locked
Vista, OneCare 2.0 and Virtual PC problem ? RRS feed

  • Question

  • Host OS is Vista SP1 with up to date OneCare 2.0

    Firewall notifications as well "always ask whether to block or allow program" are both enabled

    Virtual PC is not on the list of allowed neither blocked programs to access network and there is only one network physical card on the machine.

     

    So I recently installed Virtual PC 2007 and then Windows XP as guest OS.

    I can surf internet from IE7 on guest OS without problem and OneCare on the host OS does not bother to display any notifications, does not ask whether to allow Virtual PC to access the network.

     

    Is this normal ?

    Looks like a nice way to exploit.

     

     

    Wednesday, May 14, 2008 3:25 PM

Answers

  • Yes, that is normal. As long as Virtual PC is allowed to use the physical network adapter, and it is in the allow list in the firewall as a recognized program (and it is - I use it and you should see it in the allow list - Virtual PC 2007 is in my list), all actvity on the guest OS is seen by OneCare as VPC 2007. Programs on the guest are *not* able to interact with the Host in any other way, though, since it is a Virtual OS. If you use File and Printer Sharing, it will need to be allowed by OneCare on the Host for the Guest to access files on the Host.

    -steve

    Thursday, May 15, 2008 5:15 PM
    Moderator

All replies

  • Yes, that is normal. As long as Virtual PC is allowed to use the physical network adapter, and it is in the allow list in the firewall as a recognized program (and it is - I use it and you should see it in the allow list - Virtual PC 2007 is in my list), all actvity on the guest OS is seen by OneCare as VPC 2007. Programs on the guest are *not* able to interact with the Host in any other way, though, since it is a Virtual OS. If you use File and Printer Sharing, it will need to be allowed by OneCare on the Host for the Guest to access files on the Host.

    -steve

    Thursday, May 15, 2008 5:15 PM
    Moderator
  • I wrote:

    "Virtual PC is not on the list of allowed neither blocked programs"

    so I should see OneCare alerts because notifications are enabled but I do not see any.

     

    I even reinstalled host OS because I afraided some malware sneaked into machine.

    After reinstallation Vista started to download updates from internet but immediately after updates were in place I installed OneCare and then MS Office, Virtual PC.

    The other apps I installed later from Internet were only Adobe Reader and Skype.

    Still no difference - no alerts from OneCare when guest OS on Virtual PC accesses Internet.

    It kind of makes me scary.

     

    Thursday, May 15, 2008 11:29 PM
  • I know what you wrote. :-)

    I also know that Virtual PC is a recognized application. As such, it has full access to the network. If you want to protect the guest OS, you would need to install security software on it. The virtual machine is unable to access *any* of your host OS except via File and Printer sharing if it is allowed. Programs and processes that need network access on the guest OS are not passing through the OneCare firewall, Virtual PC is.

    -steve

     

    Friday, May 16, 2008 12:34 AM
    Moderator
  •  

    Please understand I do not see Virtual PC as recognized on the list of programs in OneCare.

    In such case any guest OS running on Virtual PC should NOT be allowed to access network, right ?

     

    No, at the moment I am not concerned with protecting guest OS.

    I am only concerned why guest OS is allowed to access network thru Virtual PC although Virtual PC is not listed as allowed program in OneCare firewall.

    Friday, May 16, 2008 11:43 AM
  • As I said, I understand that completely.

    Yes, any guest in VPC has full network access as defined by whatever firewall is installed on the guest OS.

    OneCare does not list all programs and processes that have been granted access unless you have set OneCare to *always* prompt you for permission. Virtual PC is a recognized program in the list of trusted programs built into OneCare.

    And, as I said before, the Guest OS is *completely* unprotected unless you install protection on it. Once VPC is given access to the network anything that goes on inside the VPC, running in the guest OS is provided full access to the network. It does *not* have access to the Host PC except via File and Printer Sharing, if you have it enabled.

    -steve

     

    Saturday, May 17, 2008 12:45 AM
    Moderator