Using Virtualization to Protect from Internet Malware: Part I

Spyware is a huge threat for modern Windows PCs (see my separate article on spyware here). Sometimes, even when using Firefox, you can still be infected with spyware. This usually happens when some program you install (that includes some form of basic spyware) launches Internet Explorer in the background, thus allowing spyware back into the system. There is no fool-proof method to eradicate spyware once and for all, unless you carefully screen all of your downloads and never run any untrusted programs. Few computer users want to be bothered with the task of researching and confirming the safety of every single program they run on their computer, so that means the vast majority of people will be potential targets of spyware. Using Firefox consistently is the single most effective prevention method for spyware, but it is not by any means 100% guaranteed to stop all of these pesky threats from invading your system.

Introduce PC virtualization. Essentially, virtualizing a PC is the act of using software to simulate hardware. The products that allow you to “virtualize” have been around since the conception of computers themselves. Put in simple terms, if you have the correct software, you can simulate another computer that will run on top of your current system. Even if you have one computer, you can simulate dozens of computers (assuming you have enough hard drive space and RAM to harbor all of them) with virtualization. You still may be confused as to what I mean, so I am going to introduce virtualization using a series of screenshots and descriptions. The software that I use to accomplish virtualization is called VirtualPC. Both work fundamentally the same and their only differences are irrelevant to most normal computer users. The reason I use VMware is because of the snapshot feature that makes this particular anti-spyware method easier to implement.

Before I get started, I just want to introduce two popular vocabulary words. A “host system” is the system that runs the virtual computers inside it; in other words, it is your “real” computer. The “guest system”, on the other hand, is the virtual system itself (the “fake” computer). I will use the host/guest words to refer to the different systems from now on, instead of real/fake.

Beginning the VMware program works the same as any program. I simply click the icon on my host computer’s desktop (this was setup when I installed VMware).

When the program is opened, it looks like follows:


I chose to open a virtual machine. If I wanted to, I could have previously put the desired virtual machine in the favorites panel you can see in the screenshot above. I didn’t because I wanted to show you that this virtual machine is simply a file on my host computer.


The following screenshot shows the main screen you get after opening any virtual machine file. If I were to close the program at this point and reopen it, it would bring me right to this screen. VMware remembers your last virtual machine and will show you the main screen for that machine whenever you start the program.


Because I want to simply demonstrate what a virtual machine is, I just pressed “Start this virtual machine”. I won’t bother with the other buttons for now, and you will rarely have to worry about them at all. What then occurs is the VMWare program displays its logo as it is starting up the Virtual machine. This is the same as Dell or HP displays its logo when you power on your actual computer.


After the VMware logo is displayed, the virtual machine then proceeds to boot, just like any computer would boot. Because this virtual machine has Windows XP Pro on it, the screen shows the Windows logo that all of you XP users will be familiar with.


From here, the computer finishes booting. I have automatic logon enabled on the guest system, so I don’t get the Windows XP logon screen that some of you probably are familiar with. Instead, it goes straight to my desktop. This is a pretty fresh Windows install so it still has the green pastures as the desktop, and I have yet to turn off the automatic updates notifier. The only thing I did was install Firefox (something anyone who cares about spyware prevention should do).


Now, to actually use the guest system, I have to click anywhere inside the area that it is being displayed. This causes VMware to “capture” the keyboard and mouse of my computer. Now if I press the Windows key (which brings up the start menu), it will do so inside the virtual machine and not on my actual computer. Anything I type will appear inside that window. Also, my mouse cursor will be restricted to that small area and cannot leave the virtual area. The way you release your mouse and keyboard so you can use your underlying (host) system again is by pressing CTRL+ALT. That instructs VMware that you want your keyboard and mouse back in your real system.

Working inside that little box is no fun. It is even worse if you have the same screen resolution on your virtual machine as you do with your main system, as then the box that displays the virtual machine will have scrollbars and some of the screen will not be showing. To combat this, VMWare has a full screen mode. By pressing the button that is highlighted in the below screenshot, the virtual machine expands to the entire screen. When you are in full screen mode, you can fool anyone, as the virtual machine will look exactly like a real computer. You can escape full screen mode by using the same CTRL+ALT key combination.


Going to the start menu and pressing shut down within the virtual machine will proceed to shut the system down. When it is finished, you will be back to the main screen of VMWare shown a few screenshots up.

That’s all there is to using a virtual machine. You should now have a more clear idea as to what a virtual machine is. Just think of it as a fake computer that is inside your main computer and you will rarely get confused. The biggest thing to keep in mind is that it is a completely separate computer. As far as the local area network goes, it will appear to be a separate machine. Also, it shares no files or settings with your actual underlying system. That is an important concept to grasp before we move on.

All of this talk of virtualization may have you confused. What does it have anything to do with spyware? Virtualization can be used for many things. For example, IT professionals use it to test software before using it on production machines. Help desk personnel use virtualization to have various versions of Windows a mouse click away so they can give exact instructions over the phone without having more than one computer. Virtualizing servers is also becoming popular nowadays because it is more secure and easier to recover from a disaster. After all, if your virtual computer is taken over, it doesn’t do any harm to your main system. With proper firewall rules, virtual servers can be completely contained from a network. The same idea can be applied to home users, except instead of hosting a server all we will be virtualizing is an Internet computer.

That is, we can setup a virtual computer that has nothing but Windows XP and the Internet on it. Then, we can browse the Internet to our heart’s content. Even if some spyware slips between the cracks, it will never affect our underlying system with all of our files and important data. Far too many times are people required to reformat their hard drives and reinstall Windows because they caught a bad case of spyware or were infected by some nasty virus. If the same thing happened in a virtual machine, it would require you to do the same thing… except virtually. That means that reinstalling Windows in your virtual machine will have no effect on your files on your main system.

VMware also has a new feature called snapshots that rids the need of reformatting even the virtual system. Simply put, if your virtual computer gets all kinds of spyware or viruses, you can simply revert to the latest snapshot (before all the spyware showed up). It works sort of like Windows Restore should work, but I think we all know that Windows Restore doesn’t help the spyware problem. In the next post I am going to give step-by-step instructions to implement this snapshot system with VMware.