Protecting Host Machine from Malware escaping a VM.

Discussion in 'General Security Discussions' started by 3link9, Jan 18, 2012.

  1. 3link9

    3link9 Level 5

    Oct 22, 2011
    867
    222
    United States
    Alright I would like to open up a discussion on how to protect your host from rare malware that escapes your VM and hits your host machine. So discuss about any products, changing settings, etc. and how you protect your Host.

    Now I have a question for myself,
    Would be using a HIPS like comodo Defense + on my secondary PC monitor it right and keep it safe or will it interfere with my testing?
     
    Stenly, AtlBo and arc_de_triomphe like this.
  2. LoftedAphid86

    LoftedAphid86 New Member

    Feb 24, 2011
    1,063
    7
    United Kingdom
    Make sure you have a good firewall if you are networking the virtual machine with the host.
    You might want to run the virtual machine inside a sandbox, or, for real overkill, run the virtual machine sandboxed inside a virtual machine sandboxed on the host.
    That should do it. :p
     
    AtlBo and Tornado like this.
  3. MetalShaun

    MetalShaun New Member

    Mar 3, 2011
    370
    18
    Devon
    I don't know how much difference it would make but I run my VM under EMET.
     
    AtlBo likes this.
  4. Valentin N

    Valentin N New Member

    Feb 25, 2011
    1,258
    49
    Student, Writer@techsweden.org,
    Germany
    you could for instance use shadow defender and insert the WM machine.
     
    AtlBo likes this.
  5. 3link9

    3link9 Level 5

    Oct 22, 2011
    867
    222
    United States
    Sounds good, Thanks for the posts guys. Keep 'em coming!
     
    AtlBo likes this.
  6. Dejan

    Dejan New Member

    Mar 3, 2011
    514
    3
    Serbia
    Uh, I don't think any malware so far can escape a VM on it's own (correct me if I'm wrong). That said, definitely turn off file sharing and you should be fine (as long as you don't do something stupid).
     
    AtlBo likes this.
  7. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    I've been testing malware/rootkits/worms/etc in VMWare for 5 years now.

    Not one threat has escaped or harmed my real system.
     
  8. McLovin

    McLovin Level 61
    Trusted AV Tester

    Apr 17, 2011
    8,768
    6,392
    I stream ✌
    Queensland, Australia
    Windows 10
    Trend Micro
    This has never happened to me before, but as a some what person once told me,.
     
    AtlBo likes this.
  9. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    Do not use a VM unless you know what you're doing.

    Indeed very true.

    Screenshot related.

    [​IMG]
     
    MrExplorer likes this.
  10. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,722
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    Just make sure the VM was sandbox and a realtime protection is running on your Host Computer.

    If you have a plan to disable the realtime caused for example you want to infect the VM or test the AV installed in VM make sure the its still in sandbox.
     
    Parsh likes this.
  11. McLovin

    McLovin Level 61
    Trusted AV Tester

    Apr 17, 2011
    8,768
    6,392
    I stream ✌
    Queensland, Australia
    Windows 10
    Trend Micro
    Also if you get any malware on your host, (which I doubt it will) make sure you have a backup of your system.
     
  12. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    ITT: "Advanced" users acting like Novice users paranoid of threats escaping a VM.

    "Rather be safe then sorry." - Sandboxing VM?, Running an AV on the host machine. -100

    Having important data backed up, images created and having the knowledge to do things right in the first place. +100
     
    Hector1 and (deleted member) like this.
  13. HeffeD

    HeffeD New Member

    Feb 28, 2011
    1,597
    12
    I've heard people recommend this before, but I've always considered it overkill.

    I've also never encountered anything capable of jumping out of the sandbox. I do understand that it's theoretically possible, but I've yet to see any proof of it actually happening.
     
  14. Jack

    Jack Administrator
    Staff Member

    Jan 24, 2011
    8,652
    14,792
    Bucharest
    Windows 10
    Default-Deny
    What VM software are you going to use for testing? VMware Workstation?
    VM Worstation is the safest virtual machine on the market , and with it there is a very really slim chance of getting infecting while using it... Why?If a malware can bypass the virtual machine software than it must have a great code and any good malware writer will have his malware poll running processes during startup of his app and look for virtual processes to prevent from being run and analyzed in a virtual environment, basically a well coded piece of malware will crash or not run in a virtual environment.
    I have been using a vm for quiete awhile and I have never seen a piece of malware that could actually escape from the vm and infect the system.


    The web guard component of a security suite can interfere with your malware testing so to not ger interrupted you can disable it , however their is no need to disable your antivirus engine while testing.
     
    soccer97, Parsh, Rishi and 1 other person like this.
  15. Prorootect

    Prorootect Level 46

    Nov 5, 2011
    3,552
    3,707
    0wN3D by my cat!
    @3link9,

    Because you have Windows 32 bit, then, for your peace of mind only, look on XueTr possibilities to notch on XueTr/Setting tab: Manual AntiVirus Setting(s) .. and put it on the Tray near the clock.

    This is the great tip, not only for you.;)
     
  16. MetalShaun

    MetalShaun New Member

    Mar 3, 2011
    370
    18
    Devon
    So what;s the benefits of using NAT over Bridged???
     
  17. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    It's not a physical connection between your actual PC and the virtualized one.
     
  18. Overkill

    Overkill Level 30
    Trusted

    Feb 15, 2012
    2,104
    1,997
    USA
    Windows 7
    Default-Deny
    How good is virtual box compared to vmware?
     
  19. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    Not as feature packed and versatile. Virtual Box is as good as it gets for a free product of its kind.
     
  20. Overkill

    Overkill Level 30
    Trusted

    Feb 15, 2012
    2,104
    1,997
    USA
    Windows 7
    Default-Deny
    Is the security as good as vmware?
     
Loading...