Secure Web browsing with Ubuntu and VMWare

Avoid malware and viruses by browsing the Internet from within an Ubuntu Virtual Machine with an "independent-nonpersistent" disk.

852 2
852 2

In a previous post I showed you step by step how to create a Ubuntu 11.04 Virtual Machine (VM) using VMWare Player. Today, I’m going to show you how to use the Ubuntu VM within VMWare Workstation and VMWare Player to create an Internet browsing environment that is immune to malware and viruses.

The goal of this exercise is to enable what is known as “independent-nonpersistent” mode on the Ubuntu VM virtual disk. There are two ways to go about it. If you are using VMWare Workstation it’s easy to make the changes using a GUI. If you are using VMWare Player you will have to do some simple editing of a configuration file. I describe both methods below:

Option 1. GUI method with VMWare Workstation

I install VMWare Player on all my machines so that I can access and run VMs on any of them. I also keep a licensed copy of VMWare Workstation on my main file server since Workstation makes many of the tasks associated with managing VMs much easier. It also has features not available on VMWare Player such as snapshots, clones, and teams. If you move beyond the experimenting stage and want to run VMs as production tools I highly recommend that you get a permanent license to VMWare Workstation.

For purposes of this tutorial, you can download a demo of Workstation (available here ) and use the graphical method or you can continue with VMWare Player and use the manual method shown in Option 2. If you haven’t yet tried Workstation however now is a great time to do so!

Step 1. Install VMWare Workstation. I won’t go over that part since it’s fairly straightforward.

Step 2. After installing VMWare Workstation on your machine, you simply open the Ubuntu VM that you created earlier. You should see something like this:

Opening Ubuntu VM in VMWare Workstation
Opening Ubuntu VM in VMWare Workstation

Step 3. Click on “Edit Virtual Machine Settings” and you will be presented with this dialog box shown below. Click “Hard Disk (SCSI)” to view its properties.

VMWare Workstation - Virtual Machine Settings
VMWare Workstation - Virtual Machine Settings

Step 4. Now, click the Advanced button to reveal this dialog box:

VMWare Workstation - Advanced Hard Disk Options
VMWare Workstation - Advanced Hard Disk Options

Step 5. Adjust the settings to enable “Independent” and set “Nonpersistent” mode and save your changes.

Step 6. Power on the VM and you’re up and running with an OS that discards all disk changes at power off.

 

Option 2. Manual Configuration with VMWare Player

This method will also work with VMWare Workstation but if you have Workstation you might as well use the GUI method above.

Step 1. Use a file browser or command line to navigate to the directory where you stored the VM.

Step 2. Open the file ending in .vmx with a text editor. In my case the filename is “ubuntu.vmx”.

Step 3. Search the file to find the line:

scsi0:0.mode = “persistent”

and change it to

scsi0:0.mode = “independent-nonpersistent”

Save the changes.

Step 4. Open the .vmx file using VMWare Player and click “Power On”. Now you’re up and running with an OS that discards all disk changes at power off.

 

Summary

By changing the virtual disk setting to “independent-nonpersistent” changes to the disk are discarded whenever you power down the VM. The downside of this is that you will lose any changes you make to your data, software programs, etc. so you must be careful not try to store data on the VM as you will lose it as soon as you shut it down. The upside is that changes made to the VM by a potential adversary will also be discarded the instant you power down! It is therefore impossible for the VM to retain malware and viruses for any longer than the duration of a single session of the VM. This powerful feature of VMWare and the free and open source nature of Ubuntu 11.04 means that you can now dedicate a VM for just for secure browsing on each of your computers. The inherent isolation of the VM from the host OS and the independent-nonpersistent disk of the VM will go a long way to ensuring that your host OS remains secure and that any viruses and malware you may encounter are removed after each browsing session. This is all great stuff but there are a few important things that must be covered before wrapping up this post.

Important Notes:

  • Resetting the VM is NOT the same as a power down. Changes persist after a reset! To ensure changes made to the virtual disk are removed you must actually “Shutdown” the VM.
  • Periodically you will need to update the version of Ubuntu in the VM. To do this, you must turn off the “Independent” and “Nonpersistent” modes prior to installing updates or additional software. Once you’ve completed the desired changes you can go back and configure the disk to be “independent-nonpersistent” for your regular browsing sessions.

Enjoy!

In this article

Join the Conversation

2 comments

  1. andrea

    Hi,nice guide.I can’t find “scsi0:0.mode = “persistent”” in my vmx file.Why?

    1. JR

      You likely created an IDE type drive. Look for ide0:0 instead. Sorry for not making that option clear.