Virtual machine: why use it?
There are plenty of reasons to use a virtual machine or VM from a security and privacy stand-point. In this blogpost, we will list some of them that will help you in preventing your device getting compromised.
Isolation from host operating system
The weakest link in every digital system is the big fat ‘human error’. We tend to make mistakes (for e.g., clicking on a suspicious link, opening a rogue attachment or word/excel documents with malicious macros, …). A virtual machine will limit the damage to itself, whereas the underlying host operating system will stay intact. Think of it in a context of ransomware. A VM will save your underlying host operating system data.
Quick recovery using snapshots
There are situations, where you might have a strong suspicion of a file being malicious. You might however have to open the file for professional reasons. VM applications allow you to take a “snapshot” (both manually and automatically) of the current configuration of the VM. If the file/or a service causes an unrecoverable problem in the VM, you can still easily revert to a previous snapshot of the VM with a stable state.
Virtual Machine Appliances are easy to replicate
Once you installed a guest operating system in a VM and completed all the applications and configurations, the VM can be saved as an ‘appliance’. This appliance can then be used later by another researcher, or student. You can easily copy and use it on another computer. For example, a user sets-up a complex configuration in a virtual machine allowing him/her to perform particular tasks and save a virtual appliance. In case of a security incident, where a malware takes control of the virtual machine – the user can simply plug back into that virtual appliance. It even helps in forensic activities where security researchers obtain an infected VM appliance (with or without the previous state) for investigative reasons.
Avoid the fingerprinting of your host OS
Most of the services we use online continuously track and profile us. This normally happens due to fingerprinting (uniquely identifying) our device. A Virtual Machine application allows you to avoid this by getting your VM fingerprinted instead of the host operating system. However, this requires proper configuration of your VM on network level (e.g., mode: NAT with no port forwarding, Internal network) to avoid any leakage of host operating system attributes (e.g., hostname, IP, …).
Testing suspicious softwares and files
VM applications allow you to suspend the virtual machine and save its state. This saves your VM in a specific state before shutting down the VM. For busy professionals or students this is very useful. For example a security researcher, or a sysadmin can switch to another task or shut down one’s host computer and then, when it is time to start experimenting/continuing the work again, he/she can start the VM in the same state it was when it was stopped. However, for security patches and updates this might require a reboot in certain cases.
Which Virtual Machine Application?
There are various proprietary products, but we will recommend open-source software that is free of charge. For e.g., VirtualBox (for Windows, GNU/Linux, MacOS), KVM (for GNU/Linux) and Xen (for GNU/Linux). They have the performance and functionality generally desired by the users. Above all, They will go a long way in safeguarding the stability of your host computer.
Virtual machines essentially help you creating a sandbox (a highly isolated and restrictive space). The programs you use e.g. internet browsers do the sandboxing work in the background to keep you secure. You can also use online service e.g., FilePreviews.io’s Sandboxing feature which allows you to quickly open up a file or link on their own website, without any risk of infection. However, this is not enough in many scenarios – and running a private virtual machine will go a long way in protecting your digital security on the whole.
– Mailfence Team