Fight ransomware by running Windows in Linux as a virtual machine

A virtual machine's isolation helps keep you out of trouble.

cyberattack laptop arrows war fight

Running Windows as a virtual machine in Linux may seems like unnecessary work until something like the Wannacry ransomware scare comes along. The PCs that were affected, all running older Windows versions, have few good solutions other than a Microsoft patch or an intriguing workaround called Wanawiki.

Short of shelling out for a new Windows 10 license, it may be time to switch to Linux. Despite its headaches, desktop Linux rarely is the target of malware. (When it is, it can generally present a smaller attack surface.)  And if you need to run applications in Windows, running the OS in a virtual machine saves you the hassle of other options, such as using a translation layer like WINE (which will render mixed results), or dual-booting (which is annoying). 

linux windows 10 virtual strorage files Alex Campbell

The two .vdi files, win.vdi and win64-stg.vdi contain my C: and F: drives, respectively. These files can be easily copied or backed up.

Why isolating Windows is a good idea

From a security standpoint, too, running Windows in a virtual machine can be much safer than running Windows on its own drive or partition, as you normally would. By virtualizing the OS, you separate the OS from the hardware itself and create a kind of barrier that your host operating system (Linux, in this case) can manage from the outside. This is like putting Windows in its own sandbox with its own limited set of toys that it can break at will without making all the other kids cry.

With few exceptions, most virtual machines use files that serve as virtual storage devices for the VM. The virtual storage looks like a normal hard drive to the OS running in the virtual machine, and unless you explicitly provide access to folders outside the VM, the rest of the system is inaccessible to the VM. It’s a bit like The Matrix: The OS has no idea that the computer it’s running on isn’t a physical one.

The cool thing about all this virtual storage stuff is that the entire Windows application–files, applications, the works–are contained in one file. That file can easily be backed up, archived, encrypted and stored on the cloud, copied hundreds of times, or deleted. VirtualBox can even take snapshots of the virtual drive within the application, freeing you from any hassle of backing up virtual storage files yourself.

When you point the VM at a backed-up copy of your virtual drive, it will happily boot the image as if nothing had happened. In essence, using a VM is the ultimate way to back up a Windows installation, without all the fuss of having to run backup applications on the PC.

Windows XP VM creation Alex Campbell

Creating a new virtual machine is a cinch with VirtualBox.

How to get this tomfoolery to work

Running Windows in a virtual machine is pretty easy with Virtualbox, which is a great place to start if all you need is to run a desktop application or two. Our Virtualbox tutorial from a few years ago was written with the assumption that Windows is the host OS, but the setup process for creating a VM is almost exactly the same on Linux.

Though it is much more difficult to get working right, you can even play AAA PC games in a Windows VM that demand the resources of a dedicated graphics card with near-native performance, with a little KVM trickery. If you’re up to the task, the Arch Linux Wiki has a guide on how to pass-through PCI express graphics cards to a guest VM using qemu and KVM. (I’m actually writing this on a desktop Linux PC that is set up to do just that.)

A quick word on security

Running virtual machines can also be a boon for the security-conscious. If there is an application or file that you want to use but don’t trust, the best course of action can be running the application in a VM. This way, any application shenanigans damage only the files inside the VM.

 

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon