Security concerns running a VM

Discussion in 'Windows, Linux & Others on the Mac' started by sergiobaschi, Jan 27, 2014.

  1. sergiobaschi macrumors regular

    Joined:
    Nov 30, 2012
    Location:
    Gothenburg, Sweden
    #1
    I've installed a virtual machine running Windows XP on my iMac. The sole purpose is to run Age of Empires via Steam.

    Windows keeps on with its "You're not protected", saying I need antivirus programs, firewalls and stuff.

    Is there any potential risk for me? I mean, if I get a virus to the VM, I assume the virus will be sandboxed within the XP machine, and I'll delete it by simple deleting the VM, and just install a new instance?

    Any advice would be highly appreciated.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    If you're just playing a gain, not connecting to the internet then you have very little risk. How would a virus/malware get into the VM if you are not letting it connect to the net?
     
  3. sergiobaschi thread starter macrumors regular

    Joined:
    Nov 30, 2012
    Location:
    Gothenburg, Sweden
    #3
    I'm running via Steam, and Steam seems to need internet connection. I also play in multiplayer mode, which obviously requires an internet connection.
     
  4. colshine macrumors regular

    colshine

    Joined:
    Mar 2, 2011
    Location:
    UK
    #4
    For my windows VM I have anti-virus installed as it is connected to the internet. The only way to protect a Windows VM external threats is to have no network connections.
     
  5. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #5
    It's Windows. It's vulnerable. There's no risk to your Mac but your VM is just as risky as any other XP machine.

    Just install a free antivirus program in the VM. Microsoft Security Essentials is a decent, lightweight free offering. Find it on Microsoft.com. Support is ending for XP but this will get you through the interval until Spring 2015 when that happens.
     
  6. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #6
    If you're going to have a network connection then I'd strongly suggest you go with some antivirus software.

    I had a windows VM that didn't use antivirus software but then its sole job was to run QuickBooks, no net access no risk in that situation.
     
  7. sergiobaschi thread starter macrumors regular

    Joined:
    Nov 30, 2012
    Location:
    Gothenburg, Sweden
    #7
    Thank you for your replies.

    As long as it's no risk for the Mac, I don't care about the VM.
     
  8. saturnotaku macrumors 68000

    Joined:
    Mar 4, 2013
    #8
    The virtual machine is like a sandbox. Anything that runs is limited to that space. The risk of any sort of security breach if you're only running Steam is very low, but if something does happen, any damage will be limited to the VM. Just wipe it out, reinstall it, and everything will be fine.
     
  9. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #9
    Correct, the VM is isolated so OSX will be ok.
     
  10. VI™ macrumors 6502a

    Joined:
    Aug 27, 2010
    Location:
    Shepherdsturd, WV
    #10
    Would it be possible for someone to hijack OS X via the VM install?
     
  11. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #11
  12. hallux macrumors 68020

    hallux

    Joined:
    Apr 25, 2012
    #12
    Pretty sure it's Spring 2014..

    http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx

    That said, infections in the XP machine should be sandboxed but you won't take a significant hit by installing MSE or Avast (what I use on my Windows desktop and the VM on my Mac) and they're both free.
     
  13. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #13
  14. hallux macrumors 68020

    hallux

    Joined:
    Apr 25, 2012
    #14
    I don't consider that enough to make me feel secure still using the OS and neither do many businesses (the one I support is in a final push to remove XP from the network). Not to mention, those businesses would have to foot a HEFTY bill if they still run XP and want to get security updates (besides the ones you linked).
     

Share This Page