Do I need an AV in my VM?

Discussion in 'Software for Windows' started by berryracer, Feb 22, 2013.

  1. berryracer

    berryracer Platinum Member

    Joined:
    Oct 4, 2006
    Messages:
    2,769
    Likes Received:
    1
    I am running on Windows 7 Pro x64 with Bitdefender Antivirus Plus2013

    I have setup Windows Server 2012 using VMWare Player for training purposes.

    Do I also need to install an AV for the VMware OS or does my Bitdefender on Windows 7 protect me enough on both?
     
  2. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    Ideally, yes, you should install it on any Windows machine regardless. The A/V on your host can't scan into the VM so in theory if you get hit in the VM it won't get detected unless it attempts to infect the host as well.

    But in reality, all A/V products suck in different ways and I just tend to avoid them on my machines. You don't really need A/V if you use common sense while browsing and stick to known-good sites.
     
  3. seepy83

    seepy83 Platinum Member

    Joined:
    Nov 12, 2003
    Messages:
    2,132
    Likes Received:
    0
    That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

    OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.
     
    #3 seepy83, Feb 22, 2013
    Last edited: Feb 22, 2013
  4. berryracer

    berryracer Platinum Member

    Joined:
    Oct 4, 2006
    Messages:
    2,769
    Likes Received:
    1
    thanks for the recommendation bro.

    ill install an AV on the server in that case
     
  5. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    I'm aware of the CDNs and ad servers being broken into and distributing malware that way, but I've also seen so many infections on "protected" PCs running every brand of A/V that I begun to view A/V software as more trouble than it's worth. It's more akin to insurance in BlackJack, something that makes so little sense as to be not worth it.
     
  6. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    You really shouldn't be browsing the web from 2012 server anyway. If you are really worried, I run the MS included MSE for my test VMs. I also browse (when needed) with firefox, adblock and no script. If a site needs more than that and it isn't "dell.com, hp.com, etc" I go to another workstation to get whatever I needed.
     
  7. seepy83

    seepy83 Platinum Member

    Joined:
    Nov 12, 2003
    Messages:
    2,132
    Likes Received:
    0
    I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

    In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.
     
  8. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    I didn't realize that he didn't post that this is a test VM in this thread. I answered a question for him about another issue and he said it was test.

    So yes, running with out antivirus in production is not the best idea. Test environments are a bit more optional.
     
  9. Red Squirrel

    Red Squirrel Lifer

    Joined:
    May 24, 2003
    Messages:
    40,846
    Likes Received:
    1,260
    Technically yes, but if you're not surfing the net or doing anything that involves the outside in the VMs, then you can get away without it.

    For a strictly lab environment, you can also set it on a different vlan then block all the ports but RDP and other remote ports you may need if you're not working from the console.

    This is especially important if the nature of your testing involves potentially getting it infected on purpose, as the virus can theoricly travel on the network and attack your production machine. Depends how it's coded and what it does, but always assume the worse.
     
  10. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    I still recommend A/V to non-technical people, but I half feel like I'm cheating them because the A/V solutions out there suck so bad and have such a detrimental affect on your PC. I've been running a Win7 VM for work and now a Win8 one at home and haven't ever had an infection. And before you ask how I'm sure, I can't say with 100% certainty but then neither can you because your A/V is reactive and is missing signatures for a lot of exploits which haven't been made public yet.
     
  11. seepy83

    seepy83 Platinum Member

    Joined:
    Nov 12, 2003
    Messages:
    2,132
    Likes Received:
    0
    There's an old saying - "An ounce of prevention is worth a pound of cure". AntiVirus/AntiMalware packages are no silver bullet, but it's foolish to not use one. And there's heuristics-based detection in most of them these days that is designed to detect zero-days. Their effectiveness is low, but it's something. There is almost zero downside to installing one. I'd hate to not have one installed and end up thinking "Could have, should have, would have...", or worse yet have someone else saying "told you so".
     
  12. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    But I'm still not letting someone drill a hole in my head to let out the pressure for a headache. Most A/V are akin to a hole in the head and I won't subject myself to that regardless of the very small, potential benefits. Every A/V has a significant negative affect on the OS because of the included filter driver and time required to scan every file on open, write, etc. Saying "There is almost zero downside to installing one." is disingenuous at best.
     
  13. seepy83

    seepy83 Platinum Member

    Joined:
    Nov 12, 2003
    Messages:
    2,132
    Likes Received:
    0
    The performance impact of antivirus actively scanning files is practically non-existent on modern hardware. Yes, there is a performance impact and yes it can be measured. But it's not like modern hardware can't provide adequate I/O and processing times when A/V is installed. It should be thought of as part of the overhead of securing a system, and it should be planned for when systems are spec'd out.

    There is always a trade-off between convenience and security. Whole disk encryption has performance downsides, too. But that doesn't mean that it shouldn't be used to protect mobile devices that need to store sensitive information.

    I don't think that you and I are going to agree on this. But it definitely bothers me that someone asked a question about securing their system, and your response started out with a good recommendation but ended with "you don't really need A/V if you use common sense while browsing and stick to known-good sites." That's like saying that you don't need to wear a seatbelt to protect your safety if you only drive your car on roads that you're familiar with. You're not taking into account the actions of other drivers or anomalies you might encounter on a road that you've traveled umpteen times.