This is faulty logic. What are the odds that a disgruntled employee will do that? Very small. The odds are much greater that you will get killed in a car accident on the way to work but you don't drive a tank, right?
I am not saying you shouldn't take precautions against the various maladies out there, I'm saying you can go too far and go into overkill to protect yourself.
To add more fuel to the fire for the paranoid web browsers: Virtualization software can be exploited like other software get. Although probably not the first choice for malware writers, it should be perfectly possible to infect the host through the guest vm, by exploiting the virtualization software.
But even considering precautions against this as a real threat, would be like wearing 2 bullet proof wests as well as a bodyguard with you inside the tank, just in case a second invisible sniper sneaked into the tank without you noticing.
But then again, who knows?
Bottom line is protect both host and guest reasonably, as well as updating your virtualization software regularly.
Joakim
what kind of sites are you going to that you need to run inside a virtual machine? i mean are you looking at some mega pr0n?
ive never used internet security and very light anti malware / virus protection and ive never had a problem.
In most cases when browsing the things that will tend to find a way on your system are low key like data miners(tracking cookies), key loggers, trojan downloaders that themselves are tucked away nicely without you noticing them. Well not until later usually being the case when other bugs are imported or you step on a land mine such as looking over a spam email for a new av program that turns out to be a bogus I-Worm!
Surfing around with nothing at all being carefree for example would be an open invitation while despite what protections you have on something will eventually get through. The commonly heard adivce is quite simple. Multiple layers! Browsing while running a VM is less likely to see the host OS infected with that one extra layer offered by virtualization.
If and when the OS there on a VM gets hit you have the option of deleting the vhd entirely without risk to the host. Having some protection inplace there to let you know something has struck allows you the time to nuke the VM before anything can spread. That's having the next layer added.
So not everyone drives a tank to work? :S
I thought that was common practice now days....
There are several reasons to use a vm the most legal reason is an extra layer of security.
Another is the use of a full os proxy while having your host machine be normal. Say you like the Britans got talent series, most of there episodes are only avaliable in Europe.
The full os proxy can also be used for less legit reasons but I will not get into those....
The most commonly thought of reason for running a VM is actually not for simply browsing the web but running applications not compatible with the present host OS. I think most are aware of why the XP Mode was introduced for that reason.
The idea of leaving the main host OS untouched and secure is why VMs can serve multiple purposes which includes browsing without direct exposure to the various slippery malwares plus customizing things on a VM without risking the main OS. If something goes wrong the VM is simply removed.
Well I think one answer about browsing from a VM is you can run without any protections at risk or run with protections installed there and still get slammed or may see nothing at all. The VM has the main advantage however of adding a layer of isolation between that and the host OS.
I agree,
The company I work for manages hotel business centers. One of the companies we just bought out used a program called deep freeze. When the machine reboots anything hat was done on the machine is wiped and its like it was the last time it was configured. In a sense VM snapshots will work the same way. You get a virus, simply restore the snapshot from the last time you configured and its back to the way it was.
I have considered running a very similar setup strictly for sensitive surfing, bill paying, checking bank accounts, etc. Anything that would have information thats not good for malware to find.
Quote
