is VMware unity mode less safe than regular mode?

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I am running chrome in VMware unity mode, in windows 10 guest, and windows 10 host.
does this involve any particular security risk?

by the way, is there a way to decrease the latency when running an app in a VM?

I had certain issues with Sandboxie and its alternatives (cybergenic shade and comodo), that's why I am trying out this setup.
 
Last edited:
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Are you running a Kaspersky Total Security inside the VM, host or both?

What issues did you encounter with Sandboxie? @Sandboxie Help could it be resolved?
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Huracan said:
Are you running a Kaspersky Total Security inside the VM, host or both?

What issues did you encounter with Sandboxie? @Sandboxie Help could it be resolved?
Click to expand...
In the host, I am running KTS 2016, and yes, it conflicts with sandboxie on win10. Craig@invincea advised me to ditch Kaspersky. He explains that Kaspersky tried to implement sandboxing, but failed, and the failed effort remains in their code, and that makes it really tough to adapt SBIE to Kaspersky.

Truth is, I would probably be willing to give up Kaspersky, if Sandboxie would behave nicely otherwise. But even without Kaspersky, I found that the browser window acted a little flaky sometimes. For instance, if it was minimized, when I would open the window, it would sometimes black out for a second or two, or otherwise show poor responsiveness.

In the guest (also win10) I am running Webroot SecureAnywhere 2016 with Malwarebytes anti-exploit free and Adguard.
 
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
  • Like
Reactions: shmu26 and Daniel Hidalgo
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096 said:
Kaspersky in 2011 had already a complete SandBox environment integrated in its security suite, but in 2012 They cut it because of its high resource consumption, and then became in Safe Money (SandBox only for browsers):

How to run an application in safe mode in Kaspersky Internet Security 2011?
What is Safe Run for Applications in Kaspersky Internet Security 2011?
Click to expand...
Does Safe Money also protect the file system from attacks coming in through the browser?
If so, it would be a little bit like Sandboxie built into Kaspersky, i.e., you can use it as a sandboxed browser??
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
shmu26 said:
Does Safe Money also protect the file system from attacks coming in through the browser?
If so, it would be a little bit like Sandboxie built into Kaspersky, i.e., you can use it as a sandboxed browser??
Click to expand...
I see that downloads in Safe Money go to the regular, unsandboxed download folder. So that's not so secure.
Any way to beef up the download protection, like put the download folder under "high restricted", or something like that?
I had an idea to set chrome to ask every time where to download. That way, I assume that you can't get unwanted downloads, because you will be asked.
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
Safe Money is not so strict as a pure sandbox when user have to download files from the sandboxed browser. In the past KL Safe Money had a shared folder (with the real system) where all the files downloaded were there, but They cut it and though it was a very annoying for standard users, deleted this feature and now downloads are put in real system, the target is to protect the browser from external attacks.
 
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
About that problem with certificate in Safe Money session is so strange, if You don't get the same in regular browsing. Probably something in Your Safe Money instance settings/configuration is not good.

Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser.

Also You can disable Kaspersky Self-Defense temporally, go to C:\ProgramData\Kaspersky Lab\SafeBrowser, and delete all the contents there, this will delete and re-set/clean up the Safe Money session for You browser.

Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate", only one and from the last Kaspersky version installed. The same with FireFox own certificate manager.
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096 said:
Safe Money is not so strict as a pure sandbox when user have to download files from the sandboxed browser. In the past KL Safe Money had a shared folder (with the real system) where all the files downloaded were there, but They cut it and though it was a very annoying for standard users, deleted this feature and now downloads are put in real system, the target is to protect the browser from external attacks.
Click to expand...
so aside from the download folder problem, does it protect the system from other threats coming in through the browser?
 
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
I think so, anyway read carefully the pdf whitepaper in post #9 :)
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096 said:
About that problem with certificate in Safe Money session is so strange, if You don't get the same in regular browsing. Probably something in Your Safe Money instance settings/configuration is not good.

Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser.

Also You can disable Kaspersky Self-Defense temporally, go to C:\ProgramData\Kaspersky Lab\SafeBrowser, and delete all the contents there, this will delete and re-set/clean up the Safe Money session for You browser.

Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate", only one and from the last Kaspersky version installed. The same with FireFox own certificate manager.
Click to expand...
how to "Check that in Safe Money session "Kaspersky root Certificate" is properly installed in sanboxed browser."?

and how to "Check also in Windows certificate manager that You don't have duplicates of "Kaspersky root Certificate""
 
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
First of all, which browser do You usually use with Safe Money?.

IE & Chrome, both use Windows certificates manager, FireFox uses own one.
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096 said:
First of all, which browser do You usually use with Safe Money?.

IE & Chrome, both use Windows certificates manager, FireFox uses own one.
Click to expand...
I use chrome
 
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,664
Ok, then You can use 2 methods:

1.- Via Windows tool certmgr.msc:

Go to folder: Trusted Root Certification Authorities

omyQSsK.png


2.- Via opening IE as admin -> right click left button over IE short-cut-> Run as Administrator. In IE settings, go to Content -> Certificates -> Trusted Root Certification Authorities.

In both cases check whether there is only 1 "Kaspersky Root Certificate", if duplicates, then delete the old ones, and keep the newest (current Kaspersky product installed).

Update: or to assure, You can delete all "Kaspersky Root Certificates", close all browsers and then go to Your Kaspersky -> Additional -> NetWork -> Encrypted Connections Scanning -> Advanced Settings -> Install Certificate.

To Mods: sorry for the off topic, split the Kaspersky related posts to a new thread if necessary...
 
Last edited:
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
harlan4096 said:
Ok, then You can use 2 methods:

1.- Via Windows tool certmgr.msc:

Go to folder: Trusted Root Certification Authorities

omyQSsK.png


2.- Via opening IE as admin -> right click left button over IE short-cut-> Run as Administrator. In IE settings, go to Content -> Certificates -> Trusted Root Certification Authorities.

In both cases check whether there is only 1 "Kaspersky Root Certificate", if duplicates, then delete the old ones, and keep the newest (current Kaspersky product installed).

Update: or to assure, You can delete all "Kaspersky Root Certificates", close all browsers and then go to Your Kaspersky -> Additional -> NetWork -> Encrypted Connections Scanning -> Advanced Settings -> Install Certificate.

To Mods: sorry for the off topic, split the Kaspersky related posts to a new thread if necessary...
Click to expand...
I had 4 certificates in there.
Apparently, when I uninstalled Kaspersky and then reinstalled, it kept the old cert and make a new one too.
This killed two birds with one stone: the probematic banking site is now okay, and I don't get that message anymore about "there is a problem checking the certificate for https connections".
thanks for the good work!
 
  • Like
Reactions: harlan4096
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
so safe money is in good shape, for what it is.
But I don't think it is coded to protect the file system.
I just did a little test by installing utorrent free version on my computer, and then trying the java trick of "pimp my utorrent"
This entails going to a certain website
Pimp my uTorrent : An angular.js application that removes the ads in uTorrent with a single click
and clicking on a button.
I did it from safe money, and the windows notification popped up right away in utorrent, asking whether I allow or not.
So it seems to me that safe money has free access to the file system.
 
  • Like
Reactions: harlan4096
Status
Not open for further replies.

Similar threads

shmu26
Advice Request Can I get Mark Of The Web (MOTW) in Linux?
Replies
0
Views
639
ChromeOS & Linux
shmu26
shmu26
silversurfer
    • Like
    • Thanks
    • +Reputation
New Update VirtualBox 7.0.0
Replies
1
Views
888
Virtual machines
silversurfer
silversurfer
Victor M
    • +Reputation
    • Like
    • Hundred Points
  • Suggestion
Setup Idea Default Deny Windows Firewall setup How To
Replies
7
Views
2,525
PC Setup Ideas
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top