[dayglored]

[[If you only have the one hardware machine, and it’s got Win7 installed “on the metal”, you might want to consider getting some virtualization software (VMware, VirtualBox, etc.) for Win7, create a (free) Linux VM, and use only the Linux VM for accessing the internet.]] > If you do this with windows as the host- aren’t you still somehow vulnerable on your windows os? I’m not sure how htis works- I nkow that if the host and VM share folders, it can make both vulnerable- but not sure if there is no sharing- does that make the host invulnerable to viruses when VM connects? I thought the VM connects through host Internet connection, no?

To prevent malware from coming over the network connection into a guest VM and affecting the VM host, there are a few potential vectors that should be controlled for:

• As you mentioned, shared folders between host and client should be disabled

• The guest VM should not know the VM host's name or IP (via DNS or /etc/hosts)

• If possible the guest VM should be networked as "bridged" so it has an independent IP address from the VM host, and it should be in a separate subnet to minimize chances of malware attempting network traversal. For example (assuming the VM host is behind a local 192.168 NAT):
  • VM host IP = 192.168.1.xxx
  • VM host netmask = 255.255.255.0
  • guest VM IP = 192.168.2.xxx
  • guest VM netmask = 255.255.255.0

• There are probably additional precautions one can take, but the above are quick and easy and provide decent security.

[Bob434]

[[For example (assuming the VM host is behind a local 192.168 NAT):

VM host IP = 192.168.1.xxx
VM host netmask = 255.255.255.0
guest VM IP = 192.168.2.xxx
guest VM netmask = 255.255.255.0

quick and easy]]

My Brain hurts! I’ve never been good at the whole net ip stuff- numbers give me headaches lol