Do I need antivirus, etc. on a virtual machine? [closed]

Question

If the host machine has antivirus, antimalware, etc. then I would think the virtual machine accesses the Internet through the host, and doesn't need its own protection. Is that correct?

Answer 1

There aren't any reported cases of a breach wherein a vm which begins running malicious code is able to infect a host. However, theoretical concerns have been raised over this very issue. Worse, if a vm gets infected, it will likely end up running a bot that will scan your network (including possibly the host) and could easily discover a hole in your defenses.

So, even if you don't care much about the vm, it is highly advisable to engage in a rigorous strategy of protecting those machines with AV software and scheduled updates. It can be challenging if you don't turn the systems on that often. So, it's generally a good idea to schedule a time every few weeks that you turn on all vm/images and get them all up to date.

If you'd mention a particular virtual host vendor or package, more specific advice may be available as for how to go about developing your vm security protocol.

Answer 2

you should treat the virtual machine as if it were a real machine.

give it some protection.

Answer 3

If you use the virtual machine to do actual work besides testing - yes it should have antivirus, because it might jump over to the main machine if you move a file there. If it's just for sandbox testing of a program, you don't need antivirus or anything else, simply because you can always wipe the virtual harddrive.