Getty Images/iStockphoto
Can a virtual machine get a virus like a desktop can?
There is a perception that virtual machines are completely secure and immune to all malware, but the reality of virtual machine security is much more complicated.
As an IT administrator, a common practice is to use an extra virtual machine to perform a variety of management and testing tasks.
The isolated nature of virtual machines (VMs) lets desktop administrators protect the underlying desktop from potential malware. However, this can lead to the reputation that VMs are immune to viruses.
It's important for admins to understand what types of security risks are present with virtual machines, whether they can get viruses and how to ensure VMs are secure.
Can virtual machines get viruses?
VMs can get viruses just like a desktop or laptop. While there are many of the same security risks with VMs and desktops, VMs in an enterprise environment have a major benefit: In most instances, only trained IT admins use them. This isn't an architectural benefit, but it can ensure a user won't open a personal email containing a virus link on the machine.
Additionally, the sandboxed nature of VMs lets admins disable all access to the internet to further secure the machine. A VM can also be set up to only connect with a VPN to the server back end when performing management tasks. This removes any chance of downloading a virus from the internet.
Despite all these measures, it's still possible for a virtual machine to get a virus. For example, a virus in the enterprise environment can travel back to the VM over the VPN. This is why antivirus software should always be used, including on a VM.
What happens when a VM gets a virus?
The consequences of having a virus on a VM depends on the type of virus or malware; however, the effects will occur only on the virtual disk.
For example, ransomware within the VM will encrypt files on the Windows installation within the virtual disk. But because the virtual disk is just a .VMDK file on a user's laptop, it can quickly be deleted or replaced with a backup or snapshot.
If spyware is placed on a VM, it can take screen captures of a user's screen but it can't make screen captures of the host machine.
An important thing to remember is that viruses want to spread to connected machines. The host laptop machine should therefore be protected with options from virtualization vendors.
In addition, admins can restrict the ability to share folders between the host and VM, communicate via the network connection, and cut and paste between the VM and host. To be extra safe, ensure the virus scanner on both the VM and laptop are up to date and that folder and network sharing is turned off.
What should you do when a virtual machine gets a virus?
If a virus is detected on a VM, close any open VPNs connecting to the enterprise back end and shut the VM down. Then notify other administrators that the VM is compromised.
Virus scans should be implemented on any servers that were connected with the VM and the host device should also be scanned. Then delete the VMDK or restore it with a snapshot or backup of the VM.
Should you use a management VM on the server back end?
Another form of VM administration is running a VM on the enterprise server network. This VM could also be a Remote Desktop Session Host that lets additional administrators sign in and manage the environment. For IT, this is much better than letting administrators sign into domain controllers to perform domain management tasks.
If hackers get access to this VM via a virus, they can reach all other systems and use the tools on the VM to infiltrate the enterprise. That's why it's essential that a management VM never has access to the internet and that an administrator never performs personal or private tasks on the VM. Also, the VM will need a virus scanner. If the VM gets a virus, it's important to turn off the VM, scan the entire network, and then delete the VM or restore with a snapshot or backup.
Can nonpersistent VMs improve security?
One option is to use a non-persistent management VM on laptops or within the enterprise server environment. But this will not automatically protect an organization from viruses, as the virus can spread over the network or be transferred to the host machine.
There is one big advantage to using a non-persistent VM: Rebooting the VM can get rid of the virus. This is because each time a non-persistent VM is rebooted, it's reset to a pre-divined state that does not include the virus. But it's still important to run a virus scanner on the VM to receive an alert when a virus is present.
Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the standardization and automation of IT services.