Dieselman

New Member
If you really want to be a malware tester the use a system image. Malware can and will jump out of a sandbox.
 

win7holic

New Member
RE: Virtualization Software on 64-bit OS

Dieselman said:
If you really want to be a malware tester the use a system image. Malware can and will jump out of a sandbox.
Malware can and will jump out of a sandbox...? :D
I think.. you must learn how to use it and how work it
 

LaserWraith

New Member
RE: Virtualization Software on 64-bit OS

Dieselman said:
If you really want to be a malware tester the use a system image. Malware can and will jump out of a sandbox.
You forgot to mention how it jumps out.
 

Tom172

New Member
RE: Virtualization Software on 64-bit OS

Dieselman said:
If you really want to be a malware tester the use a system image. Malware can and will jump out of a sandbox.
hmmm...Does it use a trampoline?
 

HeffeD

New Member
RE: Virtualization Software on 64-bit OS

Actually, there is malware that can recognize if it's within a sandbox and will not deploy. Then if you happen to access it when it isn't sandboxed, it will run.
 

bogdan

New Member
RE: Virtualization Software on 64-bit OS

There are tools available that you can use to add anti-sandbox and anti-debugging features to your malicious program. It is possible for a malicous program to detect that it is running inside a sanboxed environment. It is not impossible for a malicious program to escape a VM and infect the host but in most cases this means that the malware was programmed to do exactly that. Fortunately most malware authors don't care about this issue. Their main concern is to infect the majority of PC-s and they can do that without worrying about VMs. With that being said, nothing is bullet proof and having a backup is the right thing to do just in case something bad happens.

Note: Almost all the off-topic fun was removed from this thread.
 

Jack

Administrator
Verified
Staff member
Interesting topic.......Yes , their are a lot of malware pieces out there that won't run in a virtual environment(with anti-sandbox and anti-debugging features) and if someone start testing in VM , very soon they will see this fact with their own eyes. :D
I've been "playing" with malware samples in a VM Workstation for almost 3 years and I never manage to see a malware sample that can "jump" out of the VM.....I'm not saying it's impossible but I never seen any malware sample capable of doing that while in a VM Workstation. :p
To prevent any possible damange that an eventual leak might provoke to your host PC it would be a good idea to always run the Virtual Machine on dedicated testing PC , always have system image to use as back-up and have a solid security on your host.
 

jamescv7

Level 61
Verified
Trusted
Also even you use a junk PC its necessarily to have a realtime AV sitting there.
 

MrXidus

Super Moderator (Leave of absence)
Been using VM's for 5 years and never has a piece of malware smiled at me and jumped out onto my host PC. Hope it stays that way.
 

MrXidus

Super Moderator (Leave of absence)
When ever Vmware alerts me of an update I do it straight away, probably why I haven't encountered it. And that I use Secunia software to keep me up to date.
 

jamescv7

Level 61
Verified
Trusted
Well those are clever to make sure that the malware will not run in sandbox or virtual and made only to run in a real system.
 

HeffeD

New Member
MrXidus said:
Been using VM's for 5 years and never has a piece of malware smiled at me and jumped out onto my host PC. Hope it stays that way.
Yes, and there are people who say they've run multiple real-time AV's for years and have never had a problem. ;)

Malware getting out of virtual environments is a very real concern, but like Bogdan mentioned, most malware authors are going for the easy infections that will spread rapidly.

This fact is what amuses me about the people that set their AV's max. file size to xxxGB to ensure that every single file is scanned. Sure there is large malware out there, but probably 99% (yes, I'm just pulling that number out of a hat...) of the malware out there is going to be smaller file sizes (Less than 40MB) just so they can spread rapidly. 2GB malware isn't going to spread very quick...

I know of a guy that runs his VM's in Sandboxie. :D
 

MrXidus

Super Moderator (Leave of absence)
"VM's in Sandboxie."

Very amusing to hear that but as for the malware getting out of V-Environments I do not see it has a concern.. well simply because its never happened to me in my 5 years but hey I ain't saying it could and won't happen, it could very well happen the next time I test out an AV in VM and the day it happens I'm going to be surprised.

"Run multiple real-time AV's for years and have never had a problem."

I've now gone 504 days WITHOUT an Antivirus, infections in sight? Nope all is well :p
 

MrXidus

Super Moderator (Leave of absence)
I know some that would debate on that Valentin but in my opinion yes my favored tool is common sense and my knowledge.
 

jamescv7

Level 61
Verified
Trusted
Knowledge and common sense is equivalent on using AV, Firewall, Sandbox and etc.....
 

Valentin N

New Member
MrXidus said:
I know some that would debate on that Valentin but in my opinion yes my favored tool is common sense and my knowledge.
AV is there to prevent people from installing bad things; average users usually thinks "WoW.. cool. lets try it out" before making some research.

I usually do research with various tools to see if a exe/msi file is safe and I also google it. I happens that I ask the comodo staff to scan and say if it's safe. This research that I do take some min but that's worth it :)

I have CIS because I love the d+ and its concept. The AV is not needed but I have just to have it ^^ :D
 

MrXidus

Super Moderator (Leave of absence)
Got the firewall, sandboxie, I do not need the AV how ever, It all comes down to the user allowing themself to get infected or not, Take my Google Images fake scanner page incident, I did not get infected by them because I did not download the .exes, That right there is because of my knowledge and common sense. I know its malware and I know better then to run it, No AV needed to tell me otherwise.