Vm's (Virtual Machines) Useage Approach Questions

[hippovsmouse]

I had some questions about the approach to take regarding using virtual machines. I guess it might be different for everyone depending on needs.

I have seen it recommended by some, to keep the host system clean and only install the bare necessary software- then do everything in vm's. Is this a common/practical approach?

For example, keep the host system offline, then have one vm for online activities, then another vm for other works that don't involve online. I could possibly see the benefit in that approach, but how well do certain tasks perform inside a vm? Audio/Video transcoding for example and other such work, is such work reliable and safe to do within vm's?

I would think that one benefit in separating vm's into online and offline would be the lack of need for security software in those offline.

I am making some changes to a couple of my systems and so thought this a good time to ask. Thoughts on the subject/recommendations are readily welcome

 

[Chiefcrowe]

I don't know how common this is but it seems to be good security practice if you can do it -

"only install the bare necessary software- then do everything in vm's. Is this a common/practical approach?"

Although I'm not really sure how you could keep the host system offline and have one of the VMs online - do you? I was under the impression that the VM has to share the host's network connection.

 

[hippovsmouse]

Although I'm not really sure how you could keep the host system offline and have one of the VMs online - do you? I was under the impression that the VM has to share the host's network connection.

In virtualbox you can use bridged mode for networking, which basically bypasses the host os and deals directly with the network adapter. In nat mode the vm would get an ip from the host os.

 

[TheELF]

With windows as a host you will loose a big chunk of memory.
Filesystem access in VM is really slow so trans/en-coding will take a big hit.
You could give the VM access to real harddrives to avoid the slow virtual file system speeds but this raises the question,why not just dual boot in the first place?
Don't like partitioning or having several disks in your box?
You can take a small usb stick and install some *untu (linux) version on it,boot from there and use it for the online stuff,there are even special versions for the paranoid crowd that are (at least supposed to be) very safe and anonymous.
You can even get one bigger usb thumb drive( ~64Gb) or small external ssd and make it a Windows to go drive (google it) that you will only connect whenever you want to run the net stuff.


The only good thing with VM's is that you can just rar the freshly installed VM and unrar it at any time to have a clean system.

 

[John Connor]

If this is for security you could use a software like Shadow Defender or Voodoo Shield. This makes sure nothing will change the current state of your OS unless you have whitlisted programs, etc.

For the extra paranoid, live CD of Puppy Linux or Damn Small Linux.

 

[Zodiark1593]

VMs are handy for running older software, just in case, I dunno, the newer Windows breaks something vital for said software like DirectDraw (FUUUUUUUUUUUUuuuuuuuuu... done).

If you don't use Windows as the Host, VMs become quite a bit more useful in opening up the Windows library of software, though performance sensitive applications will still suffer some.

And VMs can facilitate multiple users on a single PC. An OEM quad core desktop with a cheap gpu thrown in and some additional RAM can serve two light users fairly easily, a family pc perhaps. A particularly extreme example is the video of the 8 Gamers, 1 CPU build. (Really a dual socket, but Linus apparently prefers "1" in the name, so meh.)

 

[JimmiG]

I don't know how common this is but it seems to be good security practice if you can do it -

"only install the bare necessary software- then do everything in vm's. Is this a common/practical approach?"

Although I'm not really sure how you could keep the host system offline and have one of the VMs online - do you? I was under the impression that the VM has to share the host's network connection.

Multiple NICs, VLANs, firewall rules, or simply unassigning IP etc. from the host adapter works (VM's can go through a virtual switch, so the host adapter doesn't need those protocols).

It all seems a bit overkill/paranoid for home use, though. If you keep your software up to date, have a virus scanner, firewall and some common sense, keeping your systems online isn't dangerous. You're more likely to be the victim of a phishing attack or have your password stolen from some security breach of a third party site/service.

 

[sweenish]

I use vm's to have access to Linux for school without being stuck in their lab.

 

[TeknoBug]

Yes it's doable, part of why I use my i5 system for VM's, to do stuff that I don't want done on the host system with any interference (such as VPN, working with sensitive data, etc).

 

[Chiropteran]

I don't think that is common usage at all.

For anything like what the OP is suggesting, you would be using a dedicated host- like vmware ESXi, where you can't really do anything from the host at all. If you are running your VMs on a linux or windows workstation, then you most likely want to use the base OS to do certain things, because performance will be better on the base OS system.

That is, pick one or the other:

1- dedicated vm host like esxi. host runs *nothing* directly. everything run in various vms, which can be configured individually

2- linux or windows based host. host used for things that require maximum performance or direct hardware access - gaming, multimedia, etc. VMs used for testing alternate OS, testing shady software, running a server in the background, etc

 

[hhhd1]

check out Qubes OS
https://www.qubes-os.org/