Anoob Posted October 31, 2017 Share Posted October 31, 2017 Hello. I have seen Linus do 2 gamers 1 PC and would like to do something similar but not sure how security works. If one of the win 10 VMs becomes infected with malware, can that spread from 1 VM to the other VM? How can I stop that from happening? Thank you. Quote Link to comment
ashman70 Posted October 31, 2017 Share Posted October 31, 2017 Malware can spread to shares on a network, if the shares are password protected you should be ok. The bigger question is, how do you backup your VM so that if does get attacked by malware, you can restore it? Quote Link to comment
Anoob Posted October 31, 2017 Author Share Posted October 31, 2017 (edited) 24 minutes ago, ashman70 said: Malware can spread to shares on a network, if the shares are password protected you should be ok. The bigger question is, how do you backup your VM so that if does get attacked by malware, you can restore it? Hmm, Not sure. I have thought of a less graceful workaround to keep 2 Win10s separate from infecting each-other. Correct me if I am wrong while I explain my idea. Have both win10s installed on separate drives (not using unraid in this example) and in BIOS only boot the HDD or SSD that needs to be used at that moment. Theoretically that should keep an infected file from reaching other storage media. However I am not sure if disabling a drive in BIOS means it is truly disabled. The downside is that you can only use 1 win10 image at a time and not both at once, thus for me that is ok as I only need one to test things. This should give me maximum speed as well which any VM other than Unraid would not have been able to pull off easily. Do you think this might work? I am open to suggestions, and I am ok with only one image being operational at a time. Edited October 31, 2017 by Anoob Quote Link to comment
primeval_god Posted October 31, 2017 Share Posted October 31, 2017 Disclaimer: I am not a security expert, nor even well versed in the IT security. Take the following with a huge grain of salt. And please correct me if I am wrong in any way, I would very much like to know. It all depends on your level of paranoia/security needs. If two windows machines are on the same network (even on separate hardware) with access to the same shared folders or sharing folder between them, malware could spread between them. Even if only one is on at a time there is potential for malware to spread between them, by infecting a folder they would both have access to (say on a NAS). If they dont share access to folders, then that is more secure, but there are still some forms of malware that might spread through vulnerabilities in network stacks. With two machines virtualization on the same hardware there is another avenue for attack, which are exploits that would allow malware to escape the VM, infect the host, and then further infect other VMs on the system. While such exploits are possible, they are less common. If you are running two windows VMs on unRAID and you don't give them access to the same user shares (or have them both accessing a read only share), ensure that the windows security options are setup to prevent sharing between the machines, run firewall/Antivirus/Anti-Malware program(s) on both, then you have a reasonably secure setup. Probably secure enough for most home users, unless you have particularly sensitive data or are taking part in particularly risky online activities. What you are suggesting above sounds like overkill to me, but I say that without a clear picture of what you are planning on using the windows VMs for. Quote Link to comment
Anoob Posted November 2, 2017 Author Share Posted November 2, 2017 Thank you for the reply I agree with all the above. Thankfully I am paranoid enough that I take the extra steps so I don't have any surprises and I turn off features that I don't need like network file/printer sharing. I suppose the unraid set-up will work quite well and keep things safe with precautions. But I am paranoid...so I decided on several extra steps to lower my anxiety, lol I bought these easy to remove 5.25" to 3.5" hdd and 5.25' to 2.5" ssd enclosures that fit inside the top tower slots at the front where the CDplayer normally goes. They are basically what you use to hot swap. Thou I will not be hot swaping. Each enclosure will have different storage media with a different OS for Windows, Linux, older Windows, etc. The principle is to only plug in one OS hdd/ssd at a time for when I need it and leave the rest unplugged. Yes. It is more work, but easy. Pop one out slightly and push a different one in. It's a full tower case so the ones not in use will just barely be unplugged and pulled out just an inch or so. There are no kids around so there won't be any accidents with this setup. This way there is no way something can spread from one OS to the other as there is never more than one OS attached at a time. I also took precautions not to infect one with another so there will be no shared media among them. Unfortunately, with this setup I do lose the advantage of unraid simplicity, parity and having dual or more VMs on at once. But that is a trade off that is well worth the increased security and lowering my anxiety, plus this way I get to touch my PC case more often (Giggity ) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.