D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Banking trojan targeting Linux

 

On 08/08/13 21:35, Mark Evans wrote:
On 08/08/13 12:56, Daniel Robinson wrote:
> Run a virtual machine is my 2 pence... Perhaps somebody can say why
> this is good practice.

You'd probably also want to be able to reset the VM to a known state
before doing anything. VMWare and VirtualBox have a "snapshot"
feature, you could copy the virtual drive file or run a "Live Distro"
from an ISO inside a virtual machine.
>

That's exactly what he's talking about: using a known-good virtualized system that is snapshotted at suitable point(s) and is shut down after use without allowing the differencing disk to be written back. Every grown-up virtualization platform I know of, including at least Parallels, KVM, Xen, VBox, VMWare, Hyper-V, z/VM, QEMU and the rest have been able to do this forever - it's not a feature many use, for some reason.

It's much faster, more secure and less lame than either booting a live media in a VM or fully rebooting the physical host with a live disk (which in 2013, is maximum fail unless you're doing it for disaster recovery of some kind).

Disclaimer: I may know more about Daniel's security setup than most, as I may have given him some advice off-list. Maybe.

Regards
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq