Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

AV on a VM

Here you can post threads/topics about programs like vmware, parallels, qemu, virtualbox, dosbox and all the other virtual machines/emulators that exist. This includes how to setup, suggestions on what works well with MEPIS and what doesn't, etc.
Message
Author
User avatar
joany
Forum Veteran
Forum Veteran
Posts: 5919
Joined: Mon Feb 12, 2007 1:45 pm

AV on a VM

#1 Post by joany » Sat Jun 07, 2014 2:36 pm

I occasionally have to run Windows in VirtualBox because there are two applications I can't run any other way. I've always been a little worried about viruses infecting the VM, because one of those applications briefly connects to the Internet. The Microsoft web site strongly recommended Microsoft Essentials for all-in-one anti-spyware and anti-virus protection, so I drank the Kool-Aid and downloaded ME and installed it. I figured it wouldn't be all that invasive, but how very wrong I was about that.

You can either run ME in the background (recommended) or you can leave it "off" and just use it occasionally to scan the HDD. I followed the recommendation by letting it run in the background, and everything immediately ground to a screeching halt. I couldn't open any programs, even Windows Explorer, and I had very a hard time shutting ME off. I finally succeeded after 5 minutes of trying to open the danged ME window, but everything still ran slow as molasses afterward. So I rebooted.

The shutdown/reboot process took at least five times longer than normal, and when it finally started rebooting, I was greeted with the message, "Windows is updating." Windows is doing what??? Who ordered THAT?!

After Windows finished "updating," everything ran ultra slow, even with ME not running in the background. The VM was now practically useless for doing anything besides watching the little blue circle spinning 'round and 'round.

I went on-line and did some more research, and it seems that you need at least 4GB of RAM in order to run Microsoft Essentials. It takes four freakin' gigabytes to run one program? You must be kidding. Without ME installed, the VM ran like greased lightning with just 2GB allocated to it, so I suspect ME does a whole lot more than Microsoft is willing to disclose to the public. Installing it permanently rendered Windows FUBAR.

I didn't even try to remove Microsoft Essentials like a normal program, because I was now convinced that it's actually a virus, especially the "Windows is updating" part. So I simply replaced the entire VM with a backup copy I made a while ago. I'll run it without any AV protection from now on, and if it gets infected, so be it. When it does, I'll just replace the infected VM with a fresh copy.

Lesson learned.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
DBeckett
Forum Guide
Forum Guide
Posts: 2779
Joined: Sat May 16, 2009 3:59 pm

Re: AV on a VM

#2 Post by DBeckett » Sat Jun 07, 2014 2:59 pm

 
That's my "solution" too. I'm not going to stress about it. I just keep a clean backup copy of the XP VM handy.
Gigabyte 990FXA-UD3, AMD FX-6100 hex-core, 3.3GHz, 8G, Radeon HD6570

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 8867
Joined: Wed Jul 12, 2006 1:42 am

Re: AV on a VM

#3 Post by Adrian » Sat Jun 07, 2014 3:09 pm

VM has a snapshot feature, you can always snapshot it and then revert to the last good snapshot if you start to have problems.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4972
Joined: Sat Nov 11, 2006 10:42 pm

Re: AV on a VM

#4 Post by uncle mark » Sat Jun 07, 2014 5:13 pm

MSE is what I recommend and use in normal installs. Was this XP, or a later version? It's not lightweight, but a 4G RAM requirement is baloney. It does connect in the background to get updates, and will set other security settings to defaults. I've never installed it in a Win VM; it may have some incompatibilities in that environment.

If all you need is an on-demand scanner, I'd recommend MBAM v1.75. Technically it's not an antivirus, but it'll snag most all the prevalent baddies and will get a lot of things a conventional AV would miss.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
BitJam
Forum Guide
Forum Guide
Posts: 2472
Joined: Sat Aug 22, 2009 11:36 pm

Re: AV on a VM

#5 Post by BitJam » Sat Jun 07, 2014 5:46 pm

You mean one size does not actually fit all?

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4972
Joined: Sat Nov 11, 2006 10:42 pm

Re: AV on a VM

#6 Post by uncle mark » Sat Jun 07, 2014 7:03 pm

uncle mark wrote:MSE is what I recommend and use in normal installs. Was this XP, or a later version?
In fact, it just dawned on me that MSE will no longer install on XP -- it's all part of the MSFT EOL campaign for XP. If this was recent, and it was XP you installed it on, it wasn't MSE, it was an imposter. Burn that VM and start fresh.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
joany
Forum Veteran
Forum Veteran
Posts: 5919
Joined: Mon Feb 12, 2007 1:45 pm

Re: AV on a VM

#7 Post by joany » Sat Jun 07, 2014 7:52 pm

uncle mark wrote: In fact, it just dawned on me that MSE will no longer install on XP -- it's all part of the MSFT EOL campaign for XP. If this was recent, and it was XP you installed it on, it wasn't MSE, it was an imposter. Burn that VM and start fresh.
I installed it on Windows 7, and here's the web site where I got the installer: http://windows.microsoft.com/en-us/wind ... s-download

... and you're right, "windows.microsoft.com" isn't the same as the official MS site "www.microsoft.com".

Here's the official Microsoft web site -- at least I think it's official -- where I found another installer: http://www.microsoft.com/en-us/download ... px?id=5201

The file from the first web site uses all lower case letters in the file name, where the other one uses capital letters:

"windows.microsoft.com": mseinstall.exe
"www.microsoft.com": MSEInstall.exe

But here's the clincher: Both installers I downloaded have the same md5sum hash code: b236d2b63ba0ae6eb0919e98bc9d01b7

... so they're exactly the same file.

I believe Microsoft could have changed this product recently, and so some of the comments I read on message boards dating from 2010-13 may not be 100% accurate. Nevertheless, quite a few people on those boards complained about Essentials chewing up a lot of CPU and RAM on fairly modern machines. Although Microsoft lists the "system requirements" for Essentials as being the same system requirements as the operating systems it's installed on, some people reported their RAM usages jumped by as much as 1.5GB after installing it.

I suspect the only reason that Microsoft claims that Security Essentials "won't install" on WinXP is simply because Microsoft no longer supports WinXP in any way, shape or form. You could probably install it on WinXP if you tried.
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver
You didn't slow down because you're old; you're old because you slowed down.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4972
Joined: Sat Nov 11, 2006 10:42 pm

Re: AV on a VM

#8 Post by uncle mark » Sat Jun 07, 2014 8:01 pm

joany wrote:
uncle mark wrote: In fact, it just dawned on me that MSE will no longer install on XP -- it's all part of the MSFT EOL campaign for XP. If this was recent, and it was XP you installed it on, it wasn't MSE, it was an imposter. Burn that VM and start fresh.
I installed it on Windows 7...
Okay, not that then.
I suspect the only reason that Microsoft claims that Security Essentials "won't install" on WinXP is simply because Microsoft no longer supports WinXP in any way, shape or form. You could probably install it on WinXP if you tried.
The installer won't run. Detects XP, quits and says the OS is not spported.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
Gordon Cooper
Forum Guide
Forum Guide
Posts: 1985
Joined: Mon Nov 21, 2011 5:50 pm

Re: AV on a VM

#9 Post by Gordon Cooper » Sun Jun 08, 2014 12:55 am

Thanks to all for an interesting thread. I run XP (and refuse to upgrade) on an old Toshiba
so I can attempt to answer questions on a group (using some MS software) that I moderate. The
Toshiba (and me) have battled on for several years without any virus protection and I had
been thinking about MS Essentials.

Joany, molasses runs quicker if you heat it - much more of the same treament seems suitable for MSE.

User avatar
tascoast
Forum Guide
Forum Guide
Posts: 1084
Joined: Sat Aug 06, 2011 4:58 am

Re: AV on a VM

#10 Post by tascoast » Sun Jun 08, 2014 1:26 am

It's convenient for me having XP VMs updated to the retirement of support. I've cloned some 'core builds' to an external drive as cleanly cloned *.vdi folders (20GB fixed to provide adequate workspace if needed). In a sense the external HDD has provided this avenue and strategy, plus freed up the PC for other installs like MX-14 and M12.

I presume in theory someone might corrupt a VM and somehow breach VB or file systems to attack Linux or some hardware function but it seems unlikely in typical operation. Thus just replacing with a VM at the moment anything strange occurs seems adequate in the medium-term. As for AV, I've tried Avira/Avast in a VB with XP and found them adequate prior to replacing XP with Mepis and Co.

This presumes no banking or other sensitive activity is done via a VM as a general precaution, user complacency being a common opportunity for attack. I have also limited VM access to USB devices only for additional storage/transfer.

Uncle Mark is right re MSE I think, being somewhat irrelevant, insofar as definitions and security only extend to historically identified issues as I understand it, so of limited (although some) use to have installed.
Lenovo ThinkCentre A58 4GBRAM, MX-16 RC1/MX14.04/MX-15.01/antiX16(64-bit)-Aspire One D255E 1.66GHz, 512KB cache, 1GB RAM-MX-15.01/W10

Post Reply

Return to “VMs/Emulators”