Author Topic: Free & open source alternative to vmware  (Read 8791 times)

0 Members and 1 Guest are viewing this topic.

May 30, 2008, 10:10:04 pm
Read 8791 times

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
It's called VirtualBox. It's like vmware, but better, free and open source.
http://www.virtualbox.org/

It supports snapshots, has a friendly UI, multi-platform, and has some really clever features like a built in vrdp server and supports headless clients.

It's ideal for all your sandbox needs. :)

Thanks,
TJS

May 30, 2008, 10:24:44 pm
Reply #1

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
As far as I know the history of this tool, it is QEMU on steroids, so the virtualization and security is just like in QEMU.

May 31, 2008, 10:40:31 pm
Reply #2

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
I've personally had some bad experiences trying to get QEMU working over vnc or to run an os headlessly. It's just personal opinion here, but I think VirtualBox is far, far superior.

Further, I've been experimenting with some vm/anti-vm detection techniques and have successfully able to circumvent most of the known techniques by using a full processor emulator like simics... I'm tempted to try bochs (because it's free)... Has anyone else done any experiments like this to compare the value of using a real emulator instead of a virtual machine for malware sandboxing?

Here are some links to good research on vm detection techniques:
- http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
- http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
- http://www.offensivecomputing.net/files/active/0/vm.pdf

PS: This isn't your typical stupid bluepill/redpill stuff ;)

TJS

June 02, 2008, 02:49:13 am
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I was gonna try VB till I noticed it's RAM requirement of 512MB (only machine I've got with that is one of my servers, my lappy (which I use for almost everything else) has only 320MB so wouldn't suffice).
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 02, 2008, 05:37:36 am
Reply #4

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
It's probably not a good idea to run any virtual machines with only 320 mb of ram. :)

June 02, 2008, 05:46:51 am
Reply #5

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
hehe definately not a good idea <g>
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 02, 2008, 06:46:37 am
Reply #6

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
CM_MWR is likely right about security issues in VirtualBox... I should qualify my definition of 'better' as being due to the price tag. It's hard to compete with 'free' (VMWare Workstation costs $189). :)

FWIW I run VirtualBox on a linux host with multiple XP guests and it's been working pretty flawlessly. That being said, I have to admit that i've not done any security testing but your comment about memory swapping has got me very curious.  Can you suggest any pointers or bug numbers about this issue?

As for it being owned by Sun.. I'm not as pessimistic as you are... The code is mostly GPL so they'd have to upset quite a few people off by going closed source or commercial.. Further, there are free offerings in this space-- like Microsoft Virtual PC. So perhaps Sun will want to compete in the free market after all? Longshot, I know.. But anything is possible.

TJS

June 02, 2008, 08:46:23 am
Reply #7

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
GPL can't stop anyone to go closed source. Author can change the license at any time.
Only good thing is that the releases done under GPL mus remain GPL, so someone can fork the project from the last GPL release.

June 02, 2008, 08:20:26 pm
Reply #8

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Good point. Getting networking to work in virtualbox is a total nightmare.

I spent days trying to make a very simple scenario work: Linux host, windows guest. Nat networking (default). The windows box gets an IP and can ping the gateway, but is unable to access the internet. It might have just been me, but after lots of searching the web, testing random stuff, and bothering the devs on freenode, I found a solution that works:

1. configure the guest with the hosts DNS settings (dont waste your time with the DHCP-assigned dns
server)
2. run the internet connection wizard in xp and tell it you're connecting through a LAN (seriously. it's the only way.)

If this randomly helps even a single person, i'll be happy... I had to go through hell for this simple advice.

TJS

June 25, 2008, 04:59:36 am
Reply #9

spywarebox

  • Newbie

  • Offline
  • *

  • 4
I've been using Virtual Box on Ubuntu and it is a far better solution compared to Vmware (in my opinion).
I had been trying different alternatives: VirtualPC, QEMU.... VirtualPC was OK but same problem as VMware... threats dont execute... QEMU, good concept but painfully slow!

My main concern was that too many threats are vm aware... it was getting ridiculous at one point to see that even the Zlob Trojan would behave totally differently on a real machine.

Things I like about Virtual Box:
- free
- fast
- threats that are usually Vm aware execute fine
- snapshots are so fast to restore (5 sec)
- nice and simple GUI

As far as security goes, I would not recommend using it under Windows, especially if the Shared folder option is enabled. Malware has a tendency to jump out of the box easily  ;)

So if you're running under a non Windows OS, you should be fine.

Of course, nothing beats the real environment, but you need to have the resources for it.

September 04, 2008, 02:00:50 am
Reply #10

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
If you (or anyone) ever sees malware jump out of a virtual machine, PLEASE post details on this forum, or send me a PM. I'll gladly buy you a beer.

Thanks,
TJS

September 05, 2008, 06:00:51 am
Reply #11

sowhat-x

  • Guest
VirtualBox has just been bumped up from v1.6.6 to...v2.0.0:
http://www.virtualbox.org/wiki/Changelog

September 05, 2008, 06:56:26 am
Reply #12

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
@TJS

All need do is install a Vbox and run NAT via the Wireless Card then head for the Porntube sites.

Watch you host get infected with wareout,mine did,3 times  :-[

If that doesnt suffice,get ya vbox up and running and head over to google.cn then start searching for cheats to players for WOW64 or whatever that crap is called.

Hit a couple of WOW forums and I promise,youll not have the same host...ever again.

VMware allready has some more issues they are assessing and they too have some holes to fill.

Glad this new version is out,1.6 was better but its still leaving alot to be desired.

Definilty cant beat the price tho.  :D

October 25, 2008, 09:43:38 am
Reply #13

sowhat-x

  • Guest