Vm q?

[auen1]

I want to install another os on my computer, in addition to Windows 7.

Should I use Windows 7 built-in VM or are some 3rd party VM software better?


Thanks

[strollin]

If you have Win 7 Pro or Ultimate you can download XP Mode for it that comes complete with a licensed copy of XP. If XP is the OS you want to run in the VM then this would be my suggestion.

If you want to run a different OS, such as a Linux distro, then I would recommend VirtualBox as my virtual environment of choice.

[EzyStvy]

[auen1]

Thanks guys,
Yes, I am running 7 Ultimate and I want to install a Linux platform. I'll give VirtualBox a try.
I am wondering what key features make VirtualBox better than Win7 VM?

Thank for the insight.

[EzyStvy]

Try both and see for your self

MS VM use to not support USB devices which as since been corrected...

[strollin]

VirtualBox offers support for Linux and many other OSes as a Guest OS but MS VirtualPC does not support Linux, only XP, Vista and Win 7 are supported. It might work but MS does not support it.

[auen1]

I'm cleaning up a friends computer, (W7). He keeps getting virus's because of the shady places he likes to visit, (porn). Some of the virus's get by his security. So I am installing VirtualBox with W7 on it in the hope that the virus's will stay in there.

My questions:

Is this an ideal solution, other than not visiting those sites?

I'd still want to install anti-virus and disk cleaners, right?

I haven't learned exactly how yet or if its possible, but can I set a permanent restore point to where I finish working on this computer?

Thanks!

[GaryRouth]

Another idea, if he has patience for the darn thing to load =

A bootable Linux distro on a read-only DVD would let the customer do the dangerous browsing when booted from the DVD into Knoppix, Ubuntu, SUSE, etc. But the customer would have to deal with the slow boot. Since nothing is usually saved to the hard drive (but to a virtual hard drive in RAM), it's a fairly reasonable - though slow - alternative. And no system resources are taken from the current Windows installation.

Just a thought.
. . . Gary

[auen1]

Thanks Gary,
I hadn't thought of that. But I don't think he has the patience. Whatever I do needs to be as seamless and easy as possible. Otherwise he'll be lost.

Thanks for the suggestion.

What about a browser sandbox. Anyone know of a easy one to use?

Thanks!

[GaryRouth]

Too funny about the impatient customer. Might be the norm rather than the exception!
_______________

Google Chrome has a built-in sandbox, and it's not too bad. The Chrome sandbox has been defeated in the past in the pwn2own contests, but those exploits haven't been found in the wild, and Chrome is probably the quickest to patch their code. After all, they offer decent money to those able to point out vulnerabilities in Chrome. A tech on a security website offered a nice quick summary of its strategy:
1) It runs by default.
2) It works by splitting the browser up into various parts (Javascript renderer, Tabs, Extensions, and a few other areas).
3) All of those areas are run at Untrusted Integrity without file access.
4) For downloads: the "Broker" process handles them, making security decisions as to whether or not the writes are legitimate or not.
5) All of this together allows for a transparent sandbox where you never have to interact with it.

I find that avast antivirus has a fairly decent "Web Shield" component that is in all of their antivirus products (even the completely free Home edition) -- that I've seen block quite a few troublesome files [on one customer's computer in particular -- he has a lot of teenage kids!] ... I tend to install it on nearly all of my customers computers because it's free and has the strong Web/IM/P2P shields. The combination of Chrome as the default browser with a strong web shield from an antivirus product seems to help quite a bit.
_______________

I haven't looked recently, but I wonder if we might have some recommended tools here -over in the Security forum. Those techs really know their stuff.

I've been lucky with my defenders so far.

Good luck with your project
. . . Gary

[P.S. ... I imagine you've already disabled Java in your impatient friend's browsers . . . heavens, what a year for Java exploits ...]

[auen1]

He uses Chrome as his browser now, but perhaps it needs to be reconfigured to to sandbox properly. I'll also give Avast a go and see how that goes.

Thanks!

[GaryRouth]

Regarding Avast:
In the latest versions of Avast, from the main window there is a row of tabs on the left hand side of that window. One of the tabs reads "Real-time Shields". Clicking that tab brings up another screen, with a list of shields on the left. Five of the shields can have their security levels increased from "Medium" to "High" = File System shield, Web shield, Mail shield, IM shield, and P2P shield. Click on each shield's tab, then select the "Sensitivity" option button, and increase the setting to "High" -- do this for each of those five shields. It makes Avast much more effective.

The trick with installing avast is to decline any of their "free trials", "Internet Security Suites", "Professional versions", etc., and continue to select only the options for "free protection". There is no need to create an account with them either, a working email address will do - for which you can decline their offer to send email information (mainly about their new products).

The peer-to-peer (P2P) shield, in particular, has helped one of my customers a lot: his kids constantly use torrents, and this has stopped quite a bit of troublesome malware from getting through.

Let's hope 2013 is better than 2012 on the malware front.
. . . Gary