Firewall Protection and Virtual Machines

[Guest]

[Info-Sec]

Well this thread was really about how comodo wont secure the virtual computer on a host system.

Then it branched out exploded (Mod).

[Ehgreg]

So I better not install VM and purposely let loose some malware on a machine with just Comodo protecting the host. Atleast until I get a better understanding. hehe     Don't want to mess things up too much.

[Leebme]

Since the VM is basically like a separate machine, it too needs to be protected with a AV and Firewall.

[andyman35]

Since the VM is basically like a separate machine, it too needs to be protected with a AV and Firewall.

Precisely!

Now that's what was needed, a short answer straight to the point,lol 

[panic]

Since the VM is basically like a separate machine, it too needs to be protected with a AV and Firewall.

True, IF the VM is set to use its own pseudo NIC and IP.

If, on the other hand, it is set to bridge and use the real hardware's NIC and IP, the firewall should be able to detect traffic coming from the VM and attempting outbound access via the real hardware.

Ewen

[Leebme]

Ewen, As far as the firewall is concerned, you are correct.   I should have added that but didn't.  But it would always still need its own AV.
Even back in the dark ages of Double-Dos, we ran dual AVs for sure.

Lee

[Info-Sec]

And as long as we are on the subject of security software protecting host and guest, antimalwares that monitor ports E.G Kaspersky antivirus's web shield, are capable of detecting malicious downloads in the guest operating system.  This is mostly true for antiviruses / antispams and not so much firewalls, but indeed if your firewall can stealth ports, then the guest operating system is stealthed.

[andyman35]

That is certainly the most advisable way to run a VM,since running it as removed from the physical computer as possible lessons the risk of cross contamination.

[computer.angel_333]

Sir, Comodo Firewall isn't the only one Security Software that must be installed in your PC, try to put up in your mind that there is also a combination of Security Software in Information Technology, like for example I am using Security Layering in my PC. I combined my NOD32 anti virus with Spyware Terminator, Trojan Hunter and Comodo Firewall and up to know I didn't experience major problems against malicious softwares. Firewall is only one of thousand of security software, and I am personally telling that this Firewall works perfectly fine.

[Info-Sec]

Sir, Comodo Firewall isn't the only one Security Software that must be installed in your PC, try to put up in your mind that there is also a combination of Security Software in Information Technology, like for example I am using Security Layering in my PC. I combined my NOD32 anti virus with Spyware Terminator, Trojan Hunter and Comodo Firewall and up to know I didn't experience major problems against malicious softwares. Firewall is only one of thousand of security software, and I am personally telling that this Firewall works perfectly fine.

Course not.  Nod32 is a great system.  So you wont have to worry about viruses at all.

[kail]

Related article..

Virtualization Security

"x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of ****. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."

Source: http://kerneltrap.org/OpenBSD/Virtualization_Security

[Debunker]

You don't need a full Virtual Machine, let alone virtual OS. The hacker only needs to write the network portion of something LIKE the Virtual PC software. Remember that owners of botnets make millions on spam each month, so it's not a problem for them to pay decent developers to write such malware (it's not that hard really -- I develop kernel-level software, so I should know).

The following statement on the official Comodo website is a provable lie:

But our Firewall software is unique in that it passes all known leak tests

Yes, that is a provable lie. It does not pass all known leak tests. It does not pass my leak test and Comodo has known about it for a long time. Yet, they didn't fix it in any of the Betas and still claim it passes all known leak tests. For extensive details on the leak test see this thread: http://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypassclosed-t12265.0.html
There is no need to discuss it further. Everything has been said in that thread.

And again, please don't lie to people. Your firewall does not pass all known leak tests. I'll be watching you.

[kail]

Hi Debunker

I've just re-read all your posts & I can't find your leak test anywhere.. I might have missed it. Can you point it out to me please? Thanks.

I'm assuming, of course, that you don't mean "Microsoft Virtual PC 2007".. because that would be silly.

[Debunker]

Hi Debunker

I've just re-read all your posts & I can't find your leak test anywhere.. I might have missed it. Can you point it out to me please? Thanks.

I'm assuming, of course, that you don't mean "Microsoft Virtual PC 2007".. because that would be silly.

What exactly do you find silly about it?

[kail]

What exactly do you find silly about it?

I see. So, Microsoft Virtual PC 2007 is your leak test?

[Tags:]