Please recognize that I am a complete Newbie , so if your answer involves specific network configurations or such, I need it explained in very simple terms! I also apologize if it seems that this question is more appropriate for a windows forum. To me, it seems that it is relevant to VMware and my Linux guest installation.

I can not find a similar thread that answers my question:

The reason I ever installed vmware player was to use Linux for my web browsing and email and such, since it is not subject to the xp problems. This was not my idea, but the idea of a very experienced user on a different Forum. I am in a tight spot, because I genuinely can not afford to upgrade from xp at this time. I am not working, and I just don't have the money. I'm not appealing to your for pity, but I was asking around for ideas of what I could do considering my problem. That forum member comes highly recommended on the forum in which we communicated.

He has very clear tutorials for installing vmware player, and installing a virtual linux OS (Mint) inside it.

Since the installation, and my understanding that my Host, xp, is still in fact connected to the web, I reverted to my concern that I am still running XP. Could my pc be at risk just by virtue of being connected, despite the fact that I am avoiding the browser in XP? The answers I got were that viruses don't just appear on pc's. They have to come from somewhere. And since they will not affect Linux, it is safe. I have many questions about this:

I originally thought that Vmware player would use use a virtual ethernet connection to bypass access to the XP operating system. The Linux virtual machine can obviously not connect to the web without the Local Area connection connected, I soon learned. Since my Avast antivirus is automatically updating, it is obvious that windows xp is interacting with the web. I installed ZoneAlarm, but it is very tedious, and I didn't understand the source of many of the requests for access in ZoneAlarm. But that is a ZoneAlarm Windows issue.

Does rogue malware, spyware etc, still have the ability to directly access the windows OS if I don't open firefox or any other browser there? If I were to get any windows rogue malware through Linux, Could it find it's way and install itself on my PC, and wreak havoc? Especially, since I have tools installed, which allows drag and drop.

The only advice I got for that was to put NoScript on my linux firefox browser, and to run any downloaded file through Clam. No Script made access to most websites impossible, especially online shopping! I had to disable all scripts on those sites, since I couldn't start guessing which script was blocking my ability to mouse click, or "send to cart" or whatever else...
What about entering passwords on websites that have personal sensitive information? (From within Linux). Is Linux as a guest really secure in this way? I need to know the answer to this, as I have not accessed any of my bill paying sites since I stopped using Windows XP to surf the web on April 9. I will have to access those sites in the very near future!

I have not gotten clear responses to the question of my security status, if I only surf the web using the linux virtual machine.

I have posted this question on a vmware player community forum, but so far have not gotten any responses. I think that is because the answer is: It depends. On a number of factors. Is there anyone who can work me through this to insure that my pc stays secure?

Thank you!

First, note that I am not an expert, by any means, and I can only state my current understanding of what is happening. I promise not to use any complicated network terms or anything.

Windows XP is still interacting with the internet, and is still susceptible to whatever malware/viruses/spyware/etc. This interaction, just as any interaction with a foreign network, has the potential to bring down your system. Not to say that it WILL, only that it COULD. If Windows XP goes down, so will your virtualized installation of Linux. That's just the nature of virtualization. The guest system is only as secure as the host system.

Linux is also interacting with the internet, but through the network connection provided by Windows. If Linux were to get malware/viruses/spyware/rootkits/etc., Windows is vulnerable only insofar as Linux has access to Windows files and folders. The possibility of Linux encountering malicious code that can run in a Windows environment is pretty small. For that matter, Linux is, by its nature, quite a bit more secure than Windows, and the likelihood of encountering some kind of malicious program on a desktop Linux installation is also pretty small. (Android is another beast altogether...there are a number of well-documented problem programs in the wild.)

It sounds like you've covered your basics with an anti-virus program and a firewall. The truth is, Windows XP has reached end-of-life, and will become less and less secure as time goes on. Critical updates will not be pushed out. Patches to security will not be made. If this computer is used in a critical application (i.e. your business and/or life depends on it), it would be wise to disconnect it from the internet. The other option is to pay Microsoft for extended support. This may or may not be feasible, depending on how critical this computer is.

It could be possible to use Linux as the host system, and install Windows XP in a virtual machine on top of it. This would leave the computer itself fairly secure, including any documents, while allowing use of Windows XP. The Windows installation itself would still only be as secure as it is possible for a Windows XP installation to be, and if it were given access to the underlying filesystem, it could cause problems if it became infected.

The short version:
1. Windows XP is at end-of-life. It will become less and less secure. It's time to move on to something else unless your use case can justify disconnecting it from the internet.
2. A virtualized installation of any operating system is only as secure as its host system. Installing a secure operating system on top of an insecure one does not improve security of the host system, and can leave the guest operating system vulnerable.
3. A virtualized installation of an operating system can make the host system less secure, if the guest system is given access to the host filesystem.
4. Linux as a host, and Windows XP as a guest is probably a better option.
5. It's not necessarily an easy switch to make, but Windows XP probably should not be your operating system of choice, if the computer needs to remain connected to the internet.

Good luck!

1 members found this post helpful.

Have you tried running Linux from a live CD?
I ask because I tend to agree with bcwagne above and if you could use just Linux by running a live CD then you would remove any possible risk from using XP. It would also give you a pretty good idea about whether replacing XP with Linux was something you could look into.

1 members found this post helpful.

bcwagne, I read your whole post and I hear you loud and clear. It's not what I wanted to hear, and I'm basically back where I started when I began looking for a recourse to my $ problem of leaving XP behind. After the next quote, you can read me trying to come to terms with the situation. Please bear with me: this is really a problem for me, that I thought had been solved for a while.

You know after patiently going through all my options at the time, (buy windows 7 [may or may not work, depending on who I believe: Microsoft or Dell], buy a new refurbished PC, Or take a chance on Linux), This guy's idea was for me to run Linux from a bootable USB. Is that the same as what you call a live CD?

I just didn't have a USB available, and wasn't sure when I could get one. (How would I connect to my DSL modem, by the way?) The virtual player was a way for me to get started with Linux, and see if I like it, and find it usable. He also maintained that you usually have to click on something or go to a rogue website to invite malware. And since I was going to be using Linux, that stuff wouldn't happen. I thought that meant windows malware couldn't install because it's a linux browser.

So far, all I've done is deal with vmware player installation, and virtual Linux Mint petra installation with pitiable little ram (1 gb, of out of the 2gb in my pc). I've used firefox almost exclusively, just for all these forum discussions, and clarification about how to properly do the virtual player and virtual machine setup! (I've read the news, and watched some video too). I've hesitated to go and pay any bills (paid 'em all before April 8th!) or otherwise use sensitive info. And yet, I've gone and opened my email numerous times, and given my cc# to a site to purchase a 32gb USB on special until tomorrow. So who am i kidding? I'm using linux through XP online even as we speak. Regarding access to the windows files, yes it's linux mint on vmware player with tools installed. So I can drag and drop between the virtual OS and XP!! And I can simply click back and forth from windows xp into virtual linux. I actually wanted that capability. I just didn't understand that ultimately I'm easily allowing access to xp anyway, and if I'm worried about security, browsing through linux is a very small protection. It wasn't his first or second choice at all! But I was afraid, and without $, so he really bent himself out of shape to help me, while I thought it through. When I presented these security issues to the guy encouraging me to at least do this virtual linux thing, he did say that browsing through linux only, would help protect me. The next step, as soon as I was able, was going to be to run linux on a usb flash drive. Which I had to purchase, at the very cheapest possible, with a reasonable review of its strength, speed and life expectancy!

If I use Linux from a stick, I can't touch my hard drive, or access any files I have there, correct?. I would have to leave the usb in the drive all the time, for quick access to the web. I would have to remove the stick (not sure how that's done safely), and then boot up into windows with my local area network disconnected, to copy things I need onto a flash drive. Then I would have to boot back into linux on the stick, and somehow copy those files e.g. .doc or xls. or pdf, or jpg, into linux using a second usb drive, and figure out how to open these files with compatible programs! I thought I could get around that. I have so little stuff on my PC (less than 24 gb used), that I could easily keep everything on a 32gb usb. As I understand it, Linux from a USB would only be able to hold the amount of gb that is available on the stick. I mean I wouldn't be able to save anything to my hard drive, correct? That's a largely wasted 250 gb harddrive.


Currently, I really use the web a lot much more than I actually use my pc. For example I used to use a graphics program (a photoshop clone), and quicken. But I haven't been doing much productively for quite some time, unfortunately, so those things are not being used anyway. I have files from before, and I'd have to go through everything to make sure I'm taking what I need, which could take a long time. I certainly can't upgrade windows programs now- not the OS, nor programs like word and excel which won't be compatible as they are VERY old versions. So much of my PC programs are just utilities that I wouldn't need if my computer was offline. It just means I would have to always keep that USB stick in the drive, so I can have ready access to the web. Of course, there's the recourse of just wiping the hard drive and installing linux instead, and be done with it.

First of all, this is a Dell computer that probably has a hidden partition in it for restoring XP. It didn't come with clean XP installation disks, but rather a "reinstallation" disk for the OS already installed in my PC. I have no idea if I really could install linux on it without windows interference. Second, and even more importantly, I don't have a smart phone, or a second reasonable PC. That means that in the process of trying to follow someone's instructions to truly install linux, I would have no web access for support during the process. It's amazing how many people apparently have a secondary way of accessing the web to ask questions about problems they are having with their primary desktop, or laptop or whatever. There's the possibility that linux will not be able to recognize my mouse, keyboard, monitor or dsl modem. (Unless the fact that the virtual Linux Mint is using all those things means that I will not have a problem.)

I would have to go to a relative's house, go to a forum such as this one, describe my problem, wait for a response which often includes further questions, and then come back and either try the advice, or answer the question. It would likely take a very very long time, and will leave me without access - which is a fear I currently have since I'm basically homebound, although I do get to this relative fairly often. But running back and forth is insane. Just in the last day I've posted numerous questions on this and other forums, and if I kept having to go there to check for answers, I may as well move in, and take my whole desktop, monitor, keyboard and mouse with me! (not a possibility).

And then there's the reality that in July, Mint Mate is going the way of windows XP!!! So I will have to start all over again and re-install a new system again, and back up whatever I've put on my PC until then, and lose all my settings, etc. I can be setting up my PC again and again for the next half a year! With no online support while I do it. I can't have a virtual windows, by the way, because as I said before, I don't have xp installation disks. I have a Re-installation disk which is not the same thing at all.

/end rant.

I have no recourse right now, other than to try to make a bootable Linux on a stick, for whatever that's worth. and hopefully I will not get any problems while I work out that process. And while I wait for that USB to arrive.

Forgive me, but I'm still quite disheartened.
Thank you.
Techie Forums are not supposed to be emotional support groups. Sorry.

You can run most "live CD" images from a USB stick just fine -- you download the .iso file and transfer it to the stick with something like unetbootin. If you do this you will be able to access your hard drive but perhaps not very conveniebtly until you find your way around. Your wireless chipset may or may not work -- try somethong like Linux Mint as it has drivers built in.

1 members found this post helpful.

It's okay to be a little disheartened. I understand your dilemma. I've been there. It's not easy.

Yes, it's probably time to start making changes to the way you use your computer. YOU DON'T HAVE TO CHANGE IT ALL OVERNIGHT!!! From what you've said, you've taken the right steps to make Windows XP run for you, and it will continue to do so for the short term. Take a breath, relax, have a glass of lemonade or something, and take a little time to really decide what you want your computer to do. From there, if you're not sure HOW to get your computer to do that, keep asking questions. We're all here to help. We can help you make a plan and forge ahead through thick and thin.

If it were me, in your situation (I've been there before...), I would make a list of things you use your computer for most. Is it word processing? Graphic design? Online bill payments? Email? Watching DVDs? Listening to music? List everything you can think of that you want your computer to do. I bet you can't list something we have not also wanted to do with our computers.

Once you have a good list, we can take it one step at a time. The first step will be getting Linux on a usable USB drive or hard drive or something. If you're not comfortable erasing Windows right now, that's fine. You don't have to. There are other options, including Live CDs or Live USB installations.

Let's start with getting Mint or something on a bootable USB drive. There are lots of good guides for doing that, and we can help as needed. Don't give up! It will be okay! All is not lost!

1 members found this post helpful.

thank you both for your encouragement, and honesty. I still wish you were wrong! VMWare does not have any clear documentation about this stuff. I know I should mark this solved, but I really don't want to! Lemonade, was a very good idea!

I will be busy keeping my virtual machine user friendly for now until I get the 2 32gb usb sticks that I ordered. (free shipping = longer delivery time!) One is for a bootable linux, and the other I think is going to be for a backup image of my computer. All this communication about my pc has raised many flags that I don't even have a back up of my files! When the usbs come, I will have 2 projects, and I'm sure a lot of questions!

Hey, keep us posted. We'll be here. Ask whatever you need to ask. Just go one step at a time.

Good luck!