Question about VirtualBox

Karl Auer kauer at biplane.com.au
Thu Oct 22 00:52:58 UTC 2009


On Wed, 2009-10-21 at 17:32 -0700, petevg at gmail.com wrote:
> > Michael White <enlightenedshadow at yahoo.com> wrote:
> > If Windows XP on VB contracts a virus, can it spread to my other
> OS's that are on the HDD and not in VB?
> 
> The short answer is no.

The short answer is yes, but it's unlikely.[1]

If the guest is the same basic OS as the host, then a virus contracted
by one can move over the shared network or over a shared filesystem to
the other (or to other guests on the same host, of course). If they are
different operating systems, then it is very unlikely that a virus can
transfer even that way.

There has been some work done to show that most if not all
virtualisation systems have flaws that allow hostile code to detect the
VM and possibly exploit it; possibly to the extent of breaking out of
the VM and attacking the host. So don't run your VMs as
root/administrator, and don't assume the VMs are safe - take the same
care of them as you would of a real machine. Keep them up to date, keep
them backed up (NOT just on the host!), close unneeded services and so
on.

A denial of service attack on the guest may impact the host if it uses a
lot of CPU,  a lot of network bandwidth, or hammers the disks or other
shared resources.

All of the above taken into account, you are still safer running
something in a VM than running it on the host, but safest of all is
running it on a dedicated machine.

Regards, K.

[1] I know, Pete, that's what you said. I'm not really contradicting
you :-)

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20091022/c3716db9/attachment.sig>


More information about the ubuntu-users mailing list