Home » Questions » Computers [ Ask a new question ]

Virtual Machine and Virus

Virtual Machine and Virus

I have a requirement for which I have to get online without protection (firewall, anti-virus). At the same time, I don't want to risk getting infected with viruses.

Asked by: Guest | Views: 59
Total answers/comments: 4
Guest [Entry]

"My 2 cents...

In a nutshell, malware that executes in the context of the guest OS will NOT be able to infect the host OS, and will likely not even be aware that there is a host OS (though, hypothetically, breaking out of the virtualized environment IS possible, it won't become very common for a while, I suspect).

Some exceptions:

In VirtualPC (for eg), it's possible to share a folder to the guest OS, which ""sees"" that folder as a drive letter.
Depending on your configuration, both the host and guest OS might be on the same network, meaning that a virus that exploits open ports or whatnot might be able to propagate by exploiting vulnerable system services or via network shares.
Last, and as it stands now, the least likely avenue, is that the virus might be VM-aware and capable of breaking out of the sandbox. Currently, this is extremely unlikely.

Overall, web surfing in the context of a VM is probably the safest way to surf, hands down (given the poor track record of AV s/w and other avenues of protection). In fact, using a separate, restricted account is probably sufficient, but a VM will certainly provide additional isolation."
Guest [Entry]

"Technically it is 100% possible to be sure - even if the network is isolated and are not sharing folders.

Although it is very unlikely unless the virus developer knew of a flaw in the combination of your host OS and your Guest VM and targeted it sepcifically. If you want to make a virus you want to make one that affects the largest number of computers possible and you won't find a flaw to exploit in some rare frequently used application.

The same answer holds for a sandbox or any layer of interpretation between the two. I think if you could run a 32 bit guest OS and a 64 bit host you would be the most safe since the exploit to target the guest OS to overflow and then also trigger the overflow in the vm/sandbox would be even more challenging since you'd have to compile the payloads in 4 combinations - but then again this is what is typically done with an attacker and a single operating system layer - the payload is prepared for the OS or exploitable service version and one for each 32 and 64 then he just throws them both at the machine.

It is exactly like the previous comment on BSD - the more uncommon your setup is the least likely a virus will target it.

If we all ran VM's to test out software we were suspicious of or to browse the net, the fact it's in a VM wouldn't matter anymore and to be very clear again you are open to a virus infection.

Also, there are special hardware considerations with the newer virtualization technologies and I'm primarly talking about software virtualization in which the guest machine code is being run by software in the host so that overflowing to the software instruction pointer seems to me to be extremely challenging and a waste of time. I'm not at all sure how this changes when we deal with a bios enabled hyper V or Xen etc - it may be that the virtual machines are more isolated or it may also be worse due to a vm running it's code in the actual hardware pipeline - it really depends on how the 'bios virtualization' works."
Guest [Entry]

"If in VirtualBox you have no shared folders or use any of the device features and if you want to be even more sure, look at the bottom of the VirtualBox window:

You should be able to run any viruses and not get one on the host machine, although to be sure, keep antivirus software running."
Guest [Entry]

"You should try Sandboxie (or any other sandboxing tool)

It will isolate your browser and delete everything after your done. That way, even if you get a virus, it won't be able to leave the sandbox.

Benefits of the Isolated Sandbox

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox."