In this age of incessant cyber-security threats, virtual machines have become a popular first line of defense. In thoery, properly implemented virtualization will protect the host operating system in the event of a guest compromise. Our computer systems are getting so powerful that lately it seems overkill to dedicate all of a system's resources to one particular task. For example, my CPU load seldom goes above twenty percent since upgrading to an i7-6700k. Virtual machines allow me to get more bang for my buck, in terms of how many simultaneous tasks my computer can run at a given moment. They also provide a priceless layer of security by keeping potential compromises localized to the virtual machine that they may or may not have occurred in.
Over the years I've found that reinstalling your operating system is never a bad move. If you suspect, but are not sure if a system compromise has occurred, than the safest thing to do is to reflash-- just in case. The only issue is that it takes a decent amount of time and energy to reinstall an operating system. You've got to back everything up, save all of your configurations, perform the installation, reinstall all of your software, reconfigure your preferences, files, and so on. Of course, much of this process can be automated with some simple shell scripting, but it's still a hell of a lot easier to reinstall a VM than it is a physical machine.
Having a separate VM for every task greatly minimizes the damage that a program compromise can do. I have a VM for just about everything. A VM for watching Netflix, another for watching porn. A VM for development, another for hacking. A VM for social media, and another for personal finances. This way, if Netflix or Facebook tries to deliver an evil payload to my system via say, javascript, than the attacker will not be able to get my bank details.
As great as this sounds, until recently, one problem remained with this philosophy-- I was dependent on Oracle's closed source software, Virtualbox, to make all of this work. If you know me, than you know that I believe that there few things on this Earth as evil as proprietary software. If you can't audit the source code yourself, than how can you trust the software? It's fundamentally impossible to completely reverse compile a complex program such as vbox. Sure, you can successfully reverse engineer some software, but you're rarely going to get the whole picture. It's also a huge pain in the ass. And since there happens to be other software that can drive virtual machines out there, that has no closed source parts, it makes more sense to use that instead. Thus, I decided it was time to ditch vbox and switch over to KVM.
Making the switch was a hell of a lot easier than I expected. Virt-manger has come a long way over the last couple years, which I imagine helps people like me that are used to Virtualbox's nice GUI to feel like they can safely make the switch. It's also quite easy to convert your current vbox virtual machines (OVA's and VDMK's) into KVM's format (qcow2), using qemu-img. I've also found that KVM is actually much more stable than Virtualbox. No more random crashes, or seemingly random corrupted disc images, unexplainable data loss, or stupid error messages like "Cannot add this disc because it's already attached to this machine". I really hated that shit.
Libvirt is a hundred times smoother, more featured, and cleaner than vbox. Even being able to close the window that the VM is running in without having to shut the whole damn thing down (without having to start the machine as 'detachable' ... give me a break!) feels absolutely liberating. My CPU load is now averaging about half what it was before I switched over, so KVM, with it's type 1 hypervisor, is clearly better about resource management. Full screen, high resolution graphics are now working just fine, and in my opinion, graphics and user friendliness were perhaps the only advantages vbox had over KVM. This is not the case anymore. There's so many great reasons to switch.
Now that I have ditched Virtualbox, I can proudly say that I am running a system with absolutely no proprietary software or drivers whatsoever (except the bios, of course. We've got much reverse engineering to do yet). Hell, I even sleep better knowing that Oracle no longer (may) have a backdoor to my systems! I'd encourage any and all Virtualbox users to switch to KVM today. Virtualbox may be a decent program, but KVM is awesome.
