This article discusses antivirus programs in a virtual machine. It addresses the benefits and drawbacks and provides general information about available options.

VMware Workstation Pro 14.x (for Linux)
VMware Fusion 6.x
VMware Workstation 9.x (Windows)
VMware ESX 4.1.x
VMware vCenter Server 4.1.x
VMware Fusion 10.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware Workstation 11.x (for Windows)
VMware vSphere ESXi 5.5
VMware ESXi 4.0.x Installable
VMware vSphere ESXi 5.0
VMware ESX 4.0.x
VMware Fusion 8.x
VMware vCenter Server 5.0.x
VMware Workstation 8.x (Windows)
VMware ESXi 4.0.x Embedded
VMware Workstation 10.x (Windows)
VMware Fusion 4.x
VMware ESXi 4.1.x Embedded
VMware ESXi 4.1.x Installable
VMware Fusion 3.x
VMware vCenter Server 5.1.x
VMware Workstation 7.x (Windows)
VMware Fusion 7.x
VMware Fusion Pro 8.x
VMware vSphere ESXi 5.1
VMware Fusion 5.x
VMware Workstation Pro 15.x (Windows)
VMware Workstation 6.x (Windows)
VMware Workstation Pro 14.x (for Windows)
VMware Fusion 2.x
VMware Fusion Pro 10.x

Just as physical machines are susceptible to virus attacks, so are virtual machines. You can protect virtual machines from viruses and spyware in the same fashion as you do physical machines, but there are additional advantages that virtual machines have over physical machines in protecting themselves and the host from these types of attacks. There are also some disadvantages to running antivirus programs in virtual machines.

General benefits virtual machines have over physical machines

Sandboxing

A sandbox is a way of separating two programs or systems so that one cannot affect the other. It's a form of security for when there is uncertainty of one program's effect on the other. Virtual machines can be used as a sandbox. If you do not use services that can affect the host machine – such as shared folders, network folders, and dragging and dropping between the two machines. – then the virtual machine will be isolated from the host. By separating the virtual machine from the host, viruses and other malware in the virtual machine will be unable to infect your host machine.

Virtual machines are a good way of protecting your host machine from viruses: you can visit questionable websites or run risky programs in the virtual machine, because any damage will be restricted to the virtual machine, which can always be recreated if necessary.

Snapshots

In the event that a virtual machine contracts a virus, snapshots are a good way to go back to the state before the machine was infected. Snapshots are not meant as a way to backup the virtual machine, but can be used properly as a good way to create a temporary restore point.

If a file is suspected of being infected with a virus, a snapshot can be taken prior to opening the file. After the snapshot's creation, the file can be opened and tested. If there is a virus then the snapshot can be used to bring the system back to its previous state (before the file was opened) and the file can then be deleted. If there is no virus then the snapshot can be deleted and the virtual machine can continue to be used as normal.

For more information on snapshots, see Understanding snapshots and AutoProtect in VMware Fusion (1014509) or Working with snapshots (1009402) (if you are using Workstation).

Backups

Virtual machines are easier to backup, in their entirety, than physical machine. The virtual machine is really just a series of files contained in a bundle/folder. Once the bundle/folder is located, it can be copied to another location to be retained as a backup in case the original fails.

For more information about backups, see Best practices for virtual machine backup (programs and data) in VMware Fusion (1013628).

Benefits to having antivirus programs installed in a virtual machine

When there is an antivirus or antispyware program installed in the virtual machine then there is less of a chance that the virtual machine will become infected by a virus. Just as on physical computers, the programs will continue to scan and attempt to remove threats if any are found.

If there are sharing services between the host and guest machines enabled, then it's possible for the host to become infected with threats that infect the virtual machine. Protection programs would reduce the chance that the host can become infected because the guest is protected. For Mac and Linux hosts, the likelihood and actual impact of a virus infecting the host is even slimmer.

For application development, antivirus programs in a virtual machine provide another level of real-world circumstances in which the application may be run. The antivirus programs can affect installation and function of applications, so having antivirus programs installed can test a developed program's interaction with such systems.

Drawbacks to antivirus programs in a virtual machine

Antivirus programs use additional resources. The amount of resources used depend on the antivirus program you're using, but each one will still have some impact on CPU usage, RAM, and harddrive space. These resources must be taken into account when determining the performance of the virtual machine and deciding the amount of resources from the host to dedicate to the virtual machine.

There is also no guarantee that having an antivirus program installed will actually prevent all infection. It takes time for antivirus and antispyware companies to become aware of new threats and to create fixes for them. (Even this assumes that the programs are kept up-to-date with the virus definitions.) A system which is fully up-to-date, with antivirus software, and which has the most recent definitions in the virus database still has a chance of getting infected – especially by threats not encountered yet.

Once a virus infects a system, the damage is done. The virus can be removed, but it can be difficult to determine the exact impact it had. In those cases, it may become necessary to revert to a snapshot or a backup anyway.

Mac and Linux hosts are not affected in the same way as Windows hosts. More viruses target Windows because of the larger market share. Also, the Operating Systems are built on different code bases so cannot be affected by threats that do not affect that particular code base.

Choice of Antivirus Programs

Any antivirus program can be used in a virtual machine, just as on a physical machine with the same Operating System. Fusion comes with an optional bundled install of McAfee, but a different antivirus program can be used if desired. The installation of antivirus programs follows the same process as on a physical PC. Some of the factors that impact a decision as to what antivirus program to use are how often the virus definitions are updated, the resource impact it will have on the virtual machine, and market research. Some programs are more intuitive and easier to use then others. User reviews of antivirus programs are usually easy to find and will help in choosing which to use.

仮想マシンのアンチウイルス プログラムに関する情報
虚拟机上的防病毒程序的相关信息