[ale] what happens to vm if host reboots
Ron Frazier (ALE)
atllinuxenthinfo at techstarship.com
Sat Feb 16 22:46:30 EST 2013
comments inline
Phil Turmel <philip at turmel.org> wrote:
>Hi Ron,
>
>On 02/16/2013 10:03 AM, Ron Frazier (ALE) wrote:
>> Hi JD, Phil T, and Jim K, and others,
>>
>> Thanks for the prior responses to this. I thought I'd post a small
>> update. For now, I've just disabled automatic patch installation for
>> the PC in question. Maybe later, I can figure out how to have the VM
>> shut down properly before the host shuts down. When I went back to
>> the virtualbox control panel on the host pc after the forced reboot,
>> the status said the VM had been aborted. That didn't sound good. The
>> VM rebooted OK and the virtual HDD seems OK. But, I obviously want
>> to avoid such aborts.
>>
>> The questions of why run Windows, or run Windows in a VM on a Linux
>> host are valid questions. In this group, I wouldn't expect anyone to
>> be endorsing Windows, nor would I try to convince you to run it.
>> However, I thought I'd provide a bit of explanation of my scenario.
>
>In any normal human environment, I'd let this go by. But you are
>addressing this to the Atlanta Linux *Enthusiasts* mailing list.
>Pointed commentary to follow:
>
So, ALE people are not normal humans. 8-)
No one ever accused the group of being the Friendly Atlanta Linux Enthusiasts. 8-)
I run and study Linux a good portion of the time. In that regard, I'm a Linux Enthusiast too.
>> I've been running Windows ever since it was invented. Since long
>> before, in my opinion, Linux on the desktop had a viable gui and
>> maintenance and installation routine for the AVERAGE user. Since
>> Ubuntu came about in 2006 or so, and particularly, more recently,
>> Linux on the desktop is much more viable for the average user. I
>> consider myself above average in terms of technology. However, I do
>> prefer a nice GUI and minimal hassle installing and maintaining a
>> system. Modern Linux desktops are an acceptable replacement for
>> Windows in most cases. However, I reference my recent thread when I
>> was complaining about lack of control over my experience I get on
>> things like Unity and Windows 8.
>
>Your history with Windows is certainly not unique--I also have used
>Windows since it was introduced, and have used MS-DOS since *before*
>the
>IBM PC (Zenith beat IBM to market by a few months--I used MS-DOS 1.0
>aka
>Z-DOS on a Heath/Zenith Z-100). Making claims like this has no bearing
>on the merits of the case.
>
>http://en.wikipedia.org/wiki/Argument_from_authority
It has bearing on my motives to run Windows. It also has bearing on the fact that, until about 2006, there were no really viable Linux Desktop alternatives, in my opinion.
>
>> The fact is, Windows 7 does 100% of what I want a PC to do, since
>> everything out there is designed to be compatible with it. My Linux
>> situation is in flux, since I'm in the process of firing Ubuntu and
>> moving to Mint. Yes, I know it's Ubuntu under the covers. Anyway,
>> my experience with Ubuntu 11.04 and with the Mint Live DVD's
>> indicates that Linux does about 85% - 90% of what I want a PC to do.
>
>But you admit below that security concerns are bothering you--so
>Windows
>is *not* doing 100% of what you want. You are separating "security"
>from the tasks you are using the PC to accomplish. In my opinion, if
>the task isn't being conducted securely, it cannot be considered 100%
>satisfactory.
Everything I do is as secure as it can be under the circumstances. Whether I'm running Linux or Windows, I keep the OS patched. I run a software firewall. And, I'm sitting behind 2 hardware firewalls. If I'm in public, I'm running a VPN. My main security concerns do not relate to the fact that I'm running Windows, and, in fact, I would have most of the same concerns if running Linux. Let's compare. Almost every primary attack vector nowdays is related to things you potentially invite into the computer via the web browser or email or a website or a document. The attacks that can spontaneously penetrate a firewalled and patched computer remotely without some invitation in the door are more rare now.
As I quickly learned at a DC404 meeting today, I will stipulate that if the cracker has physical access to your PC, you're toast. So, let's assume he doesn't have that access.
Concern 1: Java - Applies to Windows and Linux.
Windows Solution: Deinstall it, although I'm considering running a VM just for a couple of things that have to have it.
Linux Solution: Haven't figured out how to deinstall it. Control it best I can with NoScript.
Winner: Windows
Concern 2: Javascript - Applies to Windows and Linux.
Windows Solution: Control with NoScript - except sites that have to have it, like the bank.
Linux Solution: Control with NoScript.
Winner: Tie
Concern 3: Malicious Flash - Applies to Windows and Linux.
Windows Solution: Keep flash up to date. Selectively trust sites with NoScript.
Linux Solution: Keep flash up to date. Selectively trust sites with NoScript.
Not using flash is not a very viable option, since too many sites depend on it.
Winner: Tie
Concern 4: Malicious PDF - Applies to Windows and Linux.
Windows Solution: Keep reader up to date. Disable java in reader and enable enhanced security and protected mode. Possibly switch to alternate reader.
Linux Solution: Keep reader up to date. Disable java in reader and enable enhanced security and protected mode. Possibly switch to alternate reader.
Winner: Tie
Concern 5: Malicious DOC - Applies to Windows and Linux.
Windows Solution: Disable Java and Visual Basic in LibreOffice. Set Macro Security to high.
Linux Solution: Disable Java and Visual Basic in LibreOffice. Set Macro Security to high.
Winner: Tie
Concern 6: Malicious HTML, HTML5 - Applies to Windows and Linux.
Windows Solution: Keep Firefox up to date. Control with NoScript.
Linux Solution: Keep Firefox up to date. Control with NoScript.
Winner: Tie
Concern 7: Inserting a contaminated USB, CD, DVD - Applies to Windows and Linux.
Windows Solution: Tell PC not to ever do anything automatically when media is inserted. Be very careful about what media you insert.
Linux Solution: Tell PC not to ever do anything automatically when media is inserted. Be very careful about what media you insert.
Winner: Tie
Concern 8: Clicking links in email acts as a vector for nasties. - Applies to Windows and Linux
Windows Solution: Verify trustworthy source before clicking links in email. Verify the destination of the link. Be very reluctant to click such things. Don't click executables. Turn off automation in email client.
Linux Solution: Verify trustworthy source before clicking links in email. Verify the destination of the link. Be very reluctant to click such things. Don't click executables. Turn off automation in email client.
Winner: Tie
Concern 9: Playing malicious media files. - Applies to Windows and Linux.
Windows Solution: Be very particular about where you get your LEGAL and reputable media files.
Linux Solution: Be very particular about where you get your LEGAL and reputable media files.
Winner: Tie
Concern 10: Executable viruses - Could apply to Windows or Linux, but I will admit they are far more pervasive on Windows.
Windows Solution: Don't do things that let questionable EXE's in the system. Have batch virus scanners and real time virus scanners. Keep the system updated and the virus scanner updated. Windows virus scanners are much more sophisticated than Linux ones.
Linux Solution: Don't do things that let questionable EXE's in the system. Have batch virus scanners and real time virus scanners. Keep the system updated and the virus scanner updated. Linux virus scanners are much less sophisticated than Windows ones. It is PROBABLE that, if a virus is encountered, that it was designed for Windows; and it is POSSIBLE, but far from guaranteed, that it will not run on Linux. Linux is not immune to viruses. No OS is. As it becomes more popular, it will become a much bigger target.
Winner: Linux
Concern 11: Patches to the system are not kept up to date, or components are not kept up to date. - Applies to Windows and Linux.
Windows Solution: Patch Windows and system components every month minimally, or every week preferably, or whenever a critical patch is released.
Linux Solution: Patch Linux and system components every month minimally, or every week preferably, or whenever a critical patch is released. Because, in most cases, all system applications are updated automatically, patching is easier in Linux. This is a mixed bag of pros and cons. I've had patches break things automatically on a few occasions. That can happen on Windows too. Sometimes, for example, waiting on the Firefox updates from the Ubuntu repositories, you don't get the latest stuff for quite a while. In my experience, Linux patches occur with equal volume and more frequency than Windows. Installing patches every day, should I choose to do so, can be quite a bother.
Winner: Linux
Concern 12: Need a software firewall. Need a VPN if in public. - Applies to Windows or Linux.
Windows Solution: Configure and activate the Windows Firewall. Configuration is much easier on Windows.
Linux Solution: Configure and activate a Linux Firewall. Example: use FireStarter to configure iptables.
Winner: Tie
As you can see, all 12 concerns I have related to security are applicable to both Windows and Linux. I feel slightly safer with Linux, but only slightly. I have slightly less work to do to be safe under Linux, but only slightly.
I am about as safe running Windows, the way I do so, as I would be running Linux. In order to use safety as a justification for switching everything I do primarily to Linux, the benefits must outweigh the hassles of doing so. At this moment, they do not.
>
>> The main areas where Linux falls short are the devices I attach to
>> these PC's, which often, work only with Windows to have all of their
>> functionality. Some require Windows to have any functionality.
>> These include an automotive GPS, ebook reader, weather display
>> device, and a scanner. Also, the machines associated with and
>> attached to my work table run through a vga usb kvm. One machine,
>> when running Linux, ALWAYS mis characterizes my 1920 x 1080 external
>> monitor and limits my screen to 1024 x 768. It drives me insane.
>>
>> Anyway, Windows 7 works flawlessly in all these cases.
>
>How is this any different from buying hardware/software packages for
>Macs vs. Windows? You purchased devices that proclaimed Windows
>support
>without checking their specs or online fora for Linux support. If you
>buy hardware for a Mac, do you expect it to plug into a Windows PC?
>(It
>might, but you take your chances.)
>
>There will always be products, services, and software that target only
>one platform--but they are rarely unique in the market. Nearly every
>piece of Windows software I've ever used has an alternative in both
>MacOS and Linux. In many cases, the software alternatives are
>file-compatible.
>
>As for hardware drivers, I think Linux has far surpassed all other
>platforms. There are a few holdouts, like Nvidia, but the vast
>majority
>of new devices in this world get linux support first--especially
>anything from Intel with server applications.
>
Here's the deal. As a consumer, I'm not too radically different from most. I go into Fry's, Best Buy, Target, whatever. I find a printer, a scanner, a video card, a router, etc. that has the features I like. I read the box. If it works with Linux AND it has the features and the value that I want, I buy it. If it doesn't mention Linux AND it has the features and the value that I want, I may buy it anyway and just reconcile myself to use it on Windows. If Linux wants to be a contender for the masses, which proponents say it does, it needs to be compatible in the box at the place where I'm shopping. I shouldn't have to go hunting for special gadgets so they'll work. Note that saying "works with Linux" is not the same as saying "supported on Linux".
>> So, at this point, I still plan to run Windows as my primary system,
>> while dual booting Linux and / or running it in a VM for learning
>> purposes and experimentation or maintenance with things that Windows
>> cannot do. I also don't have any licenses to install any other
>> copies of Windows.
>
>If you have professional versions of Windows, you have the licenses.
>Any bare-metal install of Win XP Pro or Win7 Pro may also be installed
>in a VM on under any other OS, even without uninstalling the bare-metal
>copy. (So long as you can only run one copy of each license at any
>time.)
>
Home versions.
>Anyways, I think you are crazy, and your arguments are strawmen or
>otherwise unserious.
>
Assuming you meant that the way you said it, I think that's a cheap and insulting shot. Comments like that do not welcome newbie and less experienced Linux users into the group, they drive them away. The group should welcome me as a new enthusiast if I am a user of Linux AT ALL. What I've done thus far is far beyond what many Windows users would put up with just to learn something new when they have no compelling reason to switch.
>> I will say this, with all the exploits being revealed in Windows,
>> Adobe, Java, etc., I am becoming more motivated to try to move to a
>> Linux primary and Windows secondary environment.
>
>Numerous exploits have been exposed in Windows since its earliest days.
>You claim to have been running it since then, but you are only *now*
>becoming concerned? Either you aren't the above average technology
>enthusiast you claim to be, or you have been rationalizing away your
>concerns for years. (I'm guessing the latter, since you seem to be
>otherwise well informed.)
>
I've been concerned since I plugged in the first network cable. I don't believe going all Linux would make me substantially safer. See extensive discussion above.
>> However, in my case, it's not at all a simple task. I use each of my
>> computers for different purposes.
>
>I too run a number of Windows-only software packages due to certain
>industrial equipment I make my living from. Some of that involves
>custom hardware that only has Windows drivers. Ever since USB
>passthrough to VMs became stable some years ago, I haven't had to run
>bare metal Windows for *anything*. Before that, I dual booted on
>demand.
>
>If you are serious about converting to Linux as your primary platform,
>don't wait--do it now with a Windows VM. Use host-shared folders for
>your documents within the VM, so as you find suitable Linux apps, you
>don't have to move anything.
>
>If you wait, you'll keep making lame excuses.
>
I'm not making excuses, and I don't need excuses. I'm doing what works for me in the way that it works for me to meet my computing needs. I have no intention, at this moment in time, of making Linux my primary system. I do intend to keep running it as a secondary system, testing it, learning it, and may convert to it once my concerns about usability and compatibility with the things I do are solved; or if the other concerns related to security become so large as to make me make the switch prior to the time I might have otherwise.
>Oh, and when the time comes to upgrade your hardware, and you need to
>move your setup to another machine, you'll think you've died and gone
>to
>heaven. Moving a VM from one box to another is so trivial, it is the
>only Turmel-approved way to migrate Windows.
>
That concept does sound interesting.
>HTH,
>
>Phil
>
>ps. If you want to maintain some of Window's classic user interface,
>while still getting lots of new UI goodies, try a KDE-based distro. I
>personally use KDE on gentoo, and I strongly recommend Kubuntu to
>friends and family.
Gonna keep that one in mind. Right now, I'm committed to trying Mint 13 / Mate.
Sincerely,
Ron
--
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity.
(To whom it may concern. My email address has changed. Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address. Please send all personal correspondence to the new address.)
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
More information about the Ale
mailing list