On 4 July 2012 13:22, John wrote: > Hello. I have two questions about snapshots. > > First, is it true to say that reverting to a snapshot that I had taken prior > to having acquired a virus in the guest OS, or to having suffered other > detrimental effects on the guest from such malware, would effectively > eliminate the virus altogether, or its detrimental effects, and would clean > the guest system entirely, returning it to the pristine condition existing > at the time of having made the snapshot?
Yes, that is true. > ... or is > there still a potential for reverting to a snapshot without eliminating the > malware completely? Reverting a snapshot will completely undo any changes made to the disks after the snapshot was made; the disks will then be in the state they were at the moment the snapshot was made. If the malware changes were made after the snapshot was taken, they will be eliminated when reverting to that snapshot. > I am asking this question because I just made a snapshot > of a VM's guest OS, but I can see that this snapshot does not appear to be > exactly equal in size to the current file size; it is rather much smaller > (as if expecting possibly to re-use some of it later on?). The file you see is not the snapshot; it is part of the mechanism used to implement the snapshot. Don't let the internal mechanism confuse you. The small file is a "differencing" image file, and stores changes made to the VM disks AFTER the snapshot was made (any virus changes will be in the differencing image file). Please see chapters 1.9.2 and 5.5 of the user manual for more detail (available from Start > All Programs > Oracle VM VirtualBox > User manual - if you use Windows for your host). > Secondly, after making this snapshot, I can see in the VB Manger where this > machine's name is now followed in parenthesis by the word (Snapshot 1) while > the machine itself is not yet running. So, I am getting the impression that > if I were to start working with this machine, it would load up the snapshot > automatically. The snapshot name in parenthesis means that the current VM state is derived from, or is a modification of Snapshot 1. The snapshot is still frozen and loading up the VM will not modify it. Snapshots can be confusing, so please make sure you understand them before using them. In the past, some people have assumed that selecting a snapshot and Deleting it would UNDO it, or revert it, which is NOT true. Use Revert discard any changes made after a snapshot was created. Use Delete to Confirm/make permanent/keep any changes after the snapshot was created. Do not manually delete or move any of the "differencing" image files in the Snapshots folder. Make sure you have plenty of free space on the host drives that contain the VM disk images and differencing images (I recommend at least as much free space as the total size of disks allocated to the VM). -- Mark ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ VBox-users-community mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vbox-users-community _______________________________________________ Unsubscribe: mailto:[email protected]?subject=unsubscribe
