VMs insecure but host is ostensibly secure: why?

I have been studying the VM software behavior of KVM, VirtualBox, and Boxes on a Fedora 37 and 38 host for some time. I have noticed many irregularities and faults in all VMs running Ubuntu, Whonix, Arch, and Debian. Fedora does not have many major perceptible, operational flaws. Most everything works as expected. Does anyone know why VMs would be faulty but a host would behave normally? Aren’t VMs supposed to improve security through compartmentalization and isolation? The persistent threat attacking the system can corrupt all VMs (multiple installations, uninstalls and reinstalls–all infected) but not the host? Why?

Unclear to me what you mean?
Can you provide some logs?

1 Like

Do any of the “insecure” VM/s use SElinux? Have you tried Debian’s SElinux configuration?

The VM manager isolates the OS in the VM from the host. The OS in the VM has nothing to do with the host OS and is itself subject to the vulnerabilities of that OS and the services it is running.

Compartmentalization is for separation of the software on the host and that on the VM but does nothing to enhance security within the VM. The VM is treated exactly like its own discrete device independent of the host.

In fact, that you say the VMs are getting corrupted but the host is not indicates that the compartmentalization is effective as intended.

There are many different types of attacks I have observed.
clock attacks:
against Debian NTP and system time, against Whonix sdwdate
update attacks:
against Ubuntu https, against Debian/Kicksecure tor+http
application attacks:
against firefox (sandboxed), ssl strip attempts, against nym connect

Apparmor is enabled. Do you think SELinux is better? SELinux commands are very elaborate. Thanks for the link.

Good points. The latent implication that prompted my question was that there might be something about Ubuntu/Debian based OS but you’re probably right about the guest being subject to its own vulnerabilities which means I could work on hardening the guest. I did a distribution morphing of Debian into Kicksecure in a VM (Boxes), which is extensively hardened, and was finding that there were still malfunctions. So I started thinking that there are ways of attacking the hypervisor or VT which means it doesn’t matter what the properties of the guest are.

SELinux is required in some organizations make security a priority. Many of my colleagues are in government, so software has to work on systems with SELinux enabled. At one time, SELinux tweaks were often needed, but now that is rare, in part because people have learned to avoid doing things that trigger SELinux alerts.