Thứ Sáu, 7 tháng 10, 2016

What's the point of Torrents in a VM? part 1

  • Col Peters

    Steve writes...

    block some poisoners and snoopers.

    What are these exactly ?

    Anyone thinking they're more secure downloading torrents in a VM are kidding themselves. The action of downloading torrents isn't inherently insecure anyway.

    Malware from torrentz comes from when you run the infected pirated crap on your main system.

  • Lebowski

    "Anyone thinking they're more secure downloading torrents in a VM are kidding themselves."

    So you are ignoring the fact that it is better to let the virtual machine get infected then the host machine?

  • 2010-Jul-7, 6:54 pm
    mattkenny

    Lebowski writes...

    So you are ignoring the fact that it is better to let the virtual machine get infected then the host machine?

    The act of downloading a torrent doesn't get your machine infected. Running a dodgy program you downloaded does. Even if you download the dodgy program in the VM, if you run it on your physical machine, it's your physical machine that will be infected.

  • 2010-Jul-7, 6:54 pm
    Col Peters

    Lebowski writes...

    So you are ignoring the fact that it is better to let the virtual machine get infected then the host machine?

    Infected by what, and how ?

    A large percentage of modern malware won't perform in a VM anyway � they detect it and behave themselves or don't run at all.

    It's when you run them on the host they get you.

  • 2010-Jul-7, 7:32 pm
    Ranova

    ColPeters writes...

    Malware from torrentz comes from when you run the infected pirated crap on your main system.

    +1
    You will only be compromised once you execute the code, not just by downloading.

    Only reason I am running my torrent/usenet clients in a VM is as one user mentioned earlier, I have a ESXi server running so I may as well use free resources on that rather than having two machines running overnight.

    For executing suspicious apps, then I have another VM in its own VLAN with no access to my main network. From there its quite simple to view the results before risking it on my main pc

  • 2010-Jul-7, 7:32 pm
    mau5

    a little overkill when all you need is decent anti virus. of course going to dodgy websites and downloading dodgy files is always going to be risky. It's better to not download these files and go for something more reliable.

  • Ranova

    mau5 writes...

    a little overkill when all you need is decent anti virus

    Yes and no.
    For me it was more the learning experience in setting up and configuring everything to work the way I planned.

  • Lebowski

    mattkenny writes...

    The act of downloading a torrent doesn't get your machine infected. Running a dodgy program you downloaded does.

    Oh, yeah for sure.

    I was just saying... it is just an added line of defense for someone who downloads a program that has a virus. I wouldn't go out of my way to set up a VM for it, I'd just turn something like Returnil on, but it is an option.

    Nor will I use torrents anyway, gotta make use of the usenet account I pay for lol.

  • 2010-Jul-7, 8:35 pm
    Col Peters

    Lebowski writes...

    I was just saying... it is just an added line of defense for someone who downloads a program that has a virus.

    Except that it isn't actually a real line of defense at all, it is a false sense of security.

    There's a big difference between downloading a 'virus' and running one, and running them in a VM is a totally unreliable way of checking if you just downloaded one, since a great many of them have been VM aware for years.

  • 2010-Jul-7, 8:35 pm
    Sima Yi 893

    I Am SmaX writes...

    And no � $9 a month, for unlimited bandwidth up/down at 100Mbit. I could pull a file down at up to 7MB/sec, then stream it to my connection comfortably.

    Where is this? :D

    I mean, where can I sign up to 100mbit down for $9? :D

  • 2010-Jul-7, 9:00 pm
    idealit

    mau5 writes...

    all you need is decent anti virus.

    This is incorrect. They do not all "catch everything all the time".

    Plenty of machines that I disinfect have up to date "decent antivirus" � probably in the same sort of proportion as they are installed on machines (ie mostly norton, sometimes mcafee, then other types).

    Often if the bad files are submitted to virustotal, some but not all of the antivirus programs being used there will detect that the files are malware.

    There is a lag between the time the malware is written and released, and when the antimalware vendors get a sample to analyse, and release thier updates. This means you are never really covered against the newest bad software that is out there.

  • 2010-Jul-7, 9:00 pm
    dbx

    I run utorrent under WINE in a Ubuntu Guest VM on a Ubuntu Host. :)

    I run any dodgy keygens under WINE in the Ubuntu Guest VM. I figure its kinda hard to infect my host under all those layers of emulation :)

  • 2010-Jul-7, 9:06 pm
    Gesk

    Sima Yi 893 writes...

    Where is this? :D

    I mean, where can I sign up to 100mbit down for $9? :D

    www.santrex.net

  • 2010-Jul-7, 9:06 pm
    Stuart Anderson

    rar222 writes...

    Why not just use something like http://www.sandboxie.com/ � that's much easier than stuffing around with VM's.

    Perhaps because it has some security caveats when it comes to 64-bit Windows (See here: http://www.sandboxie.com/index.php?NotesAbout64BitEdition)?

  • Col Peters
    this post was edited

    Stuart Anderson writes...

    Perhaps because it has some security caveats when it comes to 64-bit Windows

    Hardly. Considering that kernel mode rootkits simply can't work in winx64, and that user mode rootkits tailored to exploit x64 aren't known ITW (TMK)

    As per your link:
    It should be noted, however, that even with this disadvantage, the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software.

    So with UAC on the worst a malware can do is infect a user account, which is trivial to clean, which is why:
    Additionally, in order to compensate for this disadvantage, the 64-bit edition of Sandboxie enables the Drop Rights setting by default.

    Whilst there's a few sensible reasons here why people might want to do their torrenting in a VM, "added security benefits" isn't one of them IMO.

  • oak

    Moving this to Peer To Peer as that seems more appropriate.

  • Yale

    Torrenting in a VM was the easiest way for me to use two separate Internet connections on the one PC.

  • Stuart Anderson

    ColPeters writes...

    Hardly. Considering that kernel mode rootkits simply can't work in winx64, and that user mode rootkits tailored to exploit x64 aren't known ITW (TMK)

    And the Titanic was unsinkable.

    Whilst I tend to agree with what you've said, the simple fact remains that Sandboxie runs differently under 64 bit than it does under 32 bit (even on the different versions of Windows 7). That could certainly be enough of a reason for a person to choose not to use it on Windows 7 (whether you agree with that concern or not). That's what a caveat is � something you need to be aware of, not an outright preclusion.

  • 2010-Jul-8, 3:58 am
    xtra-sauce

    Uniden writes...

    Should I still do it if I am with private trackers?

    Its your choice. Private trackers are usually attached to a community forum so theres more emphasis on having files that dont contain viruses.

    I on the other hand like to have a little bit more security for those situations when something leaks through.

    I have peerblock and av installed onto my VM for more security also

  • 2010-Jul-8, 3:58 am
    Sm1th

    My Linux server is headless and I like playing around and testing Kernel Virtual Machine, so I have a VM setup to do things like torrenting or ircing etc.

    Works well, why not. Allows me to have a minimal install for the server and if I mess up the VM I can just restore a backup without even rebooting the machine.

  • 2010-Jul-9, 8:42 pm
    Uniden
    O.P.

    So,

    What kind of applications would be recommend to be ran in a VM?
    Also, what apps are there to be run in a VM?
    I have a server running 24/7 and at the moment all it does is torrent and serve files.. Could I get more out of it?

  • 2010-Jul-9, 8:42 pm
    spunkarooney

    Uniden writes...

    What kind of applications would be recommend to be ran in a VM?

    The only thing I run in one VM is Internet Explorer :)

    That machine is VPNed to Switzerland, home of privacy.

  • 2010-Jul-9, 9:07 pm
    Uniden
    O.P.

    How do i get a vpn?

  • 2010-Jul-9, 9:07 pm
    spunkarooney
    this post was edited

    Uniden writes...

    How do i get a vpn?

    Many threads about this /forum/?action=threads_searchft&q=vpn&f=&g=0&m=

    Having said that, one that I can recommend as being reliable, is www.witopia.net

    It gives you the choice of multiple locations in multiple countries � a list which they have recently expanded.

  • 2010-Jul-9, 9:52 pm
    shnl

    My ubuntu runs 2 VMs, one for uTorrent, and another runs wamp for development. It just lets you modularise things and keep them nice and separate without worrying about messing up your environments.

  • 2010-Jul-9, 9:52 pm
    meh!
    this post was edited

    Just setup Server 2012 with hyper V.

    I set up a VM with win 7, disabled the firewall and installed the latest u torrent.

    Speeds are very inconsistent 0 � 1MB/s, and drops randomly to 0kbps.

    I have gone through a variety of settings in utorrent and also downgraded to 2.2.1 i think it is, it seems a bit better.

    Have also port forwarded the required port in my routers settings.

    Has anyone else run into issues like this with torrenting through VM ?

    EDIT

    i might add that when i do the speed guide utorrent is convinced the port is not open, i have re-done this, restarted the router and the VM to have the same result.
    These VM's are a part of a domain i created.

    I ran a speedtest on the VM it got about 60mbps, i did a speedtest with my phyiscal desktop also connected to the same domain, and it got 110mbps.

    This is a HP N36L

  • meh!

    Anyone?

    Know it's an ancient thread bump!

  • FerretallicA

    Uniden writes...

    I see people running their torrents and other applications in a VM (I assume Vmware?).. But I don't see the benefit of it?

    Not only do I not see any worthwhile benefit to it, the performance of virtual NICs is still complete ass in both VMware and VirtualBox. Anything as network-intensive as torrents are one of the worst possible common usage scenarios I can think of virtualising.

  • 2010-Jul-10, 11:42 am
    raxxy

    FerretallicA writes...

    the performance of virtual NICs is still complete ass in both VMware and VirtualBox.

    Sorry, but the vbox machine running on my 10gbit server can easily achieve 2-3gbit/s per thread.

    get some accurate info before trying to look intelligent. :)

  • 2010-Jul-10, 11:42 am
    clownius

    I have also seen more than a few VMs bug out and send the same report over and over and over. I tell users that using a VM is your own risk. I could get you banned when (not if) it acts up.

  • FerretallicA

    raxxy writes...

    Sorry, but the vbox machine running on my 10gbit server can easily achieve 2-3gbit/s per thread.

    Throughput is not the sole measure of performance. I can get 'high speeds' too but CPU usage is disproportionately high when virtual NICs are under load and the round-trip time is atrocious.

    get some accurate info before trying to look intelligent. :)

    Pot, kettle.

  • A Fool

    I would imagine it largely depends on whether the virtual OS can DMA to the NIC or not.
    If running in PIO mode (ie CPU does not support IOMMU (some Intel CPUs) or you don't have a dedicated hardware NIC assigned in), expect high CPU usage or performance degradation, as your CPU has to transfer all the data manually.

  • sthm

    A Fool writes...

    I would imagine it largely depends on whether the virtual OS can DMA to the NIC or not.
    If running in PIO mode (ie CPU does not support IOMMU (some Intel CPUs) or you don't have a dedicated hardware NIC assigned in), expect high CPU usage or performance degradation, as your CPU has to transfer all the data manually.

    Wow, you must be getting some really high download speeds. I have an encrypted drive on a low power atom, which is running mythtv also. The entire disk is encpryted. With aes xts 512 his its at about 25m bytes/s 30 with 256 bits only and 85 without encryption. I can quite easily record HD DTV at about 6m bits/s and the 22 m bit link at the same time.

    All this on 10 watts

  • Không có nhận xét nào:

    Đăng nhận xét