9

If I install Windows XP as a Virtual Machine with no network connection, is it safe from being hacked? My main OS would be Windows 8.1 with internet.

Anders
  • 64,406
  • 24
  • 178
  • 215
Joe
  • 151
  • 2
  • 4
  • 6
    Can you be more specific as to what is "safe" in this context ? Security is not a button or a feature that you can just turn on and off. It's a scale with as many layers as you can imagine (see @RoryAlsop 's answer). – Radu Murzea Dec 21 '16 at 16:21
  • 6
    It depends, the XP VM is only as safe as the Windows 8.1 host. If an attacker compromises the 8.1 host and maps your XP VM's startup folder to be accessible from the 8.1 host then they just have to place a malicious file in there and basically you will end up compromising your own XP VM upon the next bootup. – MonkeyZeus Dec 21 '16 at 16:24
  • 2
    You can infect it by plugging usb drives. – Aria Dec 21 '16 at 17:25
  • Depends on which answer you want. As #Morpheus said "You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit hole goes." – Aron Dec 22 '16 at 05:10
  • See the story of [Stuxnet](http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet) to get an idea how you can get hacked even without internet connection or concerns about your host OS. – Pavel Dec 22 '16 at 08:35
  • It's as insulated as the host it's running on — and therefore probably safe enough for you to use (assuming the host is adequately secure). – martineau Dec 22 '16 at 09:28
  • You seem to be mainly considering hacking via the network, what about physical access? Is it in a secure location? – mattumotu Dec 22 '16 at 13:19

3 Answers3

33

No - because your VM is inside a machine connected to the Internet it is not safe.

It is protected, yes, but that protection is only as good as the protection the host machine provides.

An attack could compromise the host machine via its connection, subvert the hypervisor and compromise your VM. Read this question and others in the Related sidebar to the right.

The only way to make a machine "safe" from being hacked is to have no Internet connection, no ports, no USB, no hard drive, no keyboard...in fact you'd need to unplug it, remove its RAM, bury it in concrete, etc...

This is the reason for a lot of the clarification around "safe" - you can make a machine sufficiently safe for what you want to do with it. It would require a lot more detail than your question provides.

Community
  • 1
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 3
    Even the computer buried under concrete isn't safe if the attacker wants it badly enough and is handy with a jack hammer. – Seth R Dec 21 '16 at 16:01
  • 1
    @SethR The attacker will have a hard time gleaning anything from a machine with no hard drive and no RAM; presuming the user's favorite correct horse battery staple was not used to secure the BIOS. – MonkeyZeus Dec 21 '16 at 19:37
  • 1
    That would lead me to question why the attacker wants it so badly, but still wouldn't protect it if they did. – Seth R Dec 21 '16 at 19:42
  • @SethR: I have ways of defeating jackhammers. – Joshua Dec 21 '16 at 20:05
  • 1
    Reading your answer, I wonder why the question isn't closed as 'Too broad'. – Mast Dec 21 '16 at 23:09
  • 2
    @Mast - The question itself is fine - the answer is a simple No. I was just trying to hammer this fact home. With comedy. Or jackhammers... – Rory Alsop Dec 21 '16 at 23:15
  • Why do you need a jackhammer? Concrete only marginally makes it more difficult to look at the screen. https://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html – Aron Dec 22 '16 at 05:14
14

It is as safe as a Windows 8.1 machine with an internet connection.

Since the VM has no network, the only way to access it would be through the host machine. If the host machine is compromised, you can consider any VM running on it to be compromised as well.

The only machine completely safe from being hacked is the one that is unplugged, switched off, and locked in the basement (actually, that isn't even safe if the attacker is able to get into your basement). If you want to actually use the machine, all you can do is add enough security deterrence so as to make it more trouble to hack than the value of the machine is worth to the hacker. Any system can be compromised if the hacker is willing to go to the trouble.

Update after a little more thought: I want to elaborate on what we mean we say a system is "safe." It isn't a binary thing. What you really have is a ratio of worth/trouble (as in, "is it worth the trouble?") In general, we can call a system "safe" when that ratio works out to a value between 0 and 1. That is, the trouble is more than it is worth. You need to be really careful when making that designation, though, as the values you assume for worth and trouble may be different depending on who you are dealing with ands what you are protecting. An attacker on the other side of the globe will have more trouble than one who already sitting at your keyboard. A computer with lots of valuable personal and financial data will be worth more than one that doesn't. A computer that only has family pictures may be worth more to a hacker with a weird desire to collect such things, than to the rest that don't care. And don't underestimate the worth to a hacker that is just bored and wants to see what they can do.

So I have to answer your question with a question: What are you protecting and who are you protecting it from? Putting it on a VM increases the trouble value a little bit, but not by much if you don't take any other measures. Does your worth/trouble calculation come out to more-than, or less-than 1 for the hackers you think you are likely to encounter?

Seth R
  • 350
  • 1
  • 7
  • It's safer than a Windows 8.1 machine connected to the Internet. Win8 might have unknown vulnerabilities. I'll bet a big enough packet flood would slow it down at least. – sudo Dec 21 '16 at 21:40
  • @sudo: And flooding the host will slow down the guest. So no, it is not "safer". – Ben Voigt Dec 21 '16 at 22:00
  • The OP is asking if his VM without a network connection is safe from hacking when the host machine he is running it on is connected to the internet. Since he does not mention any further precaution to protect the VM, we can assume the host machine is the last line of defense. If a hacker can break into the host machine, they can potentially get into any VM running on that machine, whether that VM has internet or not. The VM is as safe as the host it is running on. – Seth R Dec 22 '16 at 16:04
4

Yes, it is safe from being hacked, as long as host stays safe (in particular hypervisor running on host). At least it is not more unsafe than host OS itself.

yyy
  • 159
  • 1
  • 5
  • Dunno about it being "not more unsafe" than the host OS. Could it be possible to exploit vulnerabilities in XP and then leverage the compromised VM to comprise the host in ways you couldn't without it? – jpmc26 Dec 22 '16 at 00:15
  • @jpmc26 But how would you get into a position to exploit vulns in XP without first compromising the host? – Bob Dec 22 '16 at 02:57
  • @Bob That's why it's a question and not statement. =p And the question isn't, "Can you do it without compromising the host?" The question is, "Does it open additional attack vectors once the host is compromised?" I don't know. It could be something as simple as triggering behavior that crashes the host OS and makes any services unavailable. – jpmc26 Dec 22 '16 at 03:02