Protecting Host Machine from Malware escaping a VM.

3link9

Level 5
Thread author
Verified
Oct 22, 2011
860
Alright I would like to open up a discussion on how to protect your host from rare malware that escapes your VM and hits your host machine. So discuss about any products, changing settings, etc. and how you protect your Host.

Now I have a question for myself,
Would be using a HIPS like comodo Defense + on my secondary PC monitor it right and keep it safe or will it interfere with my testing?
 

LoftedAphid86

New Member
Feb 24, 2011
1,107
Make sure you have a good firewall if you are networking the virtual machine with the host.
You might want to run the virtual machine inside a sandbox, or, for real overkill, run the virtual machine sandboxed inside a virtual machine sandboxed on the host.
That should do it. :p
 

Dejan

New Member
Mar 3, 2011
559
Uh, I don't think any malware so far can escape a VM on it's own (correct me if I'm wrong). That said, definitely turn off file sharing and you should be fine (as long as you don't do something stupid).
 
  • Like
Reactions: AtlBo

McLovin

Level 76
Verified
Helper
Malware Hunter
Apr 17, 2011
9,228
This has never happened to me before, but as a some what person once told me,.
Yes it is possible. Do not use a VM unless you know what you are doing. Do not use a VM unless its on a junk pc.
 
  • Like
Reactions: AtlBo

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,513
Do not use a VM unless you know what you're doing.

Indeed very true.

Screenshot related.

FZrMt.png
 
  • Like
Reactions: MrExplorer

jamescv7

Level 85
Verified
Helper
Mar 15, 2011
13,085
Just make sure the VM was sandbox and a realtime protection is running on your Host Computer.

If you have a plan to disable the realtime caused for example you want to infect the VM or test the AV installed in VM make sure the its still in sandbox.
 
  • Like
Reactions: Parsh

McLovin

Level 76
Verified
Helper
Malware Hunter
Apr 17, 2011
9,228
Also if you get any malware on your host, (which I doubt it will) make sure you have a backup of your system.
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,513
ITT: "Advanced" users acting like Novice users paranoid of threats escaping a VM.

"Rather be safe then sorry." - Sandboxing VM?, Running an AV on the host machine. -100

Having important data backed up, images created and having the knowledge to do things right in the first place. +100
 

HeffeD

Level 1
Feb 28, 2011
1,698
jamescv7 said:
Just make sure the VM was sandbox

I've heard people recommend this before, but I've always considered it overkill.

I've also never encountered anything capable of jumping out of the sandbox. I do understand that it's theoretically possible, but I've yet to see any proof of it actually happening.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,382
What VM software are you going to use for testing? VMware Workstation?
VM Worstation is the safest virtual machine on the market , and with it there is a very really slim chance of getting infecting while using it... Why?If a malware can bypass the virtual machine software than it must have a great code and any good malware writer will have his malware poll running processes during startup of his app and look for virtual processes to prevent from being run and analyzed in a virtual environment, basically a well coded piece of malware will crash or not run in a virtual environment.
I have been using a vm for quiete awhile and I have never seen a piece of malware that could actually escape from the vm and infect the system.


3link9 said:
Now I have a question for myself,
Would be using a HIPS like comodo Defense + on my secondary PC monitor it right and keep it safe or will it interfere with my testing?
(Before you ask, Im not using Norton on my second PC) I have Avast on it atm and I have to disable it.
The web guard component of a security suite can interfere with your malware testing so to not ger interrupted you can disable it , however their is no need to disable your antivirus engine while testing.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,872
@3link9,

Because you have Windows 32 bit, then, for your peace of mind only, look on XueTr possibilities to notch on XueTr/Setting tab: Manual AntiVirus Setting(s) .. and put it on the Tray near the clock.

This is the great tip, not only for you.;)
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,513
Not as feature packed and versatile. Virtual Box is as good as it gets for a free product of its kind.