• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Whats Best Way to Safeguard Against Viruses in Guest o/s?

Status
Not open for further replies.
K

koolx

PCHF Member
Mar 26, 2022
15
0
113
#1
Hi guys.. I'm on win 10. I want to install a vm to install programs but want to prevent viruses from leaking into the host. Got a few questions...
  1. Can a vm can catch any potential viruses from leaking into the host
  2. Does disabling shared folders and networking stop leaking a virus into the host?
  3. Does disabling shared folders mean not being able to share files between host and guest? If so, how am I able to transfer files to guest without the guest leaking potential viruses into the host?
  4. Whats the best way of securely installing programs in the guest without the whole PC being infected by possible viruses from those programs?
 
#2
it seems you are really concerned about protecting the host PC, and that's fine, but if you are that concerned, why not have a completely separate PC?

that way your sandbox is an isolated unit rather than being actually part of the very unit you're trying to protect.

a VM is simply a program, running on the host PC, using all its assigned resources. yes, you tell the VM what resources and the amount of those resources to share, but the VM itself still needs protection. the VM talks to both the outside world and the host PC.

Windows 10 has an excellent inbuilt security suite, ranked equal or better than the top, paid-for products, so you don't need anything extra on that front.

if protection is your driving force, I think you need to take it to the next level and separate the guest from the host altogether. :)
 
#3
Bruce said:
it seems you are really concerned about protecting the host PC, and that's fine, but if you are that concerned, why not have a completely separate PC?

if protection is your driving force, I think you need to take it to the next level and separate the guest from the host altogether. :)
Click to expand...

Very much appreciate your reply. Buying a separate PC sounds like a good idea. The only issue with that is how can I switch conveniently between 2 PCs connected to one monitor? I imagine an hdmi cable splitter would do the trick. Is this right?

Windows 10 has an excellent inbuilt security suite, ranked equal or better than the top, paid-for products, so you don't need anything extra on that front.
Click to expand...

I have win 10 home. I the pro version comes with sandbox if I'm not mistaken.

Looking forward to your reply.
 
#4
koolx said:
how can I switch conveniently between 2 PCs connected to one monitor
Click to expand...
Depends on the monitor.
How many inputs does it have and what type of inputs, HDMI VGA etc.
If it has multiple inputs you can have one computer connected (as a sample) by HDMI and the second computer connected via VGA.
Keyboard and mouse needed on both computers
Push a button on the monitor to switch between computers.
You could also use a program like tight VNC on both computers with the advantage of one keyboard and mouse need.
Or you could use a KVM switch, only one keyboard and mouse needed
 
#5
Win10 Pro has Hyper-V, Microsoft's inbuilt VM software, it's very good.
I used to use it for a while, but these days, no longer need to have multiple versions of Windows on-hand.

as to a 2nd PC, of course you could buy one, but it would be more economical if you had an old one lying around, or got a 2nd hand one.
after all, it won't be your main rig, just a test bed for trying out new software.

and while TightVNC is an option, if you are really serious about keeping the guest and the host PC's apart, you probably don't want anything, however remote a chance, of any cross-infection occurring.

having one monitor connected to one PC via, say, HDMI and to the other PC via, say, VGA is a quick and simple way to get a down-and-dirty KVM switch equivalent. as Peter says, just press the Source or Input button on the monitor to flick between either PC.
if you had a combo wireless keyboard and mouse that talked to the one USB receiver, you would only need to move the USB dongle between each PC, if you didn't want to have a keyboard and mouse on each rig.
 
#6
PeterOz said:
How many inputs does it have and what type of inputs, HDMI VGA etc.
If it has multiple inputs you can have one computer connected (as a sample) by HDMI and the second computer connected via VGA.
Keyboard and mouse needed on both computers
Push a button on the monitor to switch between computers.
You could also use a program like tight VNC on both computers with the advantage of one keyboard and mouse need.
Or you could use a KVM switch, only one keyboard and mouse needed
Click to expand...

Hi peteroz.. appreciate the feedback. Although a 2nd PC is the best solution it sounds like its not an easy one to implement. I'll have to think about this.

What about storing my personal data on a simple flash drive? Would that work or will connecting it to the PC still offers a risk that the data might be copied by viruses?
 
#7
Bruce said:
Win10 Pro has Hyper-V, Microsoft's inbuilt VM software, it's very good.
Click to expand...
Unfortunately I have Home. But I found a website that states you can still install Hyper-V on Home. Below is the link. Let me know what you think of it:
www.itechtics.com

How To Enable Hyper-V On Windows 10 (Home & Pro)

Learn how to install and enable Hyper-V on your Windows 10 Home and other editions. using the detailed guide below.
www.itechtics.com www.itechtics.com
 
#9
remember, even the top end of town, names like IBM, NASA, DoJ, Apple, LassPass, heck {insert almost any companies names here} - they have all been hacked at some point.
so really, what can the mere mortals like us do to 100% protect ourselves - short answer - not much.
make it harders yes, stop them - no!

the effort and expense put into this sort of activity needs to be justified.

at the end of the day, only you can really decide what that final solution looks like. :)
 
#10
Bruce said:
remember, even the top end of town, names like IBM, NASA, DoJ, Apple, LassPass, heck {insert almost any companies names here} - they have all been hacked at some point.
so really, what can the mere mortals like us do to 100% protect ourselves - short answer - not much.
make it harders yes, stop them - no!

at the end of the day, only you can really decide what that final solution looks like. :)
Click to expand...

Good point Bruce! Its a toughie I have to admit. Tough decision to make though.
 
#12
Bruce said:
@koolx - still need help?
Click to expand...

Hi Bruce actually yeah I do. So if I buy a 2nd PC, how will I be able to connect to the internet if my main PC already has the ethernet cable plugged it? I mean I can connect the 2nd PC via wifi... but I'm hesitant about my wifi signal being intercepted.

Let me know what you think Bruce!
 
#13
the overall aim of the 2nd PC is to NOT have it on the web as I thought that was the whole idea we were trying to achieve.
that is, keeping the 2 PC separate to avoid cross-infection.
with that in mind, if you wanted to transfer files or software over to the 'isolated' PC, then you would use a USB stick to do that.
and to take the exercise to it's full extent, format that USB drive before inserting it into the main PC so as not to bring anything across except the files you want and scan the USB stick either in the main PC or 2nd PC before copying the data off the stick.

as said, it all depends on just what lengths you want to go to "prevent viruses from leaking into the host".
 
#14
Bruce said:
the overall aim of the 2nd PC is to NOT have it on the web as I thought that was the whole idea we were trying to achieve.
that is, keeping the 2 PC separate to avoid cross-infection.
Click to expand...

But what you suggest for the aim of a 2nd PC not connecting to the internet doesnt make sense. That implies going on the internet on the main PC using passwords which a program installed might intercept. It defeats the purpose of a 2nd PC.

I want the 2nd PC to store passwords on and connect to the net to order stuf on ebay, amazon, etc. The main PC will have no passwords (will also connect to the net) and will have installed programs which may or may not be infected with viruses. Btw the main PC will not have a vm with the 2nd PC handy in storing passwords.

with that in mind, if you wanted to transfer files or software over to the 'isolated' PC, then you would use a USB stick to do that.
Click to expand...

When you say 'isolated' did you mean 2nd PC or main PC?
 
#15
I obviously have the bull by the horns on this.... :)

my take was you have a current PC, your 'main' PC, and wanted to keep it safe so were thinking of using a VM to have a 2nd PC on which you could install new software and stop things from infecting the main PC.

in short, 2 PC's (be them physical or virtual) where they are kept separate.

so, on that reasoning, you would not want them talking to each other. because a VM is using the physical PC's resources, there would be a chance of cross infection. the separate, physical PC idea was to eliminate that potential.

which PC does what is your choice, my aim was to keep them away from each other. both can of course connect to the web but you have to be careful when transferring data between the two.

I was thinking one PC is the main, work horse, everyday PC, and the other would be a sandbox, test bed, suck-and-see PC, where you wouldn't care what software you tried on it, or what gremlins it may get, because if it goes pear shape, you'd just nuke it from space.
 
#16
Bruce said:
my take was you have a current PC, your 'main' PC, and wanted to keep it safe so were thinking of using a VM to have a 2nd PC on which you could install new software and stop things from infecting the main PC.
Click to expand...

Hi Bruce,

Ok let me clear the air here from the confusion. I was open to the idea of a vm on my PC. But some here convinced me that installing programs on a guest might pose a risk to possible interception of personal data in the host. A 2nd PC would eliminate that threat by having personal data transferred from the main PC to the 2nd PC.

As such, there'll be no need to install a vm on the main PC. I would then be able to install programs on it. The programs wont have a chance of sniffing out my personal data since there'd be no personal data on it. Could I possibly get viruses on the main PC? Yes, unfortunately. But I'd make a backup image in case it does. Some of the programs I want to install on my main PC are games. Might they possess a virus? Yes. But if it gets infected, the viruses wont be able to find any personal data and I'd still have an image backup.

On the 2nd, I wouldnt do any browsing or install any programs except for firefox and MS Office. Firefox would be used to order stuff online from ebay or amazon along with online banking.

Hope this helps clarify things. Let me know what you think, Bruce!
 
#18
Bruce said:
awesome, we are both getting to the same end point, that is, one PC is isolated and has no personal info. :)
Click to expand...

Correct. The main PC will not have a vm but will download and install programs which may or may not possess potential viruses. The 2nd PC will only have passwords installed and be able to order stuff online and nothing else.

But do you think since the main PC will have my microsoft account for the microsoft store that a potential virus from a program downloaded from the internet will be able to intercept it? Would such a virus be able transmit that info to a server?

.
 
#19
that is the million dollar question, isn't it!!!
no-one can give a definite answer on that one.
but with all things malware, just because the answer may be NO today, it could just as easily change to YES next week.

all I can say is the inbuilt Windows Defender is excellent, and all you need.
add to that a browser extension like uBlock Origin, and a modified HOSTS file of the sort offered by https://winhelp2002.mvps.org/hosts.htm and you are well on your way to a multi-layered security suite.
 
#20
Hey Bruce. Greatly appreciate the time youve invested in educating me.. Looks like I'll have to install a vm which means scrapping the idea of a 2nd PC at least for now. I have no choice. With that said, I have 2 questions:

1) You suggest using Hyper-v on my windows 10. Just so you know, its not native to my home edition. But theres a workaround to installing it nonetheless. The link below shows how one can install it in the home edition. Let me know what you think of that:
www.itechtics.com

How To Enable Hyper-V On Windows 10 (Home & Pro)

Learn how to install and enable Hyper-V on your Windows 10 Home and other editions. using the detailed guide below.
www.itechtics.com www.itechtics.com

2) Upon installing a guest (with win 10 installed like the host), what the safest way of transferring and installing a program into the guest which may/may not have a virus?

Looking forward to your reply!
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu