As I'm planning to migrate to Linux host with Windows virtualization ...

[BravoV]

I'm in the preparation to move to Linux host and use virtualization for all my Windows (XP, 7 and 10), still undecided between Ubuntu vs Mint and QEMU vs VirtualBox, then I read this ... 

-> Chrome, Edge, Safari hacked at elite Chinese hacking contest


Quoting above ..

The exploit on Ubuntu + #qemu-kvm achieved partially control of the host. A bonus of $80,000 was won by 360Vulcan @Xiaowei__ being the highest bounty for a single exploit in Day 1 #TFC.

->https://twitter.com/TianfuCup/status/1195638648923779073


Applause to 360Vulcan @Xiaowei He has successfully escaped from the #qemu-kvm, and execute arbitrary code on Ubuntu host’s operating System. The exploit is to be verified.

-> https://twitter.com/TianfuCup/status/1195617940579635201


Amazing! 360Vulcan @XiaoWei___  successfully escaped from the #VMware #EXSi and controled the host’s operating system within 24 seconds. Now, they went to the review room with the judges. Let's wait patiently for the final result.

-> https://twitter.com/TianfuCup/status/1195904787373383681


Guess I have to wait again ... 

[james_s]

Or just don't use qemu? I use Virtualbox on Ubuntu Mate.

[ataradov]

So what? There will always be bugs and hacks. You will have to wait forever until that is all bug free.

Cell phones get hacked all the time. Have you stopped using one already?

[Circlotron]

Or just don't use qemu? I use Virtualbox on Ubuntu Mate.

Me too.
Works great.

[ataradov]

Works great.

It works great, but you don't know if there are VM escape vulnerabilities. So this does not really address OP's issue.

[BravoV]

Noob question, does Ubuntu + VBox support GPU passthrough ? How this compared to Ubuntu + QEMU ?

Again, I'm Linux noob. 

[BravoV]

So what? There will always be bugs and hacks. You will have to wait forever until that is all bug free.

Cell phones get hacked all the time. Have you stopped using one already?

I guess you're right, besides this vulnerabilities need time to get matured down to script kiddy level, am I right ?

[Tepe]

I guess you're right, besides this vulnerabilities needs time to get matured down to script kiddy level, am I right ?

If it is even practical. Presumably you will not be using the virtualised Windows as your primary environment and it will therefore only run some select software, right? You can also firewall its access to the net (if it needs it at all).

[BravoV]

I guess you're right, besides this vulnerabilities needs time to get matured down to script kiddy level, am I right ?

If it is even practical. Presumably you will not be using the virtualised Windows as your primary environment and it will therefore only run some select software, right? You can also firewall its access to the net (if it needs it at all).

Yep, all my network connections are behind firewall, its just all this time "my believe", whenever an OS inside virtualization is basically fully isolated, that is at least my current previous believe. 

For example at latest Dave's video (EEVblog #1265 - $53 360W Lab Bench PSU!) , that he skipped downloading the manufacturer's windows application for the PSU, as its sort of fishy and probably heavily infected.

My thought is, if I have the same case as Dave, at a "temporary" solution, just launch a disposable OS virtualization with that fishy application just to use it.

I guess with this situation, this practice is no longer safe, CMIIW. 

[james_s]

Noob question, does Ubuntu + VBox support GPU passthrough ? How this compared to Ubuntu + QEMU ?

Again, I'm Linux noob. 

No idea, I don't have anything with a separate GPU, never needed to run any GPU intensive stuff in a VM.

[edy]

Noob question, does Ubuntu + VBox support GPU passthrough ? How this compared to Ubuntu + QEMU ?

Again, I'm Linux noob. 

Seems like it can be done but will need a lot of tweaking... here is an article on this:

https://davidyat.es/2016/09/08/gpu-passthrough/

I use Ubuntu Studio with VirtualBox to run WinXP, Win10, MacOS, Android and other machines. I don't do intensive graphics stuff in the VM. Any Win games with graphics I will usually try to run using WINE, not in a VM, as I find it faster.

As always, the question becomes what do you plan on doing with your Win10 setup? Why are you moving it to a VM? Are you worried about being hacked? Are you worried about malware? Are you doing this to play Windows games? This background info is important to figure out what setup is best for you, if any.

[BravoV]

As always, the question becomes what do you plan on doing with your Win10 setup?

Its for a specific app that can only run in Win10, actually its for my kid.

Currently I'm content with Win7, its just its getting old, also Linux is my aim as host in long term.

Why are you moving it to a VM? Are you worried about being hacked? Are you worried about malware?

The main reason, I'm don't want MS to own my PC, as for Win10, MS is starting to hide or maybe delete the local admin account, and its only can be used if the PC is online. Its like they totally own your hardware, hence the planned move to Linux host. 

Are you doing this to play Windows games? This background info is important to figure out what setup is best for you, if any.

I don't play game, again as 1st answer, the virtualized Win10 with GPU pass-thru will be used by my kid in a very specific Windows 10 application for scientific simulation for study, remotely thru RDP (thru VPN) to my powerful desktop rig, as my kid lives in uni dorm with laptop only.

[pcmad]

i use linux mint and vmware player itworks great

[Messtechniker]

Using a tray-less mobile rack like an ICY Box IB 2226 for example
completely avoids the complexity of virtualisation.
Simply pop in an SSD with the the operating system of your choice.
At such low SSD prices today this has the following advantages:
- SSD 1 with the operating system (Windows 10 perhaps) you are used to for everyday work
- SSD 2 with the operating system (Windows 7 perhaps) you are used to for gaming
- SSD 3 with a Linux operating system
- SSD 4 or old 2.5 in. HDD for mucking around or trying NAS
  like Open Media Vault or FreeNAS or routers like pfsense etc.

[Marco]

I doubt any hacker is going to put an expensive virtualization attack into a generic ransomware/botnet kit, there's just not enough people using it. Unless I had reason to believe I might become a victim of a targeted attack I would not worry about it.

Messtechniker, that doesn't give you easy snapshotting/roll-back though.

[Ampera]

I'm actually looking at the possibility of implementing a Xen hypervisor on my next PC upgrade, with a unique configuration. The idea is to use the dom0 to run all of my graphically non-intense programs in Xpra screens, and then have them automatically reconnect whenever I launch a domU, thus allowing me to swap userlands immediately, but retain all of my programs. This also allows me to run graphically intensive Windows, Linux, and Android programs, the sorts of things that aren't easily usable on just Linux.

As for insecurity, these are hackers in likely closed environments that are given access to the machines. While these exploits are far from good, my guess is a lot would have to go wrong in a network to have this sorta thing take place, like someone running arbitrary code on your VM, which might as well be game over. VirtualBox has always seemed incredibly limited, and just awful in comparison to options like QEMU/KVM. They might be nice for a quick VM where someone doesn't want to mess with stuff, but right when you get into things like wanting SPICE over the network or the wonder that is libvirt, I've found it to become restrictive.

As for VMWare, it's a nightmare on Linux, and a nightmare on ESXi. That's all I'll say.