Virtual machines: school me

[Markbnj]

Allow me to admit my ignorance. I haven't messed around with virtualization much. I've run a few packaged VMs for various reasons, mostly when they've been set up by IT and made available to me for some development purpose.

Recently I needed to run a utility that wouldn't execute on Windows 7 64-bit, so I downloaded the pre-packaged "Windows XP Mode" VM for Windows 7. Pretty slick, and it solved my problem... but it got me wondering about a couple of things.

The first thing was that when I started the VM it complained about auto-updates not being turned on, and the lack of virus protection. Does it make sense to update a VM? Is it vulnerable to viruses or are the system files being restored every time? You can install software into it, so I assume it is vulnerable.

Where is the disk storage for the VM? The image itself is 512mb, which I think reflects the memory footprint. But I haven't found the actual storage location for the virtual hard disk. Since installed programs are persistent in the VM it must be changing bits on my disk somewhere.

 

[Nothinman]

I think XP mode is a special case, but in general you should treat VMs just as you would a physical machine. That means any A/V, updates, etc should all apply. Most VM software supports snapshotting so that you can take a snapshot and then roll back to it later, but again XP mode is special so I don't know if that applies.

 

[Binky]

XP mode is a full licenced version of XP running inside of a dynamically-expanding virtual "hard drive" that appears to you to be a single large file. As you install software or updates, this file will grow in size. It can get infected but in general, the infection will not be able to spread to the host machine. You can run it as-is (no updates or virus protection) but it will be naked and exposed to the world, which may or may not be an issue depending on what you do with the virtual XP machine.

If you browse web pages and/or open unknown executables, you should consider updates and virus protection. MS Security Essentials works well enough and it's free.

 

[Nothinman]

It can get infected but in general, the infection will not be able to spread to the host machine.

That's not true. The XP VM has full network access so the host is just as vulnerable as it would be if someone plugged an infected machine into the network. And since it's just a pre-packaged version of VPC it would also be vulnerable to any exploits for VPC that might allow a malicious program to escape the VM.

 

[jsedlak]

That's not true. The XP VM has full network access so the host is just as vulnerable as it would be if someone plugged an infected machine into the network. And since it's just a pre-packaged version of VPC it would also be vulnerable to any exploits for VPC that might allow a malicious program to escape the VM.

This. Either disable the networking, know what you are doing, or run AV software.

Does the XPVM show up under the Virtual PC management? I would think that it does, but I haven't tried it and am curious whether it gets special treatment.

 

[Markbnj]

Thanks for the replies, guys. The XP VM shows up under VPC management, and in all respects if seems to be essentially just a pre-built image, and as far as I can see you can do anything to it that you can do with any other VPC image.

Also, in addition to its having network access the image automatically gets shares to all the storage devices on the host machine, so I lean toward Nothinman's interpretation with regard to vulnerability.

Edit: just did a little research and fooling around. You can manage the XP Mode image just like any other image. I just went in as a test and turned off all but two of the shares. You just have to shut down the machine, rather than hibernate, to access settings that affect the operating environment. Cold start seems to take about three times as long as resuming.

In terms of virus recovery they offer an "Undo Disk" which records all your changes to the virtual hard disk, and then offers to commit them or roll them back at shutdown.

As far as the host is concerned, well, from the logged-in default user (XPMUser/Administrators) in the VM I have a share to C: on the host system, and can read the system32 directory of the running Windows 7 host. I didn't try to write it, but that seems pretty vulnerable to me. I didn't see anywhere on that system disk I couldn't go. So the undo disk thing is good protection for the VM, but its not doing much to help the host if you allow that default C: share.

How many viruses are smart enough to try and find another operating system to infect over a share?

Edit2: for kicks I did try pasting a text file to various places on the shared system drive, and access was denied to everything I tried except ProgramData.

 

[Nothinman]

I didn't get to use the XP mode stuff myself since my laptop doesn't support VT extensions (yay for arbitrary restrictions) but treat it like a physical machine on your network and you should be fine.

 

[DaveSimmons]

FYI, VMWare Workstation is reasonably priced (under $200) and works well. It lets you install pretty much any guest OS you want, including a 64-bit Windows guest on a 32-bit host.

MS has mostly abandoned desktop VM development and VPC never was as full-featured as VMWare.

 

[Markbnj]

FYI, VMWare Workstation is reasonably priced (under $200) and works well. It lets you install pretty much any guest OS you want, including a 64-bit Windows guest on a 32-bit host.

MS has mostly abandoned desktop VM development and VPC never was as full-featured as VMWare.

That's probably true, but for what I need free beats under $200 by a large margin 🙂.

I created a linux vm tonight for kicks. I have Debian on another machine in the office, so I don't really need a nix vm, but wanted to see how it worked. I wasn't able to get Debian 5.04 to install. The i386 version complained of a processor error and shut down. I was able to get Ubuntu on with no problems other than that it failed the restart portion at the end, and I had to force it.

The interaction with the mouse isn't as seamless as with a windows guest, but it's still pretty cool 🙂.

Edit: seems like VirtualBox might be worth a try. Anyone use it?

 

[Cogman]

I'm currently using virtual box. It is MUCH better then microsofts virtual PC (many more "tinkering" options to play with). It was easy to install, and even offers some 3d acceleration. As a bonus, you can even install/use USB devices in the virtual machine (if you so choose).

 

[jsedlak]

That's probably true, but for what I need free beats under $200 by a large margin 🙂.

Heh. I was reading an article about this very issue (Microsoft Hyper-V vs. VMware) and the conclusion was that Microsoft's goal wasn't to be competitive right off the bat but gain users by being a free role under WS. Funny to see how true it is; I went with Hyper-V because I get WS2008R2 free through MSDN.

I'm currently using virtual box. It is MUCH better then microsofts virtual PC (many more "tinkering" options to play with). It was easy to install, and even offers some 3d acceleration. As a bonus, you can even install/use USB devices in the virtual machine (if you so choose).

You can do this in VPC/Hyper-V as well. My local VMs pick up on my Xbox 360 receiver.

 

[degibson]

I'll chime in as an advocate for VirtualBox. Its full-featured, free, and open-source.
http://www.virtualbox.org/

 

[Nothinman]

Heh. I was reading an article about this very issue (Microsoft Hyper-V vs. VMware) and the conclusion was that Microsoft's goal wasn't to be competitive right off the bat but gain users by being a free role under WS. Funny to see how true it is; I went with Hyper-V because I get WS2008R2 free through MSDN.

Exactly, they know they can't win out on features so they bundle it for free in the hopes that you'll try it first before looking at a 3rd party like VMware or Citrix Xen. And you fell for it.

 

[Modelworks]

FYI, VMWare Workstation is reasonably priced (under $200) and works well. It lets you install pretty much any guest OS you want, including a 64-bit Windows guest on a 32-bit host.

MS has mostly abandoned desktop VM development and VPC never was as full-featured as VMWare.

MS hasn't given up on VM, they in fact are dedicating a ton of resources for it. Windows 8 will have it as a primary feature where all applications can run within their own VM so that one cannot affect the other. Also makes security easy because each application is locked up in its own VM.

They are going the hypervisor route where the OS kernel is the server and the applications the clients. This also lets them move to the next step, a server online in a cloud system that host the entire OS.

 

[DaveSimmons]

MS hasn't given up on VM, they in fact are dedicating a ton of resources for it. Windows 8 will have it as a primary feature where all applications can run within their own VM so that one cannot affect the other. Also makes security easy because each application is locked up in its own VM.

They are going the hypervisor route where the OS kernel is the server and the applications the clients. This also lets them move to the next step, a server online in a cloud system that host the entire OS.

They are also doing a lot of work on server consolidation through VMs.

What they aren't doing is improving the original use of VMs, to install arbitrary guest OSs on your desktop for testing and development. That's why I specified "desktop" VMware vs. VPC.

 

[Markbnj]

I just downloaded VirtualBox and will give that a try tonight. At the least I expect it to be a better host for the Ubuntu VM because it gives you more screen resolution options. At the moment I can't seem to get more than 800x600 out of whatever virtual display device Virtual PC is providing.

 

[degibson]

I just downloaded VirtualBox and will give that a try tonight. At the least I expect it to be a better host for the Ubuntu VM because it gives you more screen resolution options. At the moment I can't seem to get more than 800x600 out of whatever virtual display device Virtual PC is providing.

I don't know if your problem is Virtual PC-specific or not, but the guest OS needs to have appropriate drivers for the virtualized display hardware. VMWare has a driver pack called "VMWare Tools" that essentially explains to the guest OS that it is running in a VM and gives the guest OS better hooks to use the virtualized devices. VirtualBox probably has something similar, but its been awhile since I tried to have a desktop-class machine on a VM.

 

[Markbnj]

I don't know if your problem is Virtual PC-specific or not, but the guest OS needs to have appropriate drivers for the virtualized display hardware. VMWare has a driver pack called "VMWare Tools" that essentially explains to the guest OS that it is running in a VM and gives the guest OS better hooks to use the virtualized devices. VirtualBox probably has something similar, but its been awhile since I tried to have a desktop-class machine on a VM.

Yeah it's called Guest Additions in Virtual Box, and something like "Integration Features" in Virtual PC.

I installed and messed around with Virtual Box tonight. It's definitely more full-featured that VPC, and works better with Ubuntu. Since I only need 32-bit guests at the moment, I don't see a huge difference in choosing between them... but VirtualBox has guest additions for Linux that enable seamless mouse and desktop integration as well as desktop resizing. If it works as well for XP then that alone is enough to get me to uninstall VPC.

Interesting thing... when the last VPC VM is shut down it leaves a host process running, and this causes VirtualBox to complain that it can't run in the current environment. Everything reverts to normal if you kill the process. VirtualBox does not leave any such roadblocks behind it.

Edit: after messing with it and installing an XP Pro VM I think VirtualBox wins hands-down for me. The integration stuff works as well in XP and Linux as VPCs works in XP alone. There are more tweaks as was mentioned before. And I mush prefer Sun's "snapshot" mechanic to Microsoft's "undo disk".

Edit 2: so I go to uninstall Virtual PC after I get all my OS's installed in VirtualBox... and there's no uninstall option. That's one way to keep the user base growing! 🙂

 

[degibson]

Interesting thing... when the last VPC VM is shut down it leaves a host process running, and this causes VirtualBox to complain that it can't run in the current environment. Everything reverts to normal if you kill the process. VirtualBox does not leave any such roadblocks behind it.

Edit 2: so I go to uninstall Virtual PC after I get all my OS's installed in VirtualBox... and there's no uninstall option. That's one way to keep the user base growing! 🙂

Ha ha. Typical Microsoft product -- not content to use the same abstractions as everyone else. The good news is that your VirtualBox images will work just fine after you nuke and reformat to clear the VPC garbage. 🙂

Edit: after messing with it and installing an XP Pro VM I think VirtualBox wins hands-down for me. The integration stuff works as well in XP and Linux as VPCs works in XP alone. There are more tweaks as was mentioned before. And I mush prefer Sun's "snapshot" mechanic to Microsoft's "undo disk".

VPC has no snapshot? Wow. Whenever I do kernel hacking (not so often anymore) I make heavy use of snapshots... I couldn't imagine an undo-disk-only kind of thing. I'm astonished that a VMM even exists without a decent snapshotting capability.

 

[Markbnj]

The hanging after the last VM shut down may have been a one-time thing, as I saw a couple of times last night that the host process did terminate after I shut down the VM.

But I still can't find an uninstall.

As for snapshotting, as far as I can tell they just have undo disk, which is definitely not as flexible because you can only have one, and need to decide at shutdown whether to commit the changes.

 

[degibson]

...you can only have one, and need to decide at shutdown whether to commit the changes.

I can see the dialog box now. VM Background: kernel panic. Foreground dialog box: Do you want to commit the changes to disk? Yes/No/Abort/Retry.

It sounds like one of those times when I might accidentally hit 'yes' out of dialog box irritation.

 

[DaveSimmons]

You probably already realize this, but you can always make a copy of the files using Windows Explorer to back up your VM.

 

[Markbnj]

You probably already realize this, but you can always make a copy of the files using Windows Explorer to back up your VM.

Certainly true, but you have to copy the VM in the VirtualMachines folder, and then go to the hidden AppData folder under your user folder and find Microsoft\Windows VirtualPC\VirtualMachines and copy the virtual HD files, or so I assume. Not very convenient. Virtual box lets you grab a snapshot with one click, and you can keep a hierarchy of them and restore back to any point.

 

[Markbnj]

Back on the topic of there being no uninstall for Windows Virtual PC. Since VirtualBox rocks so damn much I couldn't see any reason to leave Virtual PC on my system. I Googled around and soon realized that the reason it doesn't have an install is that it's deployed as a system update. So that's wtf #1. Was that really necessary? I don't think so.

I tell Windows to uninstall the update, which someone else on some forum somewhere says they did successfully. The uninstall proceeds to the end and hangs. I wait a long time then tell Windows to shut down and restart. The uninstall and all the other apps close normally, windows displays the shutdown screen, and hangs there. Wtf #2.

Eventually I power off. When I power back on it has me wait while it completes updates. It goes to 30% complete and then restarts. The second time it goes all the way through then starts the desktop. Soon I notice strange things. I have gadgets missing and sidebar.exe won't pop it's gui. The system hangs hard coming back from the screen saver. Wtf #3.

Eventually after another restart or two everything seemed to stabilize again, but this evening I had the inspiration to run driverquery and see what got left behind...

vdrvroot Microsoft Virtual Driv Kernel 7/13/2009 8:01:31 PM
vpcbus Virtual PC Host Bus Se Kernel 9/22/2009 9:32:32 PM
vpcusb USB Virtualization Con Kernel 9/22/2009 9:32:39 PM

Wtf #'s 4, 5, and 6. And these are just the obvious ones. I don't know what the fark else they left scattered around. I had a nice, clean system and this just rags me off no end.

Anyone have an idea how I can manually uninstall these kernel drivers?

 

[degibson]

WTFs 1-6

Yuck.

Anyone have an idea how I can manually uninstall these kernel drivers?

I have two suggestions. It could be that neither of them will help, since neither one of them involve uninstalling the drivers (my Windows knowledge in this area is meager).

Suggestion 1. Just deal with the extra drivers. I'm a perfectionist, so I personally cannot cope with junk drivers on my system... but some other people can.

Suggestion 2. Nuke and reinstall. I keep a fresh dd of my base install image on a second partition, so that option isn't very painful for me. Even if you don't have a cold image somewhere, a full reinstall is ~<1 evening's work.