Originally Posted by
gfunkdave
If your DD-WRT flavor supports VLANs, you could potentially put the VM on a different VLAN from the rest of the network - but your hypervisor would need to support 802.11q VLAN tagging. Not sure they do.
Xen and ESX definitely do; we use both very heavily at work.
For KVM, VirtualBox, VMWare Workstation/Player, and other similar ones, you can set up a virtual NIC with tagging that is then attached to the guest system in bridged mode (this is what Xen does under the skin, actually.) In some of the cases you can also use a NAT-mode virtual NIC with a software firewall on the
host machine, no VLANs needed, although that would not protect you on the limited allowed outgoing ports.
Originally Posted by
ScottC
Not if you know what you are doing. In a normal setup, well configured, a PC on a LAN can't just go ahead and compromise another PC on the same LAN. In fact, that should NEVER be possible.
Assuming everything will stay 100% secure on the other systems is a dangerous bet -- especially with Windows, and the fact that he's doing some file sharing.
Segregating trusted and untrusted traffic, either via VLAN, or better yet, physically segregating the untrusted LAN, is a good idea.
Originally Posted by
PTravel
She's not a mischievous child -- she just doesn't know a lot about computers.
I've set it up this way: I use Fences, which lets me organize icons into groups inside translucent boxes with labels at the top. One of the boxes has my wife's name and there's just one icon in it, labeled "start." When she clicks on that, the virtual machine starts and opens into full screen with a different background than main desktop. As long as she sees the Grand Canyon instead of the Ocean Sunset, she knows she's good to go.
No separate user logins??? The "switch user" feature in current versions of Windows is a good thing; my wife is reasonably technical, and she still gets separate logins.
I can't imagine what benefit I'd get from a hypervisor that would force me to work in a virtual PC.
...and I'm guessing requiring a reboot between her use and your use would take too much time? Otherwise, her use could be in a VM on a standalone hypervisor, and your use could be on bare metal. It's not hard to set up dual-boot.
First off, I don't allow Macs in my house.
I wasn't suggesting
you use it...
I don't like their OS philosophy of "we know better how you need to work than you do,"
I don't care for it either, but something a bit more locked-down might be a good thing for someone like your wife who is managing to malware-up Windows. (Ditto a version of Linux focused on end-user usability.)
If you don't feel like paying Apple for the privilege, it's not exactly hard to avoid it and run their OS on commodity hardware.
I don't like paying triple the cost for software and hardware.
It's not that much more expensive anymore; the Mac Mini is about half again more expensive than the i3 NUC, but that's hardly apples-to-apples comparison.
Next, there is no room in our small apartment for a work space with another PC, regardless of what it is.
Hence my suggestion of a KVM. If your space is truly so small you can't find space for a USFF machine on the scale of the NUC or Mac Mini, well, that's a tiny space indeed, but I can't imagine it.
There isn't even a space for another mid-tower and a KVM switch (and I have those, too).
A mid-tower is a whole lot bigger than a USFF machine, and if the KVM adds an appreciable amount of space, you've got a bulky professional one not a nice simple two-machine model that should be no bigger than a deck of cards with two cables sticking out of it.
Linux? It will never happen. I have a couple of Linux boxes -- one is a laptop that I'll use to setup FreePBX* (an Asterix variant) on, and the other I used to use as a server and to hack DirecTV boxes (for pulling off recordings, not for stealing DirecTV). To paraphrase Bones McCoy from Star Trek, "Damnit, Jim, I'm a lawyer, not an IT guy!"
I can barely manage in Linux. Mrs. PTravel will just blink at me, walk away and then sit down at my Windows 7 machine.
Does she use any Windows applications other than a browser? Ubuntu (or ChromeOS, which is basically just a very cut down version of Linux) is pretty dead easy at the sit-down-and-pull-up-a-browser level.
It sounds like you're trying to do stuff that's a good deal more complicated than set-it-and-forget-it machines that someone does browsing on, and maybe some light office tasks (assuming LibreOffice and/or Calligra is an adequate replacement for Office.) In that sense, GUIs are fungible. But this one isn't for the power-user, it's for the dangerous non-technical one.
(Linux, and potentially in some cases, the MacOS, may be a non-starter if the videos she's watching online are DRMed.)
With Virtual PC, she can pick up all the malware she wants. If her PC-in-a-PC gets too messed up, I'll just copy over the backup of virtual PC and she's good to go again . . . 'til the next time.
That's a good reason to use a VM, regardless of what OS it runs on (and per
It doesn't matter whether she's on an adminstrative account or not. If she picks up the wrong malware, it can still lunch my system.
Sure,
if she picks up the wrong malware. But the an awfully large group of malware out there is still the "trojan horse" kind that depends on the user letting something run that they oughtn't, and a fair chunk of that WILL be caught by running in a non-privileged account. Probably no longer a majority of it (or of all malware) -- although prior to Win 7 catching on, it was.