LinuxQuestions.org - [SOLVED] How dangerous can a hacked VM get?

- Linux - Virtualization and Cloud (https://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)

- - How dangerous can a hacked VM get? (https://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/how-dangerous-can-a-hacked-vm-get-4175692802/)

How dangerous can a hacked VM get?

I'm intending to run win7 in a VM wiuth Virtualbox. My box will only do one VM because it sucks.

Let's say it's hacked and the host is linux. How bad can it get?.There will be basically nothing I can't reinstall, and basically no data. I'm not running servers or a website.

do not expect any other answer, it is just unsafe, the "result" is unpredictable.
VirtualBox itself is (can be) a security issue

How dangerous can a hacked VM get?

Let's take a step back for a second.

Are you on a home connection or a business connection? What sort of networking do you intend to use for the guest? Will you be setting up shared folders? What services will the guest be running, and what services will the host run? Is the host behind a hardware firewall?

Once setup, you can clone a second one. Use one for safe situations and the other for dangerous living.
If the latter is shot down, restore the OVA takes a dozen minutes at most.
As long you run only one VM at a time, it should be fine (mine is a 4th gen I7).

Quote:

VirtualBox itself is (can be) a security issue

Is this so ?
I currently run about more than half VMs under VirtualBox.
Recently during a Hackathon in Peking they successfully hacked Qemu-KVM. That put a pause on my Qemu
conversion project (or maybe that's an excuse for me to take a breathing).

[QUOTE-rkelsen]

Are you on a home connection or a business connection?
Will you be setting up shared folders?
What services will the guest be running, and what services will the host run?
Is the host behind a hardware firewall?

[/QUOTE]

To answer those

home, although I have a fixed IP
Yes, hopefully, 1 each way
Just windows 7 and whatever that starts. The guest runs nothing except local programs, the host likewise.
No, unless you count the router

I doubt it is dangerous for Linux or other non-windows host. However, if Windows in this VM is "pwned" then it can be used to attack other computers on LAN, which otherwise are behind NAT and cannot be attacked directly.

@pan64: Surely every box on the internet is unsafe by that standard, as Russian hackers have taught us.

@leclerc78: I'll have a vdi backup on USB drive. Why make 2 and just use one? I'm not using it for games, just anything that does much better in windoze. Maybe I'll try zoom if the audio & video work. It's only running occadsionally.

Any attack would need to hack windoze 7, from there get through VM isolation, and from there get through linux. That seemed to me like a tall order.

@Emerson: There is no wired, just wifi. My box has no other servers - mail, apache, mariadb, inetd, any of that stuff. AFAIK there's no servers under Win10 or my RazPi.There's always an exploitable IOS or Android, and android which are exploitable. That makes it win7-->VM container-->linux-->mobile OS. If they get through that lot, they deserve it!

Hi

I wouldn't worry too much. But as you said, if the Windows get hacked...

If you don't have patches for Spectre and Meltdown, it can read RAM belonging to the host.

It's in your "LAN", so whatever protection the router gives you (by not forwarding all ports) is gone.

It would be pretty easy to create a VM of Pfsense/Untangle and run all traffic VM to VM between the two clients. Then you have some sort of way to manage risks.

I still use Windows 7 on some things. I don't care if it gets hacked. I don't keep any personal data on it.

Quote:

Originally Posted by Emerson (Post 6235276)

That's the answer here.

If you have access to the router's settings, you should ensure that the firewall is on. Block everything. Turn off port forwarding. You'll still be able to browse, etc. But if you're not running any services, then there is no need to allow any traffic through.

Realistically, if you're using Windows 7 for something specific in a VM and it's behind a firewall the risk is relatively low, provided that you're not downloading random executable files or double-clicking on email attachments without checking them first.

From a security perspective, W7 is quite far removed from the original release of Windows XP, which was basically wide open in an era when we connected computers directly to the internet without a second thought. The kinds of worms we saw in the past (eg: Blaster, Sasser, Welchia) could not spread the same way today. ISPs are smarter, and things like the default settings of routers are better.

Given a choice, I'd much rather have W7 running in a VM than on a physical box on my network.

I make it a practice to enable the firewall on any VM I run, and, if it's Windows, run a AV program.

However, as Win7 is no longer supported and will not receive security updates, I doubt there as any way you can make a Win7 VM secure. However, you can increase the safety of your own devices by using VirtualBox's NAT networking (that's the default when you create a new VM). That way, the VM will not be able to see your local network and vice-versa.

@business_kid
If 'getting hacked' is your concern, try EasyOs on a USB stick.
At the near bottom of the menu, there is an option
'Copy to RAM and disable all drives' - very interesting.

Being honest, I was going to do it unless people screamed at me not to. I gather some are frowning, but none are screaming.
I'll mark this solved. If/when they ban religion, I'll be a lot more security conscious. It's not like I have a server running.