Protecting Host Machine from Malware escaping a VM.

Joined
Oct 22, 2011
Messages
862
#1
Alright I would like to open up a discussion on how to protect your host from rare malware that escapes your VM and hits your host machine. So discuss about any products, changing settings, etc. and how you protect your Host.

Now I have a question for myself,
Would be using a HIPS like comodo Defense + on my secondary PC monitor it right and keep it safe or will it interfere with my testing?
 
Joined
Feb 24, 2011
Messages
1,063
#2
Make sure you have a good firewall if you are networking the virtual machine with the host.
You might want to run the virtual machine inside a sandbox, or, for real overkill, run the virtual machine sandboxed inside a virtual machine sandboxed on the host.
That should do it. :p
 

Dejan

New Member
Joined
Mar 3, 2011
Messages
514
#6
Uh, I don't think any malware so far can escape a VM on it's own (correct me if I'm wrong). That said, definitely turn off file sharing and you should be fine (as long as you don't do something stupid).
 
Likes: AtlBo

McLovin

Level 61
Trusted
AV-Tester
Joined
Apr 17, 2011
Messages
8,765
OS
Windows 10
Antivirus
Trend Micro
#8
This has never happened to me before, but as a some what person once told me,.
Yes it is possible. Do not use a VM unless you know what you are doing. Do not use a VM unless its on a junk pc.
 
Likes: AtlBo

jamescv7

Level 61
Trusted
Joined
Mar 15, 2011
Messages
12,639
OS
Windows 10
Antivirus
Microsoft
#10
Just make sure the VM was sandbox and a realtime protection is running on your Host Computer.

If you have a plan to disable the realtime caused for example you want to infect the VM or test the AV installed in VM make sure the its still in sandbox.
 
Likes: Parsh

McLovin

Level 61
Trusted
AV-Tester
Joined
Apr 17, 2011
Messages
8,765
OS
Windows 10
Antivirus
Trend Micro
#11
Also if you get any malware on your host, (which I doubt it will) make sure you have a backup of your system.
 

MrXidus

Super Moderator (Leave of absence)
Joined
Apr 17, 2011
Messages
2,171
#12
ITT: "Advanced" users acting like Novice users paranoid of threats escaping a VM.

"Rather be safe then sorry." - Sandboxing VM?, Running an AV on the host machine. -100

Having important data backed up, images created and having the knowledge to do things right in the first place. +100
 

HeffeD

New Member
Joined
Feb 28, 2011
Messages
1,597
#13
jamescv7 said:
Just make sure the VM was sandbox
I've heard people recommend this before, but I've always considered it overkill.

I've also never encountered anything capable of jumping out of the sandbox. I do understand that it's theoretically possible, but I've yet to see any proof of it actually happening.
 

Jack

Administrator
Staff member
Joined
Jan 24, 2011
Messages
8,702
OS
Windows 10
Antivirus
Default-Deny
#14
What VM software are you going to use for testing? VMware Workstation?
VM Worstation is the safest virtual machine on the market , and with it there is a very really slim chance of getting infecting while using it... Why?If a malware can bypass the virtual machine software than it must have a great code and any good malware writer will have his malware poll running processes during startup of his app and look for virtual processes to prevent from being run and analyzed in a virtual environment, basically a well coded piece of malware will crash or not run in a virtual environment.
I have been using a vm for quiete awhile and I have never seen a piece of malware that could actually escape from the vm and infect the system.


3link9 said:
Now I have a question for myself,
Would be using a HIPS like comodo Defense + on my secondary PC monitor it right and keep it safe or will it interfere with my testing?
(Before you ask, Im not using Norton on my second PC) I have Avast on it atm and I have to disable it.
The web guard component of a security suite can interfere with your malware testing so to not ger interrupted you can disable it , however their is no need to disable your antivirus engine while testing.
 
Joined
Nov 5, 2011
Messages
4,223
#15
@3link9,

Because you have Windows 32 bit, then, for your peace of mind only, look on XueTr possibilities to notch on XueTr/Setting tab: Manual AntiVirus Setting(s) .. and put it on the Tray near the clock.

This is the great tip, not only for you.;)
 

MrXidus

Super Moderator (Leave of absence)
Joined
Apr 17, 2011
Messages
2,171
#19
Not as feature packed and versatile. Virtual Box is as good as it gets for a free product of its kind.