is VMware unity mode less safe than regular mode?

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
I am running chrome in VMware unity mode, in windows 10 guest, and windows 10 host.
does this involve any particular security risk?

by the way, is there a way to decrease the latency when running an app in a VM?

I had certain issues with Sandboxie and its alternatives (cybergenic shade and comodo), that's why I am trying out this setup.
 
Last edited:
Are you running a Kaspersky Total Security inside the VM, host or both?

What issues did you encounter with Sandboxie? @Sandboxie Help could it be resolved?
 
Huracan said:
Are you running a Kaspersky Total Security inside the VM, host or both?

What issues did you encounter with Sandboxie? @Sandboxie Help could it be resolved?
Click to expand...
In the host, I am running KTS 2016, and yes, it conflicts with sandboxie on win10. Craig@invincea advised me to ditch Kaspersky. He explains that Kaspersky tried to implement sandboxing, but failed, and the failed effort remains in their code, and that makes it really tough to adapt SBIE to Kaspersky.

Truth is, I would probably be willing to give up Kaspersky, if Sandboxie would behave nicely otherwise. But even without Kaspersky, I found that the browser window acted a little flaky sometimes. For instance, if it was minimized, when I would open the window, it would sometimes black out for a second or two, or otherwise show poor responsiveness.

In the guest (also win10) I am running Webroot SecureAnywhere 2016 with Malwarebytes anti-exploit free and Adguard.
 
  • Like
Reactions: shmu26 and Daniel Hidalgo
harlan4096 said:
Kaspersky in 2011 had already a complete SandBox environment integrated in its security suite, but in 2012 They cut it because of its high resource consumption, and then became in Safe Money (SandBox only for browsers):

How to run an application in safe mode in Kaspersky Internet Security 2011?
What is Safe Run for Applications in Kaspersky Internet Security 2011?
Click to expand...
Does Safe Money also protect the file system from attacks coming in through the browser?
If so, it would be a little bit like Sandboxie built into Kaspersky, i.e., you can use it as a sandboxed browser??
 
shmu26 said:
Does Safe Money also protect the file system from attacks coming in through the browser?
If so, it would be a little bit like Sandboxie built into Kaspersky, i.e., you can use it as a sandboxed browser??
Click to expand...
I see that downloads in Safe Money go to the regular, unsandboxed download folder. So that's not so secure.
Any way to beef up the download protection, like put the download folder under "high restricted", or something like that?
I had an idea to set chrome to ask every time where to download. That way, I assume that you can't get unwanted downloads, because you will be asked.
 
Safe Money is not so strict as a pure sandbox when user have to download files from the sandboxed browser. In the past KL Safe Money had a shared folder (with the real system) where all the files downloaded were there, but They cut it and though it was a very annoying for standard users, deleted this feature and now downloads are put in real system, the target is to protect the browser from external attacks.
 
About that problem with certificate in Safe Money session is so strange, if You don't get the same in regular browsing. Probably something in Your Safe Money instance settings/configuration is not good.

Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser.

Also You can disable Kaspersky Self-Defense temporally, go to C:\ProgramData\Kaspersky Lab\SafeBrowser, and delete all the contents there, this will delete and re-set/clean up the Safe Money session for You browser.

Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate", only one and from the last Kaspersky version installed. The same with FireFox own certificate manager.
 
harlan4096 said:
Safe Money is not so strict as a pure sandbox when user have to download files from the sandboxed browser. In the past KL Safe Money had a shared folder (with the real system) where all the files downloaded were there, but They cut it and though it was a very annoying for standard users, deleted this feature and now downloads are put in real system, the target is to protect the browser from external attacks.
Click to expand...
so aside from the download folder problem, does it protect the system from other threats coming in through the browser?
 
I think so, anyway read carefully the pdf whitepaper in post #9 :)
 
harlan4096 said:
About that problem with certificate in Safe Money session is so strange, if You don't get the same in regular browsing. Probably something in Your Safe Money instance settings/configuration is not good.

Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser.

Also You can disable Kaspersky Self-Defense temporally, go to C:\ProgramData\Kaspersky Lab\SafeBrowser, and delete all the contents there, this will delete and re-set/clean up the Safe Money session for You browser.

Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate", only one and from the last Kaspersky version installed. The same with FireFox own certificate manager.
Click to expand...
how to "Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser."?

and how to "Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate""
 
First of all, which browser do You usually use with Safe Money?.

IE & Chrome, both use Windows certificates manager, FireFox uses own one.
 
Ok, then You can use 2 methods:

1.- Via Windows tool certmgr.msc:

Go to folder: Trusted Root Certification Authorities

omyQSsK.png


2.- Via opening IE as admin -> right click left button over IE short-cut-> Run as Administrator. In IE settings, go to Content -> Certificates -> Trusted Root Certification Authorities.

In both cases check whether there is only 1 "Kaspersky Root Certificate", if duplicates, then delete the old ones, and keep the newest (current Kaspersky product installed).

Update: or to assure, You can delete all "Kaspersky Root Certificates", close all browsers and then go to Your Kaspersky -> Additional -> NetWork -> Encrypted Connections Scanning -> Advanced Settings -> Install Certificate.

To Mods: sorry for the off topic, split the Kaspersky related posts to a new thread if necessary...
 
Last edited:
harlan4096 said:
Ok, then You can use 2 methods:

1.- Via Windows tool certmgr.msc:

Go to folder: Trusted Root Certification Authorities

omyQSsK.png


2.- Via opening IE as admin -> right click left button over IE short-cut-> Run as Administrator. In IE settings, go to Content -> Certificates -> Trusted Root Certification Authorities.

In both cases check whether there is only 1 "Kaspersky Root Certificate", if duplicates, then delete the old ones, and keep the newest (current Kaspersky product installed).

Update: or to assure, You can delete all "Kaspersky Root Certificates", close all browsers and then go to Your Kaspersky -> Additional -> NetWork -> Encrypted Connections Scanning -> Advanced Settings -> Install Certificate.

To Mods: sorry for the off topic, split the Kaspersky related posts to a new thread if necessary...
Click to expand...
I had 4 certificates in there.
Apparently, when I uninstalled Kaspersky and then reinstalled, it kept the old cert and make a new one too.
This killed two birds with one stone: the probematic banking site is now okay, and I don't get that message anymore about "there is a problem checking the certificate for https connections".
thanks for the good work!
 
  • Like
Reactions: harlan4096
so safe money is in good shape, for what it is.
But I don't think it is coded to protect the file system.
I just did a little test by installing utorrent free version on my computer, and then trying the java trick of "pimp my utorrent"
This entails going to a certain website
Pimp my uTorrent : An angular.js application that removes the ads in uTorrent with a single click
and clicking on a button.
I did it from safe money, and the windows notification popped up right away in utorrent, asking whether I allow or not.
So it seems to me that safe money has free access to the file system.
 
  • Like
Reactions: harlan4096
Status
Not open for further replies.

You may also like...