- May 11, 2024
- 51
Since I'm cautious with software downloads and usage, I haven't seen behavioural defence triggered by programs/files on my PC. So out of curiosity (and thrill perhaps) sometimes, I would download samples and run them in virtual machines, to see e.g. how's security software's performance, would security software blocks them from executing, how the behavioural protection looks, etc. You know, it looks similar to bungee jumping or playing shooting games more or less, some risks under control/won't take in real life.
The platforms I use are VMWare Workstation Pro and Hyper-V. I use the NAT option for virtual machines' internet connection. For VMWare, the adapters "VMnet1" and "VMnet1" are disabled. The shared folders are also disabled. While trying the files I would keep the internet connected for the VMs as the cloud is important for most AVs.
I wonder if it's possible for the virus executed in the guest OS to infect the Host OS, mainly through the local area network formed by the guest machine and host machine, or other similar mechanics, not considering 0-day/platform vulnerabilities (since they are not something we can determine). Back in the day, there were quite a lot of viruses/worms capable of infecting other machines in the LAN (XP-era for example). Is such malware common nowadays? If I use the same anti-virus software for both guest and host OS(I'm using Kaspersky security suit in my own host OS, and then install another Kaspersky in the virtual machine) and it totally misses the malware executed in the VM, maybe the malware could infect the host machine through LAN (or other ways), since the AV in host OS can't block the threat either? I know if the internet connection of VMs is disabled, there shouldn't be such LAN and such risk, but it also disables the clouds. So I'm considering this for the situation where the internet connection is enabled.
The platforms I use are VMWare Workstation Pro and Hyper-V. I use the NAT option for virtual machines' internet connection. For VMWare, the adapters "VMnet1" and "VMnet1" are disabled. The shared folders are also disabled. While trying the files I would keep the internet connected for the VMs as the cloud is important for most AVs.
I wonder if it's possible for the virus executed in the guest OS to infect the Host OS, mainly through the local area network formed by the guest machine and host machine, or other similar mechanics, not considering 0-day/platform vulnerabilities (since they are not something we can determine). Back in the day, there were quite a lot of viruses/worms capable of infecting other machines in the LAN (XP-era for example). Is such malware common nowadays? If I use the same anti-virus software for both guest and host OS(I'm using Kaspersky security suit in my own host OS, and then install another Kaspersky in the virtual machine) and it totally misses the malware executed in the VM, maybe the malware could infect the host machine through LAN (or other ways), since the AV in host OS can't block the threat either? I know if the internet connection of VMs is disabled, there shouldn't be such LAN and such risk, but it also disables the clouds. So I'm considering this for the situation where the internet connection is enabled.