Using Virtualization to Run Insecure Apps Securely


By Bryan Lares and Milton Lopez

Virtualization software allows a single physical computer to be divided up into a number of “Virtual” machines. Each Virtual Machine (VM) can be used to run an independent Operating System and an independent set of applications.

This is great for a number of reasons. For example, Virtualization can deliver greater bang-for-the-buck by allowing you to run multiple workloads on a single high-end server, minimizing the server’s wasted cycles. Virtualization is also used by developers and QA groups to run different types of Operating Systems that need to be supported by the apps they are developing and/or testing. It’s a lot more convenient, cost-efficient and energy efficient to do this kind of work in Virtual Machines than on physical systems.

One of the important attributes of VMs is that they act as isolated containers for the OS and apps that run within them. In other words, you can run an app that is unstable inside a VM and even if it crashes, or causes the entire OS to crash, it cannot affect the physical system on which it is running. The VM may reboot, or blue-screen, but it won’t do anything to the computer you’re running the VM on.

This is an interesting property and can actually be used effectively to secure your computing environment. More on this in a second.

Most of the malware/virii and other byzantine apps that infect your system do so via web links in email that accidentally got clicked, attachments that were accidentally opened and infected websites that were unknowingly visited. If any of these threats target your main workstation and your everyday OS, they can lead to data theft, data loss, downtime, ransom ware installation and a variety of other problems. But what if you could seamlessly separate the really secure, trusted apps from the relatively less trusted apps on the same computer? It would be like having two computers; one for the really important stuff, and the other for things like web browsing and perhaps checking untrusted email accounts. That second computer could be infected or compromised, but you still wouldn’t lose anything important.

With virtualization, you can have a setup just like this – but on a single physical machine – on your laptop, for example.

So how do you go about getting a setup like this up and running? Luckily, it’s not very hard to do, and you can use free software to do it all.

Here are some steps you’ll need to follow:

  1. You’ll need to install a free Virtualization application (also called a Hypervisor) known as “VirtualBox”. This is an app provided free of charge by Oracle. Click on this link to download the app.
  2. Once you’ve downloaded VirtualBox, double click to install it. It’s a really simple installation process; all you have to do is keep clicking “Next” for the most part. But if you need help, check out these instructions.
  3. Now that you’ve got VirtualBox installed on your computer, you need to download a copy of the free Linux operating system. For speed and efficiency, I love Debian. You can grab a copy here. Select an ISO image, which is basically a copy of the installation CD in a single file. If you have a relatively modern computer, you will probably want the amd64 version.
  4. Now, follow these instructions to create a VM on VirtualBox and install the OS (Debian) you just downloaded.
  5. Once the installation is completed, your VM will reboot and you’ll have yourself a copy of Linux, running in its own virtual computer (or VM), on your physical Mac/Windows computer.

By default, the VM will run in full-screen mode and this will take up much of your desktop real-estate. You can run the Firefox or Chrome browsers within this OS and they will be isolated from your regular OS. But, it’s just inconvenient to shuttle between desktops. Couldn’t we just get the browser running on our regular desktop as if it were a local application? As it turns out, we can! Thanks to a VirtualBox feature called “Seamless Mode” that merges apps running inside the VM with your local desktop. Once you go “Seamless” you can just view all the apps running within the VM in independent windows, as if they were running right on top your host operating system (e.g. Windows, or Mac OS/X).

Once you’ve turned on seamless mode, the Firefox browser (shown surrounded with a red rectangle) running on Linux shows up like a regular application.

And voila! You have Firefox running under a Linux VM showing up on your Windows desktop as if it were a local, Windows application! The cool thing is that this copy of Firefox could be taken over by adware, all sorts of troublesome browser toolbar apps, virii and/or malware, and your Windows desktop would remain entirely immune from trouble. Just make sure you don’t use this browser for accessing any of your secure websites.

Now, it’s time for a bonus benefit! A cool Virtual Machine feature known as “snapshots” allows you to actually save a copy of the state your VM was in when you first installed it. If it ever runs into any trouble, you can simply restore the original and your VM is back in pristine condition! Think an even better, faster version of Windows’ System Restore.

So there you have it folks, a secure way to run insecure apps on the same computer! And a way to restore your containerized browser in case something goes awry!

Thanks for sticking with us to the end of this post. We hope you find these tips useful and we look forward to sharing more security focused tips with you in future.

Latest blogs

Abstract depiction of our Generative AI Platform created by DALL-E
Campbell LeFlore

What’s Inside our Generative AI Platform?

Perfected over ten years of real-world engagements serving many of the world’s largest brands in energy, manufacturing, transportation, utilities, financial services, and other industries, SparkCognition’s

Read More
Campbell LeFlore

The Top Challenges HSE Managers Face Today

HSE managers are the behind-the-scenes heroes enabling today’s high-throughput industrial environments to operate at peak performance. Their determined efforts ensure the well-being and protection of

Read More
SparkCognition is committed to compliance with applicable privacy laws, including GDPR, and we provide related assurances in our contractual commitments. Click here to review our Cookie & Privacy Policy.