Solved: Need help understanding virus / malware vulnerabil...

mcareaga · ‎09-16-2007

I've been using Fusion for about a month now, running WinNT 4.0 as a virtual machine on my iMac. It's been great being able to access old files through software for which I no longer have compatible hardware.

I've been debating whether to install (and maintain) virus software for this virtual machine. I understand that the VM is susceptible to viruses, but how far would/could the infection go? If I'm not accessing the Internet through the VM, how safe are my files?

I'm not storing any files within the VM environment; instead, I'm accessing files stored in my mac's home folder through WinNT's "Network Neighborhood." If those files became infected, no matter how many times I re-created a new VM (or restored an earlier, presumably "safe" state), presumably the virus could jump back to the VM?

Any help I can get to better understand my risks and options would be greatly appreciated. Thanks in advance.

admin · ‎09-16-2007

I've been debating whether to install (and maintain)
virus software for this virtual machine. I understand
that the VM is susceptible to viruses, but how far
would/could the infection go? If I'm not accessing
the Internet through the VM, how safe are my files?

If the VM has no internet access (in this case, I'd suggest removing the virtual network adapter to make it harder to accidentally connect) and you're sure you only give it clean files, I think the VM is safe and wouldn't bother running antivirus/firewall/etc. in the guest.

If you do connect the guest to the internet, antivirus/firewall/etc. may be good. If malware infects the guest, it has limited ability to affect the host. The big concern I can think of is shared folders (network shares have the same issue) - anything you share, the guest could read/infect/tamper with/delete. Thus if you don't need this, I would disable it.

I'm not storing any files within the VM environment;
instead, I'm accessing files stored in my mac's home
folder through WinNT's "Network Neighborhood." If
those files became infected, no matter how many times
I re-created a new VM (or restored an earlier,
presumably "safe" state), presumably the virus could
jump back to the VM?

Yes, they could re-infect the VM.

View solution in original post

admin · ‎09-16-2007

I've been debating whether to install (and maintain)
virus software for this virtual machine. I understand
that the VM is susceptible to viruses, but how far
would/could the infection go? If I'm not accessing
the Internet through the VM, how safe are my files?

If the VM has no internet access (in this case, I'd suggest removing the virtual network adapter to make it harder to accidentally connect) and you're sure you only give it clean files, I think the VM is safe and wouldn't bother running antivirus/firewall/etc. in the guest.

If you do connect the guest to the internet, antivirus/firewall/etc. may be good. If malware infects the guest, it has limited ability to affect the host. The big concern I can think of is shared folders (network shares have the same issue) - anything you share, the guest could read/infect/tamper with/delete. Thus if you don't need this, I would disable it.

I'm not storing any files within the VM environment;
instead, I'm accessing files stored in my mac's home
folder through WinNT's "Network Neighborhood." If
those files became infected, no matter how many times
I re-created a new VM (or restored an earlier,
presumably "safe" state), presumably the virus could
jump back to the VM?

Yes, they could re-infect the VM.

mcareaga · ‎09-17-2007

thanks, etung

good point about removing the virtual network adapter ... I'm pretty sure I skipped that part of the virtual NT installation, so the VM is already isolated from the web. Your point about sharing infected files is well-taken ... I was already living with that risk, insofar as I sometimes work on work-related files at home on my mac and then take them back to work ... in which case I'm relying on the office's virus protection (we have a pretty robust IT department).

I'm going to leave my question as "not answered" for a few more days in case anyone wants to add something. Thanks again. -Mark

admin · ‎09-17-2007

good point about removing the virtual network adapter
... I'm pretty sure I skipped that part of the
virtual NT installation, so the VM is already
isolated from the web.

I'm guessing you mean you didn't install drivers for NT - this is a good start, but you can also remove the virtual network adapter (akin to pulling the NIC out of a physical machine). By default it comes with one.

mcareaga · ‎09-24-2007

thanks again, etung ... I'll look into that. I think I'm set for now.

mcareaga · ‎09-24-2007

follow-up ... I went into my VM, opened the WinNT control panel, opened Network, and clicked the Adaptors tag ... there were no network adaptors installed. This is what you meant, right?

admin · ‎09-24-2007

I meant shut down the VM, go to Virtual Machine > Settings, and if you see a Network entry under Removable Devices, select it and press the minus button in the lower left.

mcareaga · ‎09-25-2007

oh, I see. The dialog shows up as on the attached.

admin · ‎09-25-2007

Yes, this is the one you want to delete, though having it set to host-only and/or disconnected is almost as good.

I'm not sure why the minus button is disabled, did you take the picture when the VM was suspended or on?

All

Need help understanding virus / malware vulnerability