LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-27-2012, 06:02 AM   #1
o12357
LQ Newbie
 
Registered: Jun 2009
Posts: 5

Rep: Reputation: 0
security of virtual linux guest on windows host


hi. if i install a linux guest on windows host in a virtualised environment (qemu for example), will any malware that might already exist on the windows host have access to the virtualised linux, or will the new virtualised environment be safe?

for example, if the host have some malware that i am not aware of that tracks keystrokes, will any password i type in a browser in the virtualised linux be vulnerable?

thanks

Last edited by o12357; 05-27-2012 at 06:03 AM. Reason: p.s.
 
Old 05-27-2012, 07:21 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
While I don't grok Windows like I grok Linux virtualization services like QEmu, VMware, etc, etc depend on services and drivers loaded by the OS so given that interception and subversion in Windows can occur in different places and at different levels so my answer to that is "it depends". If you would for example have a password-stealing trojan loaded in Windows and you would have installed say Joomla in QEmu then accessing the guest over FTP might leech your credentials. Likewise if you would have a keylogger installed key sequences are still routed like physical keyboard -> Windows keyboard driver -> OS -> virtualization service -> guest. So IMHO this essentially is not a Linux but a Windows-related question. Additionally if your intent is to "have something safe" on a known infested host then I'd suggest you don't proceed but clean up the host instead.
 
1 members found this post helpful.
Old 05-27-2012, 07:52 AM   #3
o12357
LQ Newbie
 
Registered: Jun 2009
Posts: 5

Original Poster
Rep: Reputation: 0
thanks for the reply unSpawn.
i do appreciate that the situation i am describing is far from ideal.
the reason i am proceeding with this line of thinking is that i do not know how to verify that a windows machine is clean, and i was wondering if i can create a relatively malware free environment for activities such as internet shopping by setting up a virtualised linux in qemu on windows host. i am aware of the fact that simply running linux is a much better solution. this is what i do on my own machines. but i have some family members that only use windows, so i am trying to make things safer.

Last edited by o12357; 05-27-2012 at 07:53 AM. Reason: mistake
 
Old 05-27-2012, 09:30 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by o12357 View Post
i have some family members that only use windows, so i am trying to make things safer.
If they're accustomed to using Windows then Linux might just be alien to them. Windows can be hardened to some extent, remove Java, remove Adobe or Macromedia PDF viewer, avoid web, email and such natively provided applications, choose anti-malware and antivirus tools, make backups, if you have a spare machine you could set it up as a scanning proxy (HAVP?) and allow them access to it but most of all it's behavioral discipline: set to update everything automatically and don't visit / click anything that is highly attractive in a "too good to be true" way or dodgy.
 
1 members found this post helpful.
Old 05-27-2012, 06:04 PM   #5
jefro
Guru
 
Registered: Mar 2008
Posts: 11,965

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
The vm is no more at risk than any other lan connected computer for the most part.

It is generally considered to be safe running a linux VM on a windows host. The same issues that plague any system is the way malware can access OS's. Since you don't have tools like guest additions in qemu it is safe from some attacks. Qemu does allow you to mount a sub directory that could expose the OS to some harm.

A more secure way may be to boot to a live cd/dvd that doesn't mount the hard drive. I am not sure if this has been attacked yet but may be one of the more secure ones. http://www.spi.dod.mil/lipose.htm
 
1 members found this post helpful.
Old 05-27-2012, 09:56 PM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,311

Rep: Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040
Can you get enough disk space to dual boot Linux instead? That should avoid most MS nasties?
If its only basic stuff like shopping/banking, you shouldn't need very much disk space.
 
1 members found this post helpful.
Old 05-29-2012, 04:42 AM   #7
o12357
LQ Newbie
 
Registered: Jun 2009
Posts: 5

Original Poster
Rep: Reputation: 0
thanks all for your replies.

i am going to stick with the vm solution as internet kiosk only.
if i understand correctly, this should avoid many of the threats that the windows host might be exposed to. better then nothing.
as for dual boot and live solutions, even though they are much better, i want to keep it as simple as possible for the users, as my family are not used to anything beyond basic windows use.
 
  


Reply

Tags
linux, security, virtual, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Virtual machine windows xp as host OS and Fedora as guest OS Ajit Gunge Linux - Software 3 04-23-2012 09:25 AM
Linux guest on Windows XP host, security-wise which preferred - vbox or vmware? php5er Linux - Virtualization and Cloud 3 04-18-2011 03:50 AM
Linux host with windows guest virtual box Hioushi Linux - Virtualization and Cloud 8 02-17-2011 06:35 PM
How to log in as root in Guest OS Linux Mint on host Windows Vista using virtual box apanimesh061 Linux - Software 3 11-01-2010 01:03 PM
windows7 host, virtual box linux guest, trying to do samba glorsplitz Linux - Networking 5 12-29-2009 08:52 PM


All times are GMT -5. The time now is 08:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration