VMware Communities
ppvm
Contributor
Contributor

(How to?) Share folders with the virtual machine, while remaining secure on a public wifi network?

My basic question is, on a virtual machine, how can I access my workfiles located on the host machine without making these files available to anyone connected to the same unsecure public wifi network that I am connected to ?

My configuration is this:

- Host machine is running Windows 2000 Pro

- Virtual (guest) machine based on Windows XP SP3, running with VMplayer. The option "Folder sharing" is set to "always enabled". The machine was originally designed using VMware Workstation 6.5.

- Both machines (host and guest) belong to the same private network that I defined.

With this configuration, I do not have access to my work files C:\work files, located in the same disk as Windows 2000. So if I want to work on my files under the XP virtual machine, I have to share the folder C:\work files under Windows 2000. But my IBM laptop immediately pops up a security warning saying that doing so in a public unsecure wifi network will expose those files to anybody on the network, being a serious security threat, and gives an option to immediately un-share all folders.

So, what is the solution here? How can I be connected to a public wifi network for which data is not encrypted, and still SECURELY use files from the host machine on the guest virtual machine? If I cannot do that, then I do not see the point of virtual machines in the first place... There must be a way, please help me!

Reply
0 Kudos
4 Replies
ODeckard
Enthusiast
Enthusiast

Host Only networking was developed just for you Smiley Happy

In Workstation, edit your VM to add a network adaptor, and check the Host Only button.

Now go to VM / Settings / Options / Shared Folders / and make sure

Always Enabled is checked. Then browse to the folder you want to use for Hiost Only, and select it. Do not create a share for it. If you want

more shared folders, repeat the browse.

After you boot your Windows, use Windows Explorer and browse to My Network Places /

Entire Network. Here you should see Microsoft Network and Host Only

network.. Double click the Host Only, then .host then Shared Folders

and you should see the folder or folders you previously selected. If

you look up to the address bar you will see the path, whcih you can

later type in directly. It will look something like this:

//.host/Shared Folders/MyFolder

You can now map a drive letter to it, and you are set Smiley Happy

ppvm
Contributor
Contributor

Thanks for this extremy helpful answer, it works now and I can access my files from the virtual machine without having to share folders directly in Windows. So with your technique, my shared folders are no more vulnerable to data theft, even in an un-secure public wifi network. Everything that you describe here works fine, including the drive letter mapping inside the virtual machine. Thanks for explaning this as all the little options such as "Host only" are not really visible. In the end, I had to re-create the ACE package as adding folders to share can be done only in VMWare Workstation, not in the player.

However, one thing that I can't figure out really is how to avoid losing all my shortcuts in the shared folders. For example, I share C:\folder 1 in which there is a shortcut to C:\folder1\file1. I click on the shortcut *
.host\Shared Folders\folder1\shortcut1*, but the location it points to C:\folder1\file1 does not mean anything in the virtual machine, and I get an error when launching the shortcut. I understand that this is the normal behaviour, but is there a way out of this (such as "relative shortcuts" or things of the sort)?

Also, another annoying thing is that when I launch an application from the vitual machine (the app is a portable app in one of the shared folders), Windows XP pops up a warning message saying something "The publisher of the app is not trusted, do you really want to execute this program?" This is the same message as when XP warns you before executing an exe file downloaded from the Internet. I assume this now comes from the fact that the host and guest machines are networked. I will have to get rid of this message. I tried many things in IE settings (Security tab > Local Intranet or Advanced tab), but could not get rid of this annoying message... If you have some idea, please let me know...

Reply
0 Kudos
ODeckard
Enthusiast
Enthusiast

Thank you for the accolades, but I cannot accept credit foir your computer being secure. Unless you have done many things which I doubt you have heard of, you are far from secure. What you have achieved with Host Only networking is to not have your one particular folder directly shared. I don't know if you are like most people, but most people run their computers in the way the arrived in the package. That is, Windows was already installed, with one visible account, set to run in as an administrator with no password. They have a secret administrative account, also with no password. Further, all their drives, and every drive they plug into it, are automatically and immediately secretly shared on the network. They may not know they are there, but hackers do. Their browser is IE. They have no, or trash, for anti-virus, and only Windows Firewall for a firewall. Then they think they are secure as they browse with a wireless netowrk just because there is some level of encrypotion on it. Never mind that port 80 is open for downloading malware when they are online. And once downlaoded, it is past the encryption problem, and can strike from behind. And it can go online to where it wants to download more because the Windows firewall isn't at all concerned with what program is making outbound connections.

And that's just to get started. Unless you can tell me that you have addressed all of these, I think it a little premature to say you are secure. You did admit, after all, that you are running Windows. That alone makes it extremely difficult to be confident that you are secure. Are you 100% certain that there is no malware at all on your computer ? Peop;le have become conditioned to think that a low level of infestation is acceptable, simply because they are always infected. I'm sorry, but no level of infection should ever be acceptable. A little spyware may do little damage, but that only means you were luckey today. If a harmless malware can get in and execute, so can a non-harmless one. Should we depend on luck? With Linux, 0% infection is the reasonable expectation. I have never had an infection. But it is always a challenge to keep Windows secure, even with a hardware fiewall and wireless disallowed.

As for getting rid of your pop-ups, There is a place in IE to turn them off. I can suggest that you install Firefox and make it your default browser, then go to their add-ons site and add some real security, such as No Script.

But remember, you are still running Windows. If there is any data on there that you really, really can't aford to enter the public domain, you should seriously consider moving it to another computer, or browse the internet with a different computer, such as a disposable VM. You can download a free Linux VM right here on VMware. Then, by the simple expedient of a strong password you can be much more confident that you are secure. And if any wish to accuse me of flaming Windows, there should be room for honesty and the simple truth when discussing security. Windows isn't, and that's not my fault.

Earlier I disparaged running in an administgrative account. That is because an administrative account can install software, unlike, uh, well.,

OK, you got me. in a limited account you can install some programs. Try Firefox. So if you can install one program, why not more? Could it be that whether or not administrative privileges are required has been left up to the hacker, I mean programmer?

I'd love to take credit for making your machine secure, but that wouldn't be honest.

Reply
0 Kudos
ODeckard
Enthusiast
Enthusiast

Or perhaps accessing the internet through a disposable VM is exactly what you are doing. In which case, excellent. You are indeed on top of it. Even if it is Windows, so what . It is disposable. In fact, you can set it to revert to snapshot every time it is shut down. That way, any malware you pick up is gone when you reboot. And you can save your downloads in your host only folder. Sweet Smiley Happy

Please don't get me wrong. I am not opposed to Windows. I own it and use it. I just use it for what it is good at, and don't try to force a square peg into a round hole. Linux does not run many bread and butter programs, like Autocad, at all. Installing Wine onlly makes it insecure. So I use them both for what each is good at Smiley Happy

Reply
0 Kudos