Go Back   AnandTech Forums > Software > Software for Windows

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 02-22-2013, 07:26 AM   #1
berryracer
Golden Member
 
berryracer's Avatar
 
Join Date: Oct 2006
Posts: 1,797
Question Do I need an AV in my VM?

I am running on Windows 7 Pro x64 with Bitdefender Antivirus Plus2013

I have setup Windows Server 2012 using VMWare Player for training purposes.

Do I also need to install an AV for the VMware OS or does my Bitdefender on Windows 7 protect me enough on both?
berryracer is offline   Reply With Quote
Old 02-22-2013, 08:02 AM   #2
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Ideally, yes, you should install it on any Windows machine regardless. The A/V on your host can't scan into the VM so in theory if you get hit in the VM it won't get detected unless it attempts to infect the host as well.

But in reality, all A/V products suck in different ways and I just tend to avoid them on my machines. You don't really need A/V if you use common sense while browsing and stick to known-good sites.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 02-22-2013, 08:42 AM   #3
seepy83
Golden Member
 
seepy83's Avatar
 
Join Date: Nov 2003
Posts: 1,927
Default

Quote:
Originally Posted by Nothinman View Post
But in reality, all A/V products suck in different ways and I just tend to avoid them on my machines. You don't really need A/V if you use common sense while browsing and stick to known-good sites.
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.

Last edited by seepy83; 02-22-2013 at 08:45 AM.
seepy83 is offline   Reply With Quote
Old 02-22-2013, 08:50 AM   #4
berryracer
Golden Member
 
berryracer's Avatar
 
Join Date: Oct 2006
Posts: 1,797
Default

Quote:
Originally Posted by seepy83 View Post
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.
thanks for the recommendation bro.

ill install an AV on the server in that case
berryracer is offline   Reply With Quote
Old 02-22-2013, 08:58 AM   #5
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by seepy83 View Post
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.
I'm aware of the CDNs and ad servers being broken into and distributing malware that way, but I've also seen so many infections on "protected" PCs running every brand of A/V that I begun to view A/V software as more trouble than it's worth. It's more akin to insurance in BlackJack, something that makes so little sense as to be not worth it.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 02-22-2013, 09:21 AM   #6
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,307
Default

Quote:
Originally Posted by seepy83 View Post
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.
You really shouldn't be browsing the web from 2012 server anyway. If you are really worried, I run the MS included MSE for my test VMs. I also browse (when needed) with firefox, adblock and no script. If a site needs more than that and it isn't "dell.com, hp.com, etc" I go to another workstation to get whatever I needed.
imagoon is online now   Reply With Quote
Old 02-22-2013, 09:35 AM   #7
seepy83
Golden Member
 
seepy83's Avatar
 
Join Date: Nov 2003
Posts: 1,927
Default

Quote:
Originally Posted by imagoon View Post
You really shouldn't be browsing the web from 2012 server anyway. If you are really worried, I run the MS included MSE for my test VMs. I also browse (when needed) with firefox, adblock and no script. If a site needs more than that and it isn't "dell.com, hp.com, etc" I go to another workstation to get whatever I needed.
I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.
seepy83 is offline   Reply With Quote
Old 02-22-2013, 10:17 AM   #8
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,307
Default

Quote:
Originally Posted by seepy83 View Post
I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.
I didn't realize that he didn't post that this is a test VM in this thread. I answered a question for him about another issue and he said it was test.

So yes, running with out antivirus in production is not the best idea. Test environments are a bit more optional.
imagoon is online now   Reply With Quote
Old 02-23-2013, 12:23 AM   #9
Red Squirrel
Lifer
 
Red Squirrel's Avatar
 
Join Date: May 2003
Location: Canada
Posts: 25,405
Default

Technically yes, but if you're not surfing the net or doing anything that involves the outside in the VMs, then you can get away without it.

For a strictly lab environment, you can also set it on a different vlan then block all the ports but RDP and other remote ports you may need if you're not working from the console.

This is especially important if the nature of your testing involves potentially getting it infected on purpose, as the virus can theoricly travel on the network and attack your production machine. Depends how it's coded and what it does, but always assume the worse.
__________________
~Red Squirrel~
486dx2 @66Mhz turbo, 8MB ram, 512MB HDD, sound blaster 16 + 2x cdrom, Trident 1MB video card @ 640*480, 56k high speed modem.
Red Squirrel is online now   Reply With Quote
Old 02-23-2013, 10:58 AM   #10
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by seepy83 View Post
I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.
I still recommend A/V to non-technical people, but I half feel like I'm cheating them because the A/V solutions out there suck so bad and have such a detrimental affect on your PC. I've been running a Win7 VM for work and now a Win8 one at home and haven't ever had an infection. And before you ask how I'm sure, I can't say with 100% certainty but then neither can you because your A/V is reactive and is missing signatures for a lot of exploits which haven't been made public yet.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 02-23-2013, 12:28 PM   #11
seepy83
Golden Member
 
seepy83's Avatar
 
Join Date: Nov 2003
Posts: 1,927
Default

Quote:
Originally Posted by Nothinman View Post
I still recommend A/V to non-technical people, but I half feel like I'm cheating them because the A/V solutions out there suck so bad and have such a detrimental affect on your PC. I've been running a Win7 VM for work and now a Win8 one at home and haven't ever had an infection. And before you ask how I'm sure, I can't say with 100% certainty but then neither can you because your A/V is reactive and is missing signatures for a lot of exploits which haven't been made public yet.
There's an old saying - "An ounce of prevention is worth a pound of cure". AntiVirus/AntiMalware packages are no silver bullet, but it's foolish to not use one. And there's heuristics-based detection in most of them these days that is designed to detect zero-days. Their effectiveness is low, but it's something. There is almost zero downside to installing one. I'd hate to not have one installed and end up thinking "Could have, should have, would have...", or worse yet have someone else saying "told you so".
seepy83 is offline   Reply With Quote
Old 02-23-2013, 07:51 PM   #12
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by seepy83 View Post
There's an old saying - "An ounce of prevention is worth a pound of cure". AntiVirus/AntiMalware packages are no silver bullet, but it's foolish to not use one. And there's heuristics-based detection in most of them these days that is designed to detect zero-days. Their effectiveness is low, but it's something. There is almost zero downside to installing one. I'd hate to not have one installed and end up thinking "Could have, should have, would have...", or worse yet have someone else saying "told you so".
But I'm still not letting someone drill a hole in my head to let out the pressure for a headache. Most A/V are akin to a hole in the head and I won't subject myself to that regardless of the very small, potential benefits. Every A/V has a significant negative affect on the OS because of the included filter driver and time required to scan every file on open, write, etc. Saying "There is almost zero downside to installing one." is disingenuous at best.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 02-24-2013, 10:58 AM   #13
seepy83
Golden Member
 
seepy83's Avatar
 
Join Date: Nov 2003
Posts: 1,927
Default

Quote:
Originally Posted by Nothinman View Post
But I'm still not letting someone drill a hole in my head to let out the pressure for a headache. Most A/V are akin to a hole in the head and I won't subject myself to that regardless of the very small, potential benefits. Every A/V has a significant negative affect on the OS because of the included filter driver and time required to scan every file on open, write, etc. Saying "There is almost zero downside to installing one." is disingenuous at best.
The performance impact of antivirus actively scanning files is practically non-existent on modern hardware. Yes, there is a performance impact and yes it can be measured. But it's not like modern hardware can't provide adequate I/O and processing times when A/V is installed. It should be thought of as part of the overhead of securing a system, and it should be planned for when systems are spec'd out.

There is always a trade-off between convenience and security. Whole disk encryption has performance downsides, too. But that doesn't mean that it shouldn't be used to protect mobile devices that need to store sensitive information.

I don't think that you and I are going to agree on this. But it definitely bothers me that someone asked a question about securing their system, and your response started out with a good recommendation but ended with "you don't really need A/V if you use common sense while browsing and stick to known-good sites." That's like saying that you don't need to wear a seatbelt to protect your safety if you only drive your car on roads that you're familiar with. You're not taking into account the actions of other drivers or anomalies you might encounter on a road that you've traveled umpteen times.
seepy83 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:55 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.