Wednesday, August 08, 2007
4 Reasons OSX is not ready for Malware Research
I love my MacBook Pro. I really, really, really want it to be my primary research machine. Right now it sits between my Inspiron 9400 running Windows XP and my 5 year old clone running Fedora Core 6.
After 3 months of trying to use if for my research machine I'm resigned back to Windows and Linux. Mac OS X just doesn't have the right stuff for malware research.
Here's why I think it's not ready yet:
1) Networking - Lack of strong networking support in Virtualization products. I've tested both Parallels (2 and 3) and Vmware Fusion. Both support multiple virtual NICs and allow you to assign IP addresses. Both fail to offer the kernel level networking support of Linux tied into the virtual interfaces. For example on Linux I can use iptables on the host to restrict traffic on virtual interfaces. Not so with ipfw on OS X and Parallels. Also, where are the virtual networking config scripts for OS X?
2) Disk Image Support - Parallels offers an explorer tool that can view any type of image through a GUI. It works wonderful. It doesn't let me mount the disk in a way that allows systematic processing of the disk image. Vmware makes a nice virtual disk mount application for Linux and Windows but not OS X.
3) Headless support - Vmware offers headless support on both Windows and Linux which saves tons of time with 4 research machines. No need to sit in front of the machine running the VM to do simple GUI interactions. No such option for OS X.
4) Video capture - Vmware supports full screen video capture of guests on Linux and Windows but not OS X. Parallels does not offer video capture either. Sometimes a screenshot just isn't enough.
After 3 months of trying to use if for my research machine I'm resigned back to Windows and Linux. Mac OS X just doesn't have the right stuff for malware research.
Here's why I think it's not ready yet:
1) Networking - Lack of strong networking support in Virtualization products. I've tested both Parallels (2 and 3) and Vmware Fusion. Both support multiple virtual NICs and allow you to assign IP addresses. Both fail to offer the kernel level networking support of Linux tied into the virtual interfaces. For example on Linux I can use iptables on the host to restrict traffic on virtual interfaces. Not so with ipfw on OS X and Parallels. Also, where are the virtual networking config scripts for OS X?
2) Disk Image Support - Parallels offers an explorer tool that can view any type of image through a GUI. It works wonderful. It doesn't let me mount the disk in a way that allows systematic processing of the disk image. Vmware makes a nice virtual disk mount application for Linux and Windows but not OS X.
3) Headless support - Vmware offers headless support on both Windows and Linux which saves tons of time with 4 research machines. No need to sit in front of the machine running the VM to do simple GUI interactions. No such option for OS X.
4) Video capture - Vmware supports full screen video capture of guests on Linux and Windows but not OS X. Parallels does not offer video capture either. Sometimes a screenshot just isn't enough.
Subscribe to Posts [Atom]