How safe is XP running in virtualbox ?

[some_guy]

I run Linux Mint mate 17 32-bit and XP in virtualbox for one program that runs with .net

I am concerned about the risks running XP which is no longer supported. Before XP was no longer supported I really didn't update it that much and have never had a problem.

How would you access the risks, beings that I am in virtualbox. I kind of assume the only risk would be the password of the program I run in virtualbox, and I kind of assume the risk is low. But I am questioning that. I really like the setup I have because it is so easy to move to another computer, and would prefer not to go to Windows 7 or 8 or 10.

Thanks.

 

[KillerBee]

Create a non-admin user to help cut down on all those unpatched vulnerabilities

avoid using Explorer web browser or disable networking if possible

 

[some_guy]

Create a non-admin user to help cut down on all those unpatched vulnerabilities

avoid using Explorer web browser or disable networking if possible

Thanks I will try that.

Since I am not very Windows savvy, this is my reading between the lines.

0. back up my virtual machine in case I mess up.

1. give admin a password.

2. add another user and/or activate the guest account that seems to be there but is turned off and give that a password.

3. Then when I boot I will have to log in.

Thanks.

 

[KillerBee]

if you are feeling adventurous you can try this hack
to install patches meant for Windows Embedded OS ^_^

http://www.ghacks.net/2014/05/24/get-security-updates-windows-xp-april-2019/

 

[Ketchup]

Will the VM be accessing the internet? If not, install XP, service pack 3, and call it done.

 

[some_guy]

Will the VM be accessing the internet? If not, install XP, service pack 3, and call it done.

The only program I run is a .net program which does access the internet. I rarely use a browser, and if so chrome to download a file ( like once a year).

 

[some_guy]

The only program I run is a .net program which does access the internet. I rarely use a browser, and if so chrome to download a file ( like once a year).

I was thinking about install zonealarm firewall.

And I was also thinking about Windows 7. I do have one of these http://www.ebay.com/itm/131434355813 and a COA that is on the laptop I am using. But I like that XP is leaner than 7.

 

[Ketchup]

I use XP on a few VMs. Some have access to the internet and some do not. IMO if you are running a specific program, you have far fewer concerns than a person who is downloading things from the internet, browsing sites they don't know, and opening attachments from people they don't know. As far as file downloads, you can always download them from the host and copy them over. I usually just use a shared folder, since I can open/run the files/app from there.

BTW, the regedit to keep getting updates does work.

 

[mv2devnull]

The only program I run is a .net program which does access the internet. I rarely use a browser, and if so chrome to download a file ( like once a year).

If the application does not need net, then there is no reason to have net access. Complete isolation. Accidental browsing is an unnecessary risk.

One can have net between the host and the VM, but the host does not need to route the traffic from VM to outside (and back). I use KVM+libvirt so I cannot tell how one configures VirtualBox for that.

You can download the files to the host and then transfer from host to VM. The "download" has additional step, but that is not much "once a year".

ketchup79's "shared folder" is one way to transfer, and that is probably a CIFS share, i.e. Samba on the host. If Samba runs on the host anyway, then that is ok. However, there is no need to set up Samba for rare copy operations. The host most likely has sshd. Install ssh-client to VM that can transfer files, before isolation.

 

[Red Squirrel]

You should be fine as long as it's behind a firewall, and don't use IE.

 

[some_guy]

You should be fine as long as it's behind a firewall, and don't use IE.

Would you put the firewall in linux or windows ?

 

[mv2devnull]

Or both. Or where-ever I know how to do it.

No. I still recommend the 'no network' option. It is simpler. It seems that it is called
"Host-only" in VirtualBox:
https://www.virtualbox.org/manual/ch06.html#network_hostonly

That is a very simple "firewall": no traffic goes through. That (deny all) should be the default of every firewall.

 

[FrankRamiro]

I run Linux Mint mate 17 32-bit and XP in virtualbox for one program that runs with .net

I am concerned about the risks running XP which is no longer supported. Before XP was no longer supported I really didn't update it that much and have never had a problem.

How would you access the risks, beings that I am in virtualbox. I kind of assume the only risk would be the password of the program I run in virtualbox, and I kind of assume the risk is low. But I am questioning that. I really like the setup I have because it is so easy to move to another computer, and would prefer not to go to Windows 7 or 8 or 10.

Thanks.

Bro just install Win XP the normal way, with the provided CD from Factory,
and if you don't have SP2 or Sp3 installed download them in another PC with a CD or USB and install,then install google chrome with Ublock and you will be fine, as long you don't browse in Shady sites,if you are careful on what you browse and download, win XP is till running fine even without support,also turn off win updates,and never connect to Internet before you have OPS in full installed.
I forget to tell you to install Google Chrome and Flash player you just browse for ESN3 then it will show this requires flash player then with it install chrome and flash player,that's the way i do things when i have to reinstall XP

 

[Red Squirrel]

Would you put the firewall in linux or windows ?

Talking more about a NAT firewall, basically any home router will do it and you should already be using one to protect your other systems anyway. Personally I like pfsense due to to it's better configurability and vlan support but any dlink or linksys type router will do too.

The way Windows typically gets exploited is when it's sitting directly on the internet and it's ports get exploited by worms and stuff. If it's behind a NAT this wont happen. The other attack vector is programs that connect to the internet, such as a web browser, so if you use an updated one you should be ok. I say should, because even updated programs have exploits in them, it's just they have not been patched yet. It's a viscous cycle. This days I think Chrome is one of the more secure browsers. Though Firefox is still light years ahead of IE6.

 

[WhoBeDaPlaya]

I run XP everyday on every system (in a VM). No issues.
Also still have one box that is on 24/7/365 that is still on XP (for legacy purposes).

 

[some_guy]

Sorry I haven't responded about the results. I don't like trying to help people on a thread and then they just disappear. Thanks you for this great help.

I haven't done much of anything yet for my life has been kind of stuck with "too little ram" but I didn't feel good about not following up, and wanted leave less hanging.

 

[manly]

Talking more about a NAT firewall, basically any home router will do it and you should already be using one to protect your other systems anyway. Personally I like pfsense due to to it's better configurability and vlan support but any dlink or linksys type router will do too.

The way Windows typically gets exploited is when it's sitting directly on the internet and it's ports get exploited by worms and stuff. If it's behind a NAT this wont happen. The other attack vector is programs that connect to the internet, such as a web browser, so if you use an updated one you should be ok. I say should, because even updated programs have exploits in them, it's just they have not been patched yet. It's a viscous cycle. This days I think Chrome is one of the more secure browsers. Though Firefox is still light years ahead of IE6.

By default, hypervisors like VirtualBox or VMware do bidirectional NAT for "guests". And like you said, in a typical home setup, you're using private IPs behind a consumer "router" already.

At this point, almost any browser is "light years" ahead of IE6, including IE10.

My primary machine is RAM constrained (3 GB) so WXP is still useful for small VMs. At the low end, you can get by with 128 MB RAM if you're not running GUI apps. Just a network service or two, for example.

As KillerBee mentioned, you can still get updates for WXP if you change it to the version that's sold for ATM kiosks.

 

[Magic Carpet]

if you are feeling adventurous you can try this hack
to install patches meant for Windows Embedded OS ^_^

http://www.ghacks.net/2014/05/24/get-security-updates-windows-xp-april-2019/

This what Microsoft said about this hack.

We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.

But sure you can use it at your own risk. Personally, I wouldn't bother updating XP SP3 at all but that's me.

I would not recommend using the XP POS Registry Hack - It's causing frequent Black Screen of Death on many of my XP machines. I have not determined which specific updates are the cause. I had this registry hack applied to all XP machines in my environment after a few weeks of problem free testing. I regret this because until sometime in July or early August 2015, nearly all machines started having problems. The systems were all stable and virus free due to a team of responsible users and enterprise AV and Firewall. To remedy the situation, I have been restarting problematic systems in safe mode and uninstalling recent updates. After uninstalling one update (Makes no difference which one) XP will boot without problems. The black screen of death issue is persistent and reoccurs regularly after unexpected shutdown from electrical storms, or from simply shutting a machine down over the weekend. I will say that I have a couple of machines that appear to be immune from the BKSOD and I have not had time to evaluate what makes them special. I have now decided to either upgrade existing computers to Win 7 or to replace.