Firewall in a VirtualPC needed or not?

[CarvedDuck]

Hi, Just wondering if I need to have a firewall with the Guest OS in a Virtual PC. Currently I have an older version of Zonealarm in the Guest OS win2000 in VirtualPC 2007, I have Private Firewall 7.0 on the Host system (win7pro) and the router firewall is set to NAT or Medium depending on what I am doing. Seems to me, and I have been wrong before, that this may be overkill having three layers of firewall. Thoughts? Thanks

 

[Bongo]

You should treat your virtual PC just the same as your host PC, virtual PCs can get viruses or malware just like the host PC.

Jerry

 

[Saurabh A]

Hi CarvedDuck,

As suggested by Jerry, virtual PC may get infected and you may want to install an 'anti-virus / firewall' separately to keep it protected. The 'anti-virus' may or may not be the same as the one installed in the 'host machine'.

You may want to keep the virtual mode lighter for better performance; if infected, the infection would be confined to the virtual machine and may not impact the host system. I've also read about users, who even choose to 'disable' the 'security warning' in the 'Virtual PC'.

You may want to try both ways to see what works best for you.

 

[Kari]

Seems to me, and I have been wrong before, that this may be overkill having three layers of firewall.

Three layers? Sorry but only two. A virtual machine does not see / use / share host AV and firewall protection.

As other members have already told you a virtual machine is an independent system in your network. It does not use any protective measures of its host system, nor does its network traffic go through host system.

More information in this post: http://www.sevenforums.com/virtualization/273378-installing-os-virtual-machine.html#post2250115

Kari

 

[CarvedDuck]

It does not use any protective measures of its host system, nor does its network traffic go through host system.

Thanks, but I hate to disagree with you and others, but if I click the "Block Internet activity" of the host firewall, then Firefox and Opera within win2000 running in VPC2007, both return a "Server not found" error until I release the host firewall lock on the Internet.

 

[Kari]

It does not use any protective measures of its host system, nor does its network traffic go through host system.

Thanks, but I hate to disagree with you and others, but if I click the "Block Internet activity" of the host firewall, then Firefox and Opera within win2000 running in VPC2007, both return a "Server not found" error until I release the host firewall lock on the Internet.

You can disagree as much as you want to, it does not change the facts. The connection is shared, yes, but vm is an independent unit that can not and will not use your host AV and firewall.

It is exactly the same as if you would be using ICS, Internet Connection Sharing. Your main PC would be the only one connected to the Internet, and all other PCs in your network would share its connection, connecting first to this main PC and then further to Internet. Would you then also say you disagree, that those other PCs would not need AV and firewall because they are connected using ICS?

Often it's worth to think before posting, otherwise you might post something not so clever...

Kari

 

[CarvedDuck]

Often it's worth to think before posting, otherwise you might post something not so clever...

Kari, that is a little rude and uncalled for. This has nothing to do with "thinking," the fact is that with the Host win7pro Firewall, Private Firewall v7.0 set to block Internet activity, it prevents either Opera or Firefox within win2000 and the VPC2007 from accessing the Internet.

When I release that block, Opera and Firefox within win2000 and the VPC can then access the Internet.

Please try to read ALL of the post and then comment accordingly rather than just seizing on one or two words. Regardless of your theories or beliefs, with this set up, the Host Firewall is blocking data flow to the VPC, the Guest operating system and apps within it. I am seeing it with my own eyes.

As such, there seems to be no need to have a Firewall installed in the Guest operating system which is the point of my original question that I was looking to have confirmed or refuted in fact and not just in theory. I am unsure if the Host Firewall is actually Filtering the data flow or just turning it off and on when I select "Block."

 

[Layback Bear]

I think your question is answered quite well by Kari.

You can disagree as much as you want to, it does not change the facts. The connection is shared, yes, but vm is an independent unit that can not and will not use your host AV and firewall.

ICS

 

[Kari]

Please try to read ALL of the post and then comment accordingly rather than just seizing on one or two words. Regardless of your theories or beliefs, with this set up, the Host Firewall is blocking data flow to the VPC, the Guest operating system and apps within it. I am seeing it with my own eyes.

As such, there seems to be no need to have a Firewall installed in the Guest operating system which is the point of my original question that I was looking to have confirmed or refuted in fact and not just in theory. I am unsure if the Host Firewall is actually Filtering the data flow or just turning it off and on when I select "Block."

You are wrong but OK, it's not my business. Do with your virtual machines as you please. You misunderstand this whole concept and clearly do not know very much about virtualizing, creating an own theory refusing to believe you are not right.

Host firewall does not protect guest OS. It is completely, totally wrong to assume so. Of course it prevents guest to go to the Internet when it blocks all outgoing traffic from host; as in ICS, the host acts like a router or rather like an access point for the guests but only in the sense that it either allows guest network traffic or denies it. Nothing else. The same thing than disabling host NIC; guest has its own virtual NIC but it cannot communicate with outside world when host NIC is disabled or removed.

This is not my theory. It is not a theory at all. This is a commonly known fact. We need to think those future members and guests seeking advice and help in this thread, I do not want them to do foolish things not protecting their virtual machines because someone has decided he knows best and denies all the facts, stating something that is absolutely not true.

For those possible future readers of this thread, seeking answer in question "Does a vm need firewall and AV?": Yes, it does, as much as any other computer, physical or virtual in your network. As in ICS the host shares its network connection with guest and when its firewall is told to block all traffic, of course the traffic is also blocked from all those other computers sharing its connection. It is exactly the same as when using ICS. Other than that the host firewall and AV are not able to provide any assistance in protecting guest virtual machines, simply because a vm is a separate machine and software installed on one computer can not be run on another computer.

A virtual machine does not and will not use host's firewall and AV. Absolutely not.

Kari