VM Software Most Secure From Exploits

Which proprietary VM software is least likely to be exploitable by an attacker, and why?

Which free, open source VM software is least likely to be exploitable by an attacker, and why?

Attached: VB.png (552x347, 125K)

Other urls found in this thread:

en.wikipedia.org/wiki/Blue_Pill_(software)
twitter.com/NSFWRedditGif

>proprietary
VMWare vSphere because muh enterprise
>open source
QEMU/KVM+libvirtd because muh enterprise again (Red Hat)

Which, of those listed or those that will be listed, are easy enough for a grandma to learn to use?

Also, which have checksum abilities, to ensure that the ISO, etc. haven't been altered?

>Also, which have checksum abilities, to ensure that the ISO, etc. haven't been altered?
Don't they all?

disable VT-X or AMD-V and use the latest virtualbox

What are VT-X and AMD-V, and how do you disable them? I assume they are vPro/AMT. Also, what do you do for allowances in VirtualBox? For example, do you allow the VM to use your speakers for audio, etc.?

>and how do you disable them?
BIOS setting.

If you use bridged mode there might be no need for any exploits, as its vulnerability by itself.
dont use bridged mode.

What is bridged mode? Quick rundown. I assume it's letting the VM use your speakers, etc.

exploits exist that only work using hardware virtualization (vt-x and amd-v)
en.wikipedia.org/wiki/Blue_Pill_(software)

all of them have undiscovered issues.
big cloud providers spend insane amounts of cash and time on hardening and custom exploit mitigations, but still get pwned regularly (by their own security consultants if not by external hax0rs).
as a home user you probably shouldn't worry too much. I am not aware of any non-targeted malware that tries to escape vms.

You’d need vt-x for GPU passthrough correct? Any other benefits that you might lose to vt-x? I find this interesting because qubes OS requires vt-x iirc and it’s supposed to be very secure.

Is anything lost by disabling VT-X and AMD-V? What about OSes like Qubes, that must have virtualization in order to run? I thought enabling virtualization was not only a good thing, but a needed thing for VM security, and in Qubes' case, functionality?

Oh never mind I see that exploit was created by qubes OS founder in the first place so qubes must mitigate that somehow.

no, vt-x is cpu virtualization. vms will run like shit if you have it disabled.
vt-d is the thing you need for pci passthrough.

Is it reasonable to assume that the most industry-used VM software is probably the safest to use?

>exploits
>Mluepill
that's not an exploit, though.

network bridged mode, sorry

Why would that be reasonable to assume? "Most industry-used" technology has massive vulnerabilities all the time.

What is network bridged mode anyway? I'm a noob but I want to learn. Also, what about using a VPN on your host, and a VM to browse with? Anything wrong, network wise? Anything to remember to do?

have fun figuring out which one that is. aws, azure and google use custom closed source hypervisors.

>You’d need vt-x for GPU passthrough correct?
That's vt-d or whatever AMD calls its IOMMU.

Many more eyes on it and fixing it, much more money to test and fix it, etc.

Is it true that in any case of having your site/transactions on third party servers, they have your passwords and details? For example, if MasterCard used Azure, etc. servers, Azure/Microsoft/whatever would have every MasterCard user password, transaction information, etc.? How would a major company balance such information compromising ability and trust with cybersecurity, since obviously having third party servers is more secure from attackers than hiring your own?

Attached: 1555081302012.jpg (1500x937, 377K)

and yet we still end up with decades old bugs discovered in software like OpenSSL

True, but there are undoubtedly less bugs in something used by 500 major companies that is actively maintained and used vs. some shitheap made-by-one-man-a-long-time-ago software that is used by 1,000 people globally, I assume, assuming it's the same type of software.

false

they could intercept any credentials that pass through their servers, of course, but that would be highly illegal.

all software has bugs.
you should look for security audits.
from what I've seen, the most targetted is vmware, and apparently the easiest one to find bugs is VirtualBox.
I'd use QEMU/KVM/libvirt.

>I'd use QEMU/KVM/libvirt.
How easy is that for a grandma to learn to use? Does it have snapshots? Does it have checksums?

It’s not as easy as VMware or virtual boxes. There’s also gnome boxes if you use gnome.

>How easy is that for a grandma to learn to use?
It's a bit clusterfuck to set up the initial config, I highly recommend using the Qemu-monitor-thing.

>Does it have snapshots?
Yes

>Does it have checksums?
I'm not sure what you mean by this (maybe I'm just being retarded), so I don't know. But KVM/Qemu is extensively documented, you can probably find relevant info there.

> How easy is that for a grandma to learn to use?
Like VMWare Player if you use virt-manager.

retard thread. move on everyone

>disable VT-X
what? why? kek

security flawz by your boys in blue

because nested virtualization works via emulation.
Aka, they emulate the virtualization hadrware support on software level. that's very bug-prone, and your VM likely doesn't need virtualization.

Bumping

you know you can disable nested virtualization without disabling vt-x, right?
also,

nested virtualization is literally vt-x emulation for guest, your sentence makes no sense.
or did the poster who said disable vt-x meant disabling vt-x on the host hardware?

>nested virtualization is literally vt-x emulation for guest
AFAIU, nested virtualization means using vt-x extensions inside the guest. that can be disabled, and if you do that, the virtualization software inside your VM will simply not run the virtualized nested machine.