Intel MBP i9 32GB vs M1 MBA + Dedicated desktop for security research and virtualization lab

[ethical-hacker]

Hey,

So ill try and be quick with my questions.
I'm a freelance security researcher and consultant, and soon I'm planning on creating video content (online courses and maybe a youtube channel) - so I need to have the ability to spin and maintain a small lab (3-4 VMs maximum).

70% of my work will be consulting such as penetration testing, incident response (will need a windows VM for analysis on the fly), and security research.
30% will be content creation such as blogs, video content, VM's.

Right now I'm pushing to the limit of my 2016 Lenovo laptop (i7-8550u + 16GB), and I can hear it screams sometimes. I can't use the laptop with 2 VM's and tools like volatility (memory analysis tool) are killing the CPU.

Before I start with the real question, one last piece of information - I've never used MacOS.

Now, I have 3 options:

1. Cheapest option: Buy a dedicated virtualization desktop for 3,200 (not USD, my local currency) and use it at home for the VM lab and connect to the machine remotely if I need it + continue to use my Levono laptop as a daily driver and save money.

2. Medium cost: The same 3,200 desktop + Buying the M1 MBA 16GB for 5800. Retire my Levono laptop for my girlfriend/part of my lab setup and daily drive the M1 for the consulting and content creation. I like this option because the M1 seems like a beast, the laptop could handle everything regarding the content creation (including rendering). But I'm afraid that the M1 will not support all of my tools, also I don't know if Windows on arm could be a good option for an Incident Response VM that I can run on the fly because I don't know how the emulation will work with all the research tools.

3. Buying Intel MBP i9 2.3 32GB 5500M 8GB for 12,500 - to handle everything. Parallels for VM's and the Intel CPU will not cause trouble with my tools as it is proven to support everything. But it's expensive as hell, overheats, has a ****** battery, etc.

TLDR:
I'm afraid that the M1 will not support everything that I need because of the lack of x86/x64 virtualization, but the Intel MBP is expensive and has its own problems. Willing to offload most of my VM's need to dedicated desktop VM at home only if the M1 will handle everything else. Also, I've never used MacOS but I use Linux every day and prefer it over Windows, so I'll be fine.

Maybe someone has experience with the M1 as a security research/cybersecurity tool? or experience running debuggers and research tools on Windows on ARM using the x86/x64 emulation? Should I just buy the Intel Mac?

Thank you in advance for your help and wisdom!

 

[casperes1996]

That's kind of a hard one. How much of your software needs are Windows only? Windows on ARM is very dodgy right now by all accounts. But Linux support is stellar, and of course macOS runs perfectly. Tools like valgrind don't work right on the newer macOS releases but you can run them through Linux on the M1.
Depending on the nature of your work it might also be an advantage to have an ARM based machine in addition to traditional x86-64.

If you go for the medium option and keep the desktop running you could also always VNC (or otherwise remote) into it from the laptop if you run into a situation where it doesn't cover your needs.

I can say that you can do a lot of security research exclusively within macOS but it obviously depends on the tools you want to use, and if you're hunting for exploits in the NT kernel you kinda want a Windows test platform too.

If you feel like your job relies on Windows I'd go for either 1 or 3 for now. If you feel like Linux+macOS with minimal Windows needs is fine for you, 2 sounds like a fantastic option.
I expect the landscape to be very different in a couple of years too with better Windows on ARM (especially with Windows 11 redoing the scheduler to be more friendly to heterogenous big.Little architectures, also an advantage for Alder Lake), but for now, Windows isn't well supported on Apple Silicon Macs even through Parallels with Windows for ARM

 

[casperes1996]

Addendum: I mention Valgrind specifically because it's a low level memory analysis tool. Not designed with security research in mind, but I would imagine the same story to be true for a lot of other similar software, and I've used Valgrind a fair bit hunting for memory leaks and such in my C code.

 

[AltecX]

That's kind of a hard one. How much of your software needs are Windows only? Windows on ARM is very dodgy right now by all accounts. But Linux support is stellar, and of course macOS runs perfectly. Tools like valgrind don't work right on the newer macOS releases but you can run them through Linux on the M1.
Depending on the nature of your work it might also be an advantage to have an ARM based machine in addition to traditional x86-64.

If you go for the medium option and keep the desktop running you could also always VNC (or otherwise remote) into it from the laptop if you run into a situation where it doesn't cover your needs.

I can say that you can do a lot of security research exclusively within macOS but it obviously depends on the tools you want to use, and if you're hunting for exploits in the NT kernel you kinda want a Windows test platform too.

If you feel like your job relies on Windows I'd go for either 1 or 3 for now. If you feel like Linux+macOS with minimal Windows needs is fine for you, 2 sounds like a fantastic option.
I expect the landscape to be very different in a couple of years too with better Windows on ARM (especially with Windows 11 redoing the scheduler to be more friendly to heterogenous big.Little architectures, also an advantage for Alder Lake), but for now, Windows isn't well supported on Apple Silicon Macs even through Parallels with Windows for ARM

Just to clarify it's not really Windows on ARM itself that's a mess, more 3rd party software support. Vendors are much worse at moving to new tech on the Windows side than Apple side as MS has a history of not drawing a line in the sand like Apple does.

 

[casperes1996]

Just to clarify it's not really Windows on ARM itself that's a mess, more 3rd party software support. Vendors are much worse at moving to new tech on the Windows side than Apple side as MS has a history of not drawing a line in the sand like Apple does.

I considered it "the platform" which included software that runs on it - but yeah, sure. Though I've heard Windows itself is less stable too, though haven't had much experience with that myself. Visual Studio 2019 doesn't really work at all on Windows on ARM though so even Microsoft themselves are a bit behind there (though the newer Visual Studio (beta at the time I looked at it, may still be) works)

 

[ethical-hacker]

Thank you, casperes1996 and AltecX.

"How much of your software needs are Windows only?" - my daily work for my client does not strictly require me to use a windows machine. I use several programs that are available on the M1 (even though only through rosetta), python scripts, and Microsoft office. The problem will arrive when I'll do need that x64 windows machine, or that specific software that happens to not be available on the M1, and then I'll look like a dumbass. I don't know anyone in my field that daily drives an M1.

How's the Intel Macbook pro I9 32GB 5500 8GB? will it hold one windows VM machine and simultaneously working on the mac without being plugged in (in a scenario that I have to be mobile)? Hows the battery life itself? Overheating? Im willing to "suffer" all the bad parts if the machine will handle everything with ease. And I mean with ease, I'm not going to pay 12,500 for a machine that will "do fine".

The Intel machine will probably handle everything that I want it to. Yes it'll be loud, yes it'll overheat, and ill probably overpay a lot for power per price, but honestly - if I want to have the comfort of having my "lab" with me all the time + having a machine that I can do ALL of my work including reports and office work (Yes, I'm looking at you libre office! you should feel bad) that the only real option the Intel MBP.

Any other windows laptops in this price range kinda suck, the only one that is ok is the XPS 15, and for a good configuration ill need to pay even more than the MBP.

I don't know.. I wish that the M1 emulation of x86/x64 was better.

 

[watchmainspring]

I have an i9 MBP and running two operating systems is fine for normal and basic office tasks but with video intensive stuff it's been slower. I also have an m1 air and i don't think the current lineup has the memory to support your needs.

 

[casperes1996]

"How much of your software needs are Windows only?" - my daily work for my client does not strictly require me to use a windows machine. I use several programs that are available on the M1 (even though only through rosetta), python scripts, and Microsoft office. The problem will arrive when I'll do need that x64 windows machine, or that specific software that happens to not be available on the M1, and then I'll look like a dumbass. I don't know anyone in my field that daily drives an M1.

I would honestly think you'd be fine with the M1. I can't say I know anyone in the InfoSec field with M1s yet, but I do know loads with Macs that don't have Windows virtualisation or partitions on their machines.

How's the Intel Macbook pro I9 32GB 5500 8GB? will it hold one windows VM machine and simultaneously working on the mac without being plugged in (in a scenario that I have to be mobile)? Hows the battery life itself? Overheating? Im willing to "suffer" all the bad parts if the machine will handle everything with ease. And I mean with ease, I'm not going to pay 12,500 for a machine that will "do fine".

I mean it should perform as well as any computer with those same specs. There's of course the thermal aspect - it will run hot and loud compared to an M1 but AFAIK the current model doesn't specifically thermal throttle. By which I mean it will of course not run at turbo frequencies in an all core work load, but I don't believe it ever dips below base clocks.
Macs don't distinguish performance between plugged in and not, so whether you're plugged in or not will not affect performance in the slightest. 32GB of RAM is also more than enough to comfortably use macOS + a Windows VM. I can say that because as we speak I have 4 Docker containers running with various Linuxes running small tasks, a VMWare Fusion Windows VM, and on the macOS side, Xcode, CLion, Safari, Discord, Messenger, Music, Mail and Affinity Photo running. This is on a 32GB RAM iMac and my memory pressure is always in the green.
Battery life will be about 10 hours on non-intensive workloads but just around 2 hours if you turn up the intensity.

I don't know.. I wish that the M1 emulation of x86/x64 was better.

If you mean Rosetta, it seems to be genuinely fantastic. While it doesn't support AVX and VT-x, being able to run x86-64 machine code, which is a truly massive instruction set, on these M1 chips is truly remarkable. Performance also seems really good for it, and it feels native.

If you ask me I think your best bet is still option 2 but with a VNC server running on your desktop so if you find yourself in the field thinking "****; I *need* something that won't run on the M1" you can remote into your desktop from it and get work done regardless, though I believe you'll find the eventuality rare if not never occurring

 

[UBS28]

Why not go for a PC laptop instead of the 16" MBP? The Intel i9 is limited by the thin design of Apple.

 

[ethical-hacker]

Why not go for a PC laptop instead of the 16" MBP? The Intel i9 is limited by the thin design of Apple.

Most of the PC laptops in the price range of the MBP are worse in some kind or another. Yeah maybe ill be able to get 10-20% more power, but ill be walking in a meeting with 3kg of rainbow-colored, thick, and noisy laptop.

The XPS with similar power cost 2000-4000 more in my country, and I can't get the 5900HX Razer (which is pretty professional looking) with more than 16GB of ram. All the other ones are either lacking in power or don't have a webcam or are just too "gamery" looking.

Also, there is the point that "casperes1996" made, that the Macs don't distinguish performance between plugged in and not - which is important for me when I'm on the go.

If you mean Rosetta, it seems to be genuinely fantastic. While it doesn't support AVX and VT-x, being able to run x86-64 machine code, which is a truly massive instruction set, on these M1 chips is truly remarkable. Performance also seems really good for it, and it feels native.

If you ask me I think your best bet is still option 2 but with a VNC server running on your desktop so if you find yourself in the field thinking "****; I *need* something that won't run on the M1" you can remote into your desktop from it and get work done regardless, though I believe you'll find the eventuality rare if not never occurring

I mean x64/x86 emulation with UTM or other tools. meaning running x64 windows 10 directly on the M1 mac.

I think ill go for the Intel MBP 16" after all this is my work workstation - I need this tool for my work and the Intel MBP even with its flaws is still answering all of my demands. I think it's unwise to go for the M1 only because it's better in other ways if it's not suited for my needs.

Thank you guys for your help, much appreciated.

 

[pshufd]

I have an i7-10700, 128 GB of RAM, and 5 TB SSD and a decent video card though not for gaming. This thing is great for spinning up virtual machines. You could go with a Ryzen 5950X if you need more CPU. I personally prefer to build my own desktops so that I can pick the pieces myself. One of my design considerations was a machine that runs cool and quiet.

I have an M1 mini as well and the Windows desktop provides somewhat more compute but far more flexibility. I've heard that someone got QEMU running to emulate x64 on the M1 but I heard that performance was poor.

My desktop cost about $2,500 but I bought some of the parts pre-pandemic. GPUs and RAM cost a lot more today. If you need large VMs, then you might look into motherboards that support 256 GB of RAM. Most of the enthusiast-class motherboards only support up to 128 GB.

 

[casperes1996]

I have an i7-10700, 128 GB of RAM, and 5 TB SSD and a decent video card though not for gaming. This thing is great for spinning up virtual machines. You could go with a Ryzen 5950X if you need more CPU. I personally prefer to build my own desktops so that I can pick the pieces myself. One of my design considerations was a machine that runs cool and quiet.

I have an M1 mini as well and the Windows desktop provides somewhat more compute but far more flexibility. I've heard that someone got QEMU running to emulate x64 on the M1 but I heard that performance was poor.

My desktop cost about $2,500 but I bought some of the parts pre-pandemic. GPUs and RAM cost a lot more today. If you need large VMs, then you might look into motherboards that support 256 GB of RAM. Most of the enthusiast-class motherboards only support up to 128 GB.

That’s cool and all, but the OP specifically said they were looking for a new laptop

 

[casperes1996]

Hope you enjoy the 16”, OP. And that it suits your work needs perfectly

 

[pshufd]

That’s cool and all, but the OP specifically said they were looking for a new laptop

 

[casperes1996]

View attachment 1816846

Maybe our interpretation of that text block is just different. While a desktop is mentioned, so is a laptop. In all of them. And I get the clear sense reading that that the OP wants to get away from their Lenovo laptop and that’s the part they want replacing, not a desktop, but the desktop solution would just be a way to save money if there were no good laptop solution for now

 

[pshufd]

Maybe our interpretation of that text block is just different. While a desktop is mentioned, so is a laptop. In all of them. And I get the clear sense reading that that the OP wants to get away from their Lenovo laptop and that’s the part they want replacing, not a desktop, but the desktop solution would just be a way to save money if there were no good laptop solution for now

I actually do stuff similar to what he's talking about in terms of running multiple VMs. The Desktop gives you far more flexibility in what you can do because you can easily put in a lot of RAM and run multiple VMs with different operating systems (not just Windows). They can certainly get away from the Lenovo but that doesn't mean that they can't still use the Desktop. Indeed, the Desktop is mentioned in two of the three options.

If you're willing to spend $12K, then the desktop along with other laptops are options.

 

[ethical-hacker]

Hope you enjoy the 16”, OP. And that it suits your work needs perfectly

Thank you. Ordered one yesterday, will probably arrive tomorrow.

I actually do stuff similar to what he's talking about in terms of running multiple VMs. The Desktop gives you far more flexibility in what you can do because you can easily put in a lot of RAM and run multiple VMs with different operating systems (not just Windows). They can certainly get away from the Lenovo but that doesn't mean that they can't still use the Desktop. Indeed, the Desktop is mentioned in two of the three options.

If you're willing to spend $12K, then the desktop along with other laptops are options.

I wish I had 12K USD 😅 The budget was around 3-3.5K USD (around 11K-12.5K in my local currency).

Thank you all for your help and suggestions!