- Jul 30, 2012
- 510
Can any body suggest me a solution for malwares which bypasses UAC, sanbox and Virtual Machines ????
How will i identify such malwares ???McLovin said:Not sure if there is one, but a place that you can look is in our Virus Exchange and our Live Virus List.
madyrocksin said:How will i identify such malwares ???
haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or notMcLovin said:madyrocksin said:How will i identify such malwares ???
Make sure you have a backup of your system and then install a virtual machine and try the malware in that, and if it escapes then that's what you want.
madyrocksin said:haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or not
McLovin said:madyrocksin said:haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or not
If you have a backup solution and if the computer starts to play up then you just have to revert back to that backup.
InternetChicken said:Hi madyrocksin
If I understand you , u are worried about
a malware that can bypass UAC, sandbox and Virtual Machines ,
Their are malware that can bypass UAC and sandbox Virtual Machines
there's some that can bypass Virtual Machines. (allthough very Rare)
but bypass all 3 together ! I have not seen that . And am not Aware
of any malware currently in the wild that can bypass all 3 at once ,
how ever that dose not mean that such a malware could not be created
one only has to look at Flame which went undetected for some time,
If you are using UAC and sanbox Virtual Machines your chance of infection is
Very small,
Malware that can bypass UAC not so common
Malware that can bypass sandbox is less common
Malware that can bypass Virtual Machines is very rare,
MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
To be honest I don't think you have anything to worry about, Not to say let your guard down, Just take basic pre-cautions. I've been testing all types of threats inside my VM for 5 years now and never had anything "escape". Not that I'm saying it's not possible, As honestly I've never known it to happen nor seen it happen. Others can feel free to tell me otherwise.
MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
InternetChicken said:I am assuming that there is some virus like that, and want to know, can HIPS actually safeguard you against that ??
then the awnser would be No
As MrXidus stated above you honestly have anything to worry about
Find and running a malware that can bypass UAC sandbox Virtual Machines
Would be like closeing your eye's and shoot a gun and hiting someone with the shot while you are standing on mars, by your self ........
If you are so worried about the Issue then the fix is eazy , Dont mess with Malware ........
I might be killed a rock from outer space could crash and hit my car ,,,
It could happen , but the chance of happing is so low ,,, I wont worry about It.
Umbra Corp. said:MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
MrXidus was joking ^^
I run this config (but Virtual box outside ) PLUS my 3 security suites and nothing (yet) bypassed them.
but im sure with just Sandboxie or Shadow defender , it will be hard already to be infected.
Littlebits said:These types of malware are so extremely rare and have to be manually downloaded and manually executed in order to infect a system. So basic users shouldn't worry about them.
But if you are into testing malware, I recommend to use a separate system dedicated for testing only. It is the only 100% sure way that they can't cause any damage to a system. If your test system gets infected then simply re-install Windows and problem is solved.
Never use your main system to test malware, no matter how good you think you are at testing, errors can happen and wipe out your main system.
Thanks.