LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   Linux guest on Windows XP host, security-wise which preferred - vbox or vmware? (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/linux-guest-on-windows-xp-host-security-wise-which-preferred-vbox-or-vmware-875476/)

php5er 04-17-2011 12:56 PM

Linux guest on Windows XP host, security-wise which preferred - vbox or vmware?
 
Hi folks.
I have been using Linux since 2007 - first PCLinuxOS, Debian and Ubuntu since 2009.

Now I have some P4-based PCs which are using 865BBL chipset boards. Can't get them upgraded as all hardware needs to be changed and funds are not being sanctioned.

I tried Ubuntu 8.04.4 LTS, 10.04 LTS, 9.10 and Puppy 4.3.1. All are unstable in various ways - flickering, hang, reboots, wildly varying Compiz effects, etc.

So I have to consider running Ubuntu inside a VM on Windows XP.
The XPs are legit, continuously updated online and RAM is 2GB.

So,
(1) Is it secure to run Ubuntu guest inside Windows XP host?
Can spyware/keyloggers get installed on WinXP host if browsing without AdBlock Plus or NoScript in Firefox in the Linux guest?
... which could cause passwords/data to get captured?

I am simply not used to considering these possibilities as native Linux does not have any of these problems.

(2) Will a "Windows crash" make guest disk images unrecoverable? IMO, should not.

(3) Which is better for this application - speed and disk space - VirtualBox or VMWare?

I looked up a few pages of Google results, but only got a post or two about this question.

Thanks in advance.
Dave.

Archduke 04-17-2011 01:59 PM

1. No, keyloggers in your guest Linux won't infect your host Windows. But keyloggers on your host Windows will infect your guest Linux.
2. Only if the hard drive is damaged will the Linux virtual drives be lost. Back them up occasionally, if you're concerned.
3. I prefer VirtualBox, but I think they're both about the same.

You probably don't want to hear this, but one security upgrade that you COULD make is upgrading to 7 from XP.

jefro 04-17-2011 03:23 PM

A VM is a real computer for this question. One slight difference is the way one can use guest additions and shared folders that could bring excess security risk to each other. Any keylogger may work to discover what you are doing.

Any crash can wreck a VM. A VM's virtual filesystem has an underlying format in linux. Normally a journaled system would help protect the VM. When the host crashes the guest will also suffer a crash. It could get worse if you have a fragmented virtual filesystem on the host which is almost always the case.


Archduke provided one of the most important parts of any data plan. Backup. His second was also correct. Update to current levels, and may I include learn and use as many best practices as you can.

php5er 04-18-2011 02:50 AM

So backup is where the emphasis should be
 
Thanks - this is the crux of the answer I wanted:

Quote:

Originally Posted by Archduke (Post 4327232)
But keyloggers on your host Windows will infect your guest Linux.

Quote:

Originally Posted by jefro (Post 4327303)
One slight difference is the way one can use guest additions and shared folders that could bring excess security risk to each other.

Any crash can wreck a VM. A VM's virtual filesystem has an underlying format in linux. Normally a journaled system would help protect the VM. When the host crashes the guest will also suffer a crash. It could get worse if you have a fragmented virtual filesystem on the host which is almost always the case.

Maybe backup CD-RWs or DVD-RWs for daily/weekly incremental data.

Clamwin is known for viruses on Windows XP, but for spyware / malware I think I need a firewall. Windows XP has a built-in firewall and there are a couple of free ones available, too.

I think all that should be enough considering the number of people using XP for work yet.
Windows 7 is a bit slow and heavy for these machines, and more importantly, it costs big buck$$. So it wont get sanctioned anyway.

Thanks again for the prompt replies!

Regards,
Dave.


All times are GMT -5. The time now is 02:26 AM.