WHY BE ISOLATED?

There’s an advantage to breaking the system up this way. We can isolate programs or groups of programs, placing each inside their own virtual machine. I might have my personal web browser and applications in one virtual machine, my development tools in a second, and my security programs, keys, and passwords in a third. If my personal web browser becomes infected, that malware can’t reach the other two virtual machines — I’ve contained the damage.

(If this scenario interests you, see https://www.qubes-os.org/ for an entire laptop setup based on virtualization.)

A virtual machine provides many uses, including the ability to test malware, OS patches, and software installs and upgrades to look for problems. They’re also handy for sharing the resources of a single large machine instead of buying lots of smaller ones.

HOW DO I SET UP A VIRTUAL MACHINE?

First, you need a software package like VMWare Workstation, VirtualBox, KVM, or Xen. When choosing, you need to make sure that it will run on your host operating system (the one installed on the physical computer). Some of these are free, some are commercial. Pay attention to the license — some commercial ones are free for personal use.

You’ll install this on your host computer. This is the laptop, desktop, or rackmount machine that has some extra memory, CPU power, and disk space.

CREATING THE VIRTUAL MACHINE

With each virtual machine, ask yourself: If I was running this program on a physical computer, how many processors, how much memory, and how much disk space would I need for the program and the operating system underneath? Remember those numbers.

If your virtual machine software package isn’t running, start it up. Choose “Create Virtual Machine”. If you’re offered a virtual machine that has your operating system pre-installed, choose that! It’ll save you a lot of time. If you only get the option to create a blank virtual machine, no problem; we’ll install the OS in a minute.

As you’re creating this, you’ll be asked how many processors, how much memory, and how much disk space to give it. Put in the numbers you chose above. Remember that it’s generally pretty easy to add or remove memory and/or processors. If you run out of disk space in a virtual machine, most will allow you to add that as well, but keep in mind that removing disk space is not usually possible, so start small and add disk if needed.

You may also be asked if you want to 1) pre-allocate all disk space or 2) allocate on demand. Choice 1 means that if you want a virtual machine with 200GB of disk space, you will immediately tie up 200GB of disk space on your host. If you allocate on demand, you’ll only use a small portion of that — perhaps 10GB-20GB for the initial OS install, but that number will grow as you add more files inside the virtual machine. The latter is probably a good call for most people.

Finally, when you get to networking options, you’ll very likely pick something like “allow outbound networking”. The main exception to this is when you’re testing malware and want to totally prevent the malware from making network connections.

There will be a ton of other options, and in most cases, you can ignore all of them.

LOADING THE OS

If you weren’t offered a pre-installed operating system, you’ll have to install one. Here’s where you’ll need either a DVD or an ISO file downloaded from your operating system vendor (place this somewhere you can find it on your host hard drive). Go back to your virtual machine configuration, look for disks/drives, and in particular, the virtual DVD drive. You’ll have the option of pointing this at your host’s DVD drive or a file on the host’s hard drive! Here’s where you select the ISO file you downloaded. When you first start the virtual machine, there won’t be an operating system, so the VM will try to boot from what it believes is the DVD drive (but is actually that file on the host!). This will let you do the operating system install.

When the OS is installed, go back to the VM configuration and detach this ISO file from the virtual DVD drive and restart the system. You should boot up into the new virtual machine.

STARTING, STOPPING, AND SNAPPING!

Once you’ve pulled down and installed all OS patches, shut down the system. Go back to your virtual machine software on the host, select this new virtual machine, and create a snapshot. This is a copy of the virtual machine that is also stored on your host hard drive. Give it a name like “Ubuntu Linux 20.04 patched 20220711” so you know what’s in it.

If something goes wrong with the virtual machine — it gets corrupted, infected, or you just plain want to start your testing again — you can stop the VM, revert to an old snapshot, and be right back to where you were without having to start over at ground zero! When I’m working with these, I’ll usually make a snapshot right after I’ve installed the OS and applied all patches, another after I’ve made all my custom modifications (like accounts, keys, additional support packages, etc.), and one final snapshot after installing the software I’m testing — but before I start it up for the first time. This means I can revert to any of those stages quite easily.

There’s one final advantage to taking snapshots. When it comes time to create a brand-new virtual machine for a new project, you can use one of your existing snapshots as a starting point! This means you get to skip all the steps you had to take to get there in the first place.

SO, WHAT DID WE GET?

With a physical computer, we have a mindset that it is a resource to be protected. We don’t want anything to corrupt the drive, screw up the configuration, or otherwise make it unavailable.

With a virtual machine, we get the exact opposite — you should get used to the idea that you can create and delete these at any time! If something goes wrong, just go back to a previous snapshot and try again.