, especially since it should be rare for anyone to still be running VBox 5.x

    Bottom line, most/all virtualization takes security very seriously and major issues much less issues not given highest priority is almost unheard of (Unless you're Oracle)
    That said, always be aware of User mistakes in setup and configuration that will compromise security.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    28,124
    Blog Entries
    15

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by PattiMichelle View Post
    Hi Malcom! I hope you're well. I agree - bare metal is bestest. But since I've been following Krebs and Schneier and seeing linux rootkits on the rise (and added to malware), I've been worried about my home network being compromised in the months/years to come. If that happens I can see two outcomes (there may be more) - hard drive encrypt/ransom and/or the installation of a rootkit+malware. If the former, I could just restore a VM without even needing to reinstall (assuming the VM is secure - which was my original question). If the latter (rootkit) - well, I'm not sure what would happen - but at least my bare metal install would be (more or less) protected from the rootkit, assuming the VM successfully blocks rk's access to the bare metal.

    Best,
    PattiM
    Hi
    I'm doing well, thanks for asking I guess it all depends on how your network/shared drives are used, data that you only need access to, mount on the fly (I use sftp), or make backups and then set to read-only for access?

    My setup these days is using qemu, separate sata controller, SSD's and nvidia gpu's for my test machines, so aside from cpu and ram completely isolated, the sata controller and drive is not visible to the host system after boot or when it's running, gpu gets added at the time I start the qemu machine. Then it's just another machine on the network, I guess I could isolate the network card as well as it runs as a tap device.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  10. #10
    Join Date
    Jun 2008
    Location
    Prescott, AZ
    Posts
    1,191

    Default Re: Do I gain any security by running my distro within a local VM?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    I'm doing well, thanks for asking I guess it all depends on how your network/shared drives are used, data that you only need access to, mount on the fly (I use sftp), or make backups and then set to read-only for access?

    My setup these days is using qemu, separate sata controller, SSD's and nvidia gpu's for my test machines, so aside from cpu and ram completely isolated, the sata controller and drive is not visible to the host system after boot or when it's running, gpu gets added at the time I start the qemu machine. Then it's just another machine on the network, I guess I could isolate the network card as well as it runs as a tap device.
    It's all about what you're good at. I'm still reading the Linux Network Admin's Guide from 20 years ago. Ugh - I made the mistake of trying to upgrade VBox on my machine to try out my idea and LEAP won't let me build the kernel modules. Time to start a new thread...

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •