🔐 Virtual machines from a security point of view

[Man]

Virtual Machine -​

This is a virtual computer inside your computer. It is isolated from the "host", i.e. the main system, therefore malware will be practically unable to get out of the virtual machine and infect the main OS. It can be allocated a certain amount of resources (RAM, processor cores, screen resolution, memory size, etc.). And with its help you can easily change the fingerprints of your real hardware.

Overall, this is a great tool to increase your anonymity and security.

We need to select a hypervisor and a virtual machine manager.

Hypervisor -​

This is the main part of the virtual machine. Almost everything under the hood of the virtual machine is a hypervisor.

Virtual Machine Manager -​

This is a shell and convenience in configuring the virtual machine. You can use the hypervisor directly, but this is an option for more advanced users.

However, there are a lot of hypervisors and virtual machine managers, so which ones should you choose?

We IMMEDIATELY discard all virtual machines without fully open or FOSS source code - because without this it is extremely difficult to check what is actually "under the hood" of a virtual machine. And trusting corporations is not the best idea.

Hypervisors:​

• Virtualbox
• QEMU/KVM
• Xen

We immediately throw Virtualbox away, because:

1. Not fully open/free source code.

2. This virtual machine is relatively easy to hack, it is just a funny option compared to the others. This is not a serious tool and for real specialists it will not be difficult to bypass it.

3. Hypervisor type 2 - also not very good from a security point of view.

Now to the most effective solutions:

Xen is probably the most secure hypervisor on the market at the moment. However, there is a problem - it is definitely not an option for beginners. Running it is a whole story. If you want maximum security - take Xen. If you want a post about Xen and its features - write about it in the comments.

Qemu/KVM - the ratio of security/convenience. Suitable even for a beginner. Similar solutions are used by large corporations to ensure security (In this case, this is an indicator, since corporations rely on this technology and trust their data and money, often millions and billions of dollars.

Regarding virtual machine managers.

I recommend virtual manager - it provides a lot of interesting and useful functionality, and is also convenient and simple.

As an alternative, I can also offer gnome boxes, it has less functionality, but it is an even simpler and more convenient manager.

So, you have installed a virtual machine. Now, when you visit websites, you do not leave your real fingerprints and can even enable JavaScript without fear (after all, the hardware data will be transmitted about the virtual hardware of the virtual machine, not the real hardware). In addition to increasing anonymity, you also increase security, because if you catch some malware, it will be extremely difficult for it to get onto your host operating system and other virtual machines.

Now let's discuss how virtual machines are often hacked, bypassed, and so on.

Yes, a virtual machine can be hacked and often easily, here are some techniques:

1. Infection of shared folders.​

Often, for the convenience of transferring information from the host to the virtual machine and back, a shared folder is created - but it is worth understanding that this is a big security hole.

NEVER USE SHARED FOLDERS! This is a very common mistake that simply DESTROYS the security of your data and system. You don't even need special zero-day vulnerabilities to use such an attack and bypass a super-protected and sophisticated hypervisor.

2. Connectable external devices.​

Using the same flash drive that you connected to your computer and then transferred to the virtual machine, you can bypass virtualization and penetrate the host system. Even if it is not a flash drive, but, for example, a pluggable camera or microphone, or even headphones directly connected to the virtual machine - all of them can be a hole for access and infection of your host system.

3. Shared clipboard between virtual machine and host system -​

another hole through which your host system can be infected.

4. Attack on software indirectly related to virtualization -​

often different software is used together with virtual machines, you can think logically, what programs are used together with a virtual machine? For example, often, it is wireshark.

Well, and accordingly, they break wireshark and get to the host system. The attack is more applicable in more local cases, for example, in data center conditions, when a person from VPS wants to take possession of the hardware itself and control virtual machines.

5. Old, possibly vulnerable versions of software -​

everything is simple here, update all software on your computer to the latest version and check the relevance of the software version on the official websites of the projects.

In addition, it is worth understanding that a vulnerability, such as zeroday, may be found in the code, and the virtual machine may be hacked, even if you have protected yourself from the vectors specified above.

In addition, there is information that special services collect vulnerabilities for virtual machines, because this is a real cyber weapon.