Would you consider it safe to test malware in a VM on your main PC, with VPN?

  • Total voters
    20

steel9

Level 4
Verified
I know you should set the network adapter to NAT for the VM for the VPN on the host machine to work on the VM. But do you consider it safe (to test malware on your main PC (with antivirus) in a VM, with VPN), considering that some (yet) unknown exploit might allow the malware to escape to the host PC? I'm using VirtualBox if you wonder.

/steel9
 
5

509322

I know you should set the network adapter to NAT for the VM for the VPN on the host machine to work on the VM. But do you consider it safe (to test malware on your main PC (with antivirus) in a VM, with VPN), considering that some (yet) unknown exploit might allow the malware to escape to the host PC? I'm using VirtualBox if you wonder.

/steel9
There is always a risk associated with malware testing even in a VM. Quantifying that risk is not easy, but it is a small number. You're probably more likely to infect the Private Network than to come across a VirtualBox exploit that makes for an escape. A VM breakout would be an exceptional case.

Solution: Disable all forms of file sharing in VMs except between VMs using Host-Only.
 

Parsh

Level 24
Verified
Trusted
Malware Hunter
You're probably more likely to infect the Private Network than to come across a VirtualBox exploit that makes for an escape. A VM breakout would be an exceptional case.

Solution: Disable all forms of file sharing in VMs except between VMs using Host-Only.
While this is true, using Host-only mode for connection is not practical for users using VM for malware-testing (needing internet) unless the host is a routing device itself right... and that's not the case. The rest (disable all kinds of sharing, VPN,) are some important precautions that can be taken.
 
5

509322

While this is true, using Host-only mode for connection is not practical for users using VM for malware-testing (needing internet) unless the host is a routing device itself right... and that's not the case. The rest (disable all kinds of sharing, VPN,) are some important precautions that can be taken.
If you mean to test "live" malware that needs network access to download additional malware or do "stuff," then that is the wrong and unsafe way to test.
 

steel9

Level 4
Verified
There is always a risk associated with malware testing even in a VM. Quantifying that risk is not easy, but it is a small number. You're probably more likely to infect the Private Network than to come across a VirtualBox exploit that makes for an escape. A VM breakout would be an exceptional case.

Solution: Disable all forms of file sharing in VMs except between VMs using Host-Only.
But as I use a VPN, malware can't get my real IP and can therefore not spread through my network, from my knowledge.

/steel9
 

Parsh

Level 24
Verified
Trusted
Malware Hunter
If you mean to test "live" malware that needs network access to download additional malware or do "stuff," then that is the wrong and unsafe way to test.
Yes, I meant the normal running of malware that people do to test (or just observe) how their security products respond... Not malware analysis exactly.
I've just reinstalled eOS for testing with NAT mode. NAT on Windows brought a lot of interruptions from the host AV, and I don't feel good using exceptions there (if that were possible).
 

Parsh

Level 24
Verified
Trusted
Malware Hunter
But as I use a VPN, malware can't get my real IP and can therefore not spread through my network, from my knowledge.

/steel9
Regarding possibility of IP leaks, a famous one is via WebRTC found in browsers. It may reveal your true IP address, even if connected to a VPN.. and NAT mode being a candidate I believe.
That's why you will find "prevent IP leak by webRTC" option in some browsers and VPN apps. Basically application that renders web pages can be affected by this.
Other than that, blocking all connections when the VPN connection is lost (some VPNs offer such Firewall) is necessary.

However, when you run malware on your VM, remember this:
You're probably more likely to infect the Private Network than to come across a VirtualBox exploit that makes for an escape
Note that NAT and Bridged mode have certain advantages and disadvantages in terms of security and I'm sure you'll find a lot of info on Google with long debates on the comparisons. Important is to have a good s/w based firewall on the host machine and all other machines connected in your network.
 
D

Deleted member 178

Personally , i stopped doing malware testing because i dont have a spare machine.

To me real malware testing is on a real OS not a VM.
 
Last edited by a moderator: