Type 1 Hypervisor vs Type 2

Which is the most secure based in windows for a ubuntu server? I would guess type 2 as it uses only virtualized hw,. Yype 1 I believe uses bare metal so better performing? But more likely to get my host os infected?

Type 1 hypervisors generally have less overhead and perform better. A second PC would be recommended to manage and remotely access your VMs. Security-wise, I’m not sure if one is necessary better? I guess it would be based on type of threat model. I imagine it would probably be different if you’re playing with viruses vs running a honeypot… From what I’ve read, VM escape can be possible but not very common. Many times malware that checks for VMs will simply refuse to run instead of trying to escape to the host.

1 Like

I think you’re asking the wrong question. In practice nowadays more processors have virtualization extensions, so pure CPU performance on either can be reasonable. A type 1 may give you a more consistent performance, and can also provide para-virtual drivers for pass-through for disk/network/GPU acceleration.

Exactly what is your threat model? How much performance you you actually need? Does your use-case need a good amount of disk or network activity?

Running Either Hypervisor on windows exposes the guest to attack through the host, in addition to attacks directly against the guest.

WSL2 provides a small bridge between systems, but it’s the easiest way to get up and running. Or you can do a full Hyper-V system, and Linux guests support the paravirtual drivers for it. And if you need performance this is your best bet. While I’ve not heard of any attacks against paravirutal drivers, and a great deal of work and thought is put into security they do provide almost direct to host kernel subsystems. The only other real alternative for performance is hardware passthrough.

Something like Virtual Box is somewhat more portable. (Though I don’t like Oracle and suggest you avoid them like the plague for any production or commercial system) And setting up some more of the advance options in often require a more advance license. And while a purely virtual driver isn’t guaranteed to be secure either, it’s not living inside the host kernel either.

Really if I were that worried about it, I would consider a Single Board Computer instead.

1 Like

Type 1 should (IMHO) theoretically be more secure, as with a type 2 (hypervisor on top of consumer OS) any sort of VM escape will have a much larger amount of hosting OS code to potentially exploit (so that a hosting OS and thus hypervisor take-over is more likely); things like video drivers, sound drivers, font subsystems, etc. that are all traditional sources of insecure code - where performance vs. security tradeoffs have likely been made.

I mean a crap type 1 vs. a solid type 2 (i.e., implementation competency questions) may be a different story, but fundamentally, a type 1 can/should be more secure imho - by design.