How safe is Windows Virtual PC?
 

I've previously recounted my struggles against malware that got on my machine, I think, because of Mrs. PTravel's surfing. As some of you advised, I'm in the process of setting up a virtual machine on my Windows 7 to computer to run a copy of Windows 7 that will be Mrs. PTravel's computer.

I just want to make absolutely sure that, whatever she does in her sandbox, it will not do any damage to the real PC's data.

It is 100% separated, unless you open things up like access to local folders.

In a normal setup, nothing that happens in the VM will make its way across.

it is separate but always back up your data externally (the least to an external drive, preferably something in the cloud) and in this case make sure she is not an administrator and use a browser with add ons (firefox) that will help keep things from downloading in the first place. a good anti-virus as well.

i might reocommend a dual boot instead or just a cheap laptop that you can reimage at the drop of a hat. i recommend macrium reflect, free program, to do so.

My data is either stored on or backed up to a RAID5 NAS which, in turn, does a mirrored backup in real time to another RAID5 NAS, with critical backup sent nightly to a backup server I maintain just for myself at my office. My wife uses FireFox and, of course, I had anti-malware installed on the computer she was using AND it sits behind my router's firewall. My data was damaged. However, even with all the anti-malware precautions, she still managed to infect my primary desktop, my laptop and one other machine that sits on the LAN (and probably a couple of the thin clients, but I just rebooted them which is a quick fix to the problem). The problem was the anti-virus software (Microsoft Security Essentials) let this particular thing through. Malwarebytes couldn't detect it, nor could RogueKiller. Webroot did and, supposedly, removed it from the system. However, I wasn't comfortable with that, plus there were other oddities happening, which may have just been damage done by the malware, so I repartitioned the SSD and re-installed the OS.

In other words, all of the usual precautions failed -- I suspect she went to some website and got a particularly nasty drive-by infection.

I don't want dual boot on my primary computer for a number of reasons, not the least of which is I don't want to give up the space on the SSD, and I don't want her to have direct access either to the internal hardware or computers and drives that sit on the LAN. She likes my computer becuase it has a nice, big 32" 1920 x 1200 monitor and won't accept a laptop, of which I have several spares. A virtual PC is the best solution, has the smallest footprint, and appears to provide the best security. All I have to do, in case she messes it up, is rename the backup copy of the virtual machine and copy it to the Virtual PC directory.

i see, well i would use some type of backup that has versioning and/or multiple copies, real time is great in theory, but if the data gets damaged so does your backup. and raid is not bulletproof.

your 32" monitor won't accept a laptop signal? you can't throw a KVM on there and run a separate machine?

virtual machine, in my opinion, won't solve your problems completely but good luck.

My budget doesn't allow for it. My RAID is not bulletproof, but two NASs plus an off-site is as close as I'm going to come.

The monitor will. My desktop won't -- there isn't room for her to set up a laptop. :)

Nothing will solve my problems completely, but I can't think of any downside to a virtual machine. What problems do you think might result?

With a VM application like Virtual PC (or VM Workstation or VirtualBox) how do you keep her from getting into the main PC when she has to log into it to get to her VM?

Also, I'd guess she doesn't play any games (etc), as the 3D performance tends to be abysmal on VMs, but as long as she doesn't need it, it's an irrelevance. (* there are some exceptions, where you can pass the GPU entirely to the VM, but they are currently a bear to get set up.)

The alternatives would be a hypervisor where there's no outer OS to log into (or a very thin one she can't get into trouble with) like ESX/Xen/Hyper-V. The free edition of Hyper-V is likely your best choice there (eta: and by "best" I mean easiest to get set up if you're familiar with Windows.)

--

As an alternative, what about a second cheapie USFF desktop with a KVM switch? Something like an Intel NUC or Mac Mini is even smaller than a laptop, and would share the same screen.

Also, given her propensity towards picking up malware, any chance of getting her onto Linux or the MacOS? Neither's inherently that much more secure than Windows, but both are the targets of less malware at this point.

Lastly, if still on Windows, any chance of keeping her on a non-administrative account?

She's not a mischievous child -- she just doesn't know a lot about computers. :) I've set it up this way: I use Fences, which lets me organize icons into groups inside translucent boxes with labels at the top. One of the boxes has my wife's name and there's just one icon in it, labeled "start." When she clicks on that, the virtual machine starts and opens into full screen with a different background than main desktop. As long as she sees the Grand Canyon instead of the Ocean Sunset, she knows she's good to go.

Neither of us play games. She watches videos on websites, but my system is fast enough to do that.

I'm not familiar either with the term, "hypervisor" or the software that you've mentioned, so I had to look it up. The machine that runs the virtual PC is the one I use for video editing, audio mixing and photo editing. I need all the power of my machine available to me to do this. I can't imagine what benefit I'd get from a hypervisor that would force me to work in a virtual PC.

First off, I don't allow Macs in my house. I don't like their OS philosophy of "we know better how you need to work than you do," I don't like a proprietary (or quasi-proprietary) hardware and software system, and I don't like paying triple the cost for software and hardware. Next, there is no room in our small apartment for a work space with another PC, regardless of what it is. I have a perfectly serviceable dual-core HP laptop that was replaced by my new quad-core Uber Laptoppen. I've got a USB-based docking station for it that works perfectly well with an extra 1920 x 1080 monitor I've got sitting around. I have extra keyboards and mice galore. In other words, I could set my wife up with a perfectly competent work station for what she needs to do. The only problem is there is no place to put it. There isn't even a space for another mid-tower and a KVM switch (and I have those, too).

Linux? It will never happen. I have a couple of Linux boxes -- one is a laptop that I'll use to setup FreePBX* (an Asterix variant) on, and the other I used to use as a server and to hack DirecTV boxes (for pulling off recordings, not for stealing DirecTV). To paraphrase Bones McCoy from Star Trek, "Damnit, Jim, I'm a lawyer, not an IT guy!" :) I can barely manage in Linux. Mrs. PTravel will just blink at me, walk away and then sit down at my Windows 7 machine. As for MacOS -- no way, on principle.

With Virtual PC, she can pick up all the malware she wants. If her PC-in-a-PC gets too messed up, I'll just copy over the backup of virtual PC and she's good to go again . . . 'til the next time.

It doesn't matter whether she's on an adminstrative account or not. If she picks up the wrong malware, it can still lunch my system. I've spent a grand total of about 2 weeks re-installing and re-configuring my system, just to get back to a functional machine that lets me do about half of what I had been doing. I still have about 100 VSTs to install, about half-a-dozen major music packages that I use occasionally, and a bunch of other stuff. As I said, I see no down side to a virtual PC, whereas other approaches either involve more risk than I'm willing to accept, more space than I have to spare, or more money than I have to spend without offering much of a significant advantage.

* If anyone has any experience using FreePBX as a front-end for a Cisco SPA 8800, I could sure use some advice. I've got the SPA 8800 working with a POTS phone and a VOIP provider that has really, really cheap rates to China (1.2 cents/minute), but I'd ultimately like to run 3 VOIP lines and 3 POTS line through the Cisco, with FreePBX providing dedicated mailboxes, intelligent forwarding, and voice message attachments to email with both VOIP and POTS phones. I know it can do this but, as I said, "Damnit, Jim, I'm a lawyer, not a digital communications engineer."

Here is my only concern, PTravel: You said last time that once one PC was infected inside your firewall, the problem spread. That could be because credentials were already established with those other PC's, or it could be because there were vulnerabilities in the operating systems of those other computers that could be easily targeted by an infected computer inside your firewall. If the latter, an infected VM is just as good as any other infected computer at probing vulnerabilities.

Personally, I think that as long as you never - ever establish connections between the VM and any other computer on your network, so no credentials could be saved, you'll be fine. I would even go into the network control panel and disable the microsoft networking client on the VM just to make sure. If you have firewall software on the other "actual" pc's that lets you specifically tag the VM as "untrusted" that wouldn't hurt either, but at minimum you'll want to make sure those other PC's have their own software firewall since you will have an "unsafe" computer behind your router. Thousandth's of a percent chance kind of stuff at this point though. I think you'll be fine. Personally I'm not a fan of Microsoft Virtual PC. I much prefer VMware workstation (or even VMware Player) or VirtualBox. Once they changed VPC to the windows 7 version that it ran it's connections via RDP, it seemed far slower to me.

Edited to add: You can run ChromiumOS inside of VirtualBox or VMware. Then you wouldn't even have to have a "vulnerable" windows box. This seems pretty bulletproof and maybe not so intimidating as plain 'ol Linux.

The idea of running ChromeOS is interesting. One of the things I was thinking about this morning was that it's a relatively simple matter for me to get to network assets from the virtual PC, so it would be a simple matter for malware to do it, too. I can't turn off networking because then the machine would lose internet connectivity and couldn't reach any of the network printers. I'm thinking about poking around my dd-wrt router and seeing if there's a way to limit what the virtual machine can reach based on its IP address.

If your DD-WRT flavor supports VLANs, you could potentially put the VM on a different VLAN from the rest of the network - but your hypervisor would need to support 802.11q VLAN tagging. Not sure they do.

How about a firewall in the virtual machine? I could block all ports except 80 for everything but the printers.

That could work too...but if you let any traffic out of the VM on any port, it's conceivable that malware could use that.

It all depends on how paranoid you want to be. Given your wife's penchant for dodgy websites, I'd go with a more paranoid solution: a totally separate PC. Get her a nice big monitor, put Chrome OS or Linux on the PC, and put it on a separate VLAN.

I don't see how a separate PC would be any safer than a VM. Both still need internet access and printer access, which would give both the ability to compromise other machines on my LAN.

Not if you know what you are doing. In a normal setup, well configured, a PC on a LAN can't just go ahead and compromise another PC on the same LAN. In fact, that should NEVER be possible.