Do I need an AV in my VM?

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
I am running on Windows 7 Pro x64 with Bitdefender Antivirus Plus2013

I have setup Windows Server 2012 using VMWare Player for training purposes.

Do I also need to install an AV for the VMware OS or does my Bitdefender on Windows 7 protect me enough on both?
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Ideally, yes, you should install it on any Windows machine regardless. The A/V on your host can't scan into the VM so in theory if you get hit in the VM it won't get detected unless it attempts to infect the host as well.

But in reality, all A/V products suck in different ways and I just tend to avoid them on my machines. You don't really need A/V if you use common sense while browsing and stick to known-good sites.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
But in reality, all A/V products suck in different ways and I just tend to avoid them on my machines. You don't really need A/V if you use common sense while browsing and stick to known-good sites.

That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.
 
Last edited:

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.

thanks for the recommendation bro.

ill install an AV on the server in that case
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.

I'm aware of the CDNs and ad servers being broken into and distributing malware that way, but I've also seen so many infections on "protected" PCs running every brand of A/V that I begun to view A/V software as more trouble than it's worth. It's more akin to insurance in BlackJack, something that makes so little sense as to be not worth it.
 

imagoon

Diamond Member
Feb 19, 2003
5,199
0
0
That's a very poor recommendation. Even "known-good sites" can be compromised. Please refer to nbc.com and a handful of other nbc-affiliated websites dishing out the Citadel Trojan yesterday. You will see more attacks like this in the future...that's pretty much a guarantee.

OP - you want to take precautions to maintain security? A/V installed on every host (physical or virtual), and patch your O/S and applications regularly. Those are minimum precautions.

You really shouldn't be browsing the web from 2012 server anyway. If you are really worried, I run the MS included MSE for my test VMs. I also browse (when needed) with firefox, adblock and no script. If a site needs more than that and it isn't "dell.com, hp.com, etc" I go to another workstation to get whatever I needed.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
You really shouldn't be browsing the web from 2012 server anyway. If you are really worried, I run the MS included MSE for my test VMs. I also browse (when needed) with firefox, adblock and no script. If a site needs more than that and it isn't "dell.com, hp.com, etc" I go to another workstation to get whatever I needed.

I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.
 

imagoon

Diamond Member
Feb 19, 2003
5,199
0
0
I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.

I didn't realize that he didn't post that this is a test VM in this thread. I answered a question for him about another issue and he said it was test.

So yes, running with out antivirus in production is not the best idea. Test environments are a bit more optional.
 

Red Squirrel

No Lifer
May 24, 2003
69,287
13,030
126
www.anyf.ca
Technically yes, but if you're not surfing the net or doing anything that involves the outside in the VMs, then you can get away without it.

For a strictly lab environment, you can also set it on a different vlan then block all the ports but RDP and other remote ports you may need if you're not working from the console.

This is especially important if the nature of your testing involves potentially getting it infected on purpose, as the virus can theoricly travel on the network and attack your production machine. Depends how it's coded and what it does, but always assume the worse.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I wouldn't recommend unnecessarily browsing the web from a Server either. But that's really secondary to the question that was asked. Every host should be running updated antivirus software, and every host should be patched in a timely manner.

In a purely test environment where someone is just spinning up a 2012 server to get their feet wet with it? Alright, maybe you don't "need" A/V installed. But to make a blanket statement that A/V is unnecessary and you can prevent infections by browsing only "known-good sites" is downright wrong.

I still recommend A/V to non-technical people, but I half feel like I'm cheating them because the A/V solutions out there suck so bad and have such a detrimental affect on your PC. I've been running a Win7 VM for work and now a Win8 one at home and haven't ever had an infection. And before you ask how I'm sure, I can't say with 100% certainty but then neither can you because your A/V is reactive and is missing signatures for a lot of exploits which haven't been made public yet.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
I still recommend A/V to non-technical people, but I half feel like I'm cheating them because the A/V solutions out there suck so bad and have such a detrimental affect on your PC. I've been running a Win7 VM for work and now a Win8 one at home and haven't ever had an infection. And before you ask how I'm sure, I can't say with 100% certainty but then neither can you because your A/V is reactive and is missing signatures for a lot of exploits which haven't been made public yet.

There's an old saying - "An ounce of prevention is worth a pound of cure". AntiVirus/AntiMalware packages are no silver bullet, but it's foolish to not use one. And there's heuristics-based detection in most of them these days that is designed to detect zero-days. Their effectiveness is low, but it's something. There is almost zero downside to installing one. I'd hate to not have one installed and end up thinking "Could have, should have, would have...", or worse yet have someone else saying "told you so".
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
There's an old saying - "An ounce of prevention is worth a pound of cure". AntiVirus/AntiMalware packages are no silver bullet, but it's foolish to not use one. And there's heuristics-based detection in most of them these days that is designed to detect zero-days. Their effectiveness is low, but it's something. There is almost zero downside to installing one. I'd hate to not have one installed and end up thinking "Could have, should have, would have...", or worse yet have someone else saying "told you so".

But I'm still not letting someone drill a hole in my head to let out the pressure for a headache. Most A/V are akin to a hole in the head and I won't subject myself to that regardless of the very small, potential benefits. Every A/V has a significant negative affect on the OS because of the included filter driver and time required to scan every file on open, write, etc. Saying "There is almost zero downside to installing one." is disingenuous at best.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
But I'm still not letting someone drill a hole in my head to let out the pressure for a headache. Most A/V are akin to a hole in the head and I won't subject myself to that regardless of the very small, potential benefits. Every A/V has a significant negative affect on the OS because of the included filter driver and time required to scan every file on open, write, etc. Saying "There is almost zero downside to installing one." is disingenuous at best.

The performance impact of antivirus actively scanning files is practically non-existent on modern hardware. Yes, there is a performance impact and yes it can be measured. But it's not like modern hardware can't provide adequate I/O and processing times when A/V is installed. It should be thought of as part of the overhead of securing a system, and it should be planned for when systems are spec'd out.

There is always a trade-off between convenience and security. Whole disk encryption has performance downsides, too. But that doesn't mean that it shouldn't be used to protect mobile devices that need to store sensitive information.

I don't think that you and I are going to agree on this. But it definitely bothers me that someone asked a question about securing their system, and your response started out with a good recommendation but ended with "you don't really need A/V if you use common sense while browsing and stick to known-good sites." That's like saying that you don't need to wear a seatbelt to protect your safety if you only drive your car on roads that you're familiar with. You're not taking into account the actions of other drivers or anomalies you might encounter on a road that you've traveled umpteen times.