- Aug 23, 2011
- 2,291
Protecting Host Machine from Malware escaping a VM.
- Thread starter 3link9
- Start date
WinAndLinuxTutorials said:
You know a worm. Well worms spread through internet connections, so if it was physical connection, it could spread to your computer if it's a real connection, like it would spread through a network (e.g a buisness). So if it's NAT, a virtual connection, then there is no risk of it spreading like this.
- Oct 22, 2011
- 860
MRF71 said:
I don't really like virtual box... I had some problems with it in the past but if you don't want to pay for Workstation, Its good.
The problems I had with Virtual box is that I kept getting errors while creating and starting the machine, I sent a ticket to oracle and they said its now fixed in the new version, So i got the new version and I got it working for about two days but then it kept freezing on Virtual box's loading screen (Not the OS's startup, It was VB's] So I just deciding to uninstall it and get Workstation, Haven't had a problem yet except for user error (Never snapshot it before infecting it for a removal test). But Security wise, Its good...but not as good as Workstation IMHO.
- Aug 5, 2012
- 473
MrXidus
Super Moderator (Leave of absence)
- Apr 17, 2011
- 2,503
MrXidus
Super Moderator (Leave of absence)
- Apr 17, 2011
- 2,503
- Aug 5, 2012
- 473
MrXidus said:You'll notice I did say NAT under the picture.
Thanks, I did not notice the NAT written underneath the illustration. Just for curiosity sake, how long have you been testing on the VM and have you ever had anything "escape" the virtual machine environment?
Hotrod123 said:
Malware that could escape is quite rare. I'm not even sure it actually exists in the wild. I've read some proof-of-concepts, but I've never seen actual spreading malware that can do so.
More common is malware that is able to detect that it is running in a virtual environment, (be it a VM or a sandbox) and will stay inert. Then a user feels it's safe, so he runs it on his host, and then the malware acts.
- Aug 5, 2012
- 473
HeffeD said:
Yes I have heard of malware being able to know the difference between a host and virtual OS. Do you think worrying about it spreading over the network with NAT is just being paranoid? I know there is always a chance, but in all likelyhood with Comodo running on every other machine on my network, do you think I am good to run some suspicious programs in the virtual machine(VMware Workstation 8)?
- Aug 5, 2012
- 473
HeffeD said:
Yes I have heard of malware being able to know the difference between a host and virtual OS. Do you think worrying about it spreading over the network with NAT is just being paranoid? I know there is always a chance, but in all likelyhood with Comodo running on every other machine on my network, do you think I am good to run some suspicious programs in the virtual machine(VMware Workstation 8)? Also, I have VMware tools set to automatically update whenever a new update is available.
Hotrod123 said:
If you're not doing any file sharing, the odds are slim. However, you can never be too paranoid when it comes to malware. New techniques are being introduced every day.
Hotrod123 said:
Well, you'll be as protected as you are with your host machine connected to the internet, but I'll never be the person to tell you that you are OK to play with malware. In my opinion, if you ever have to ask for tips on how to safely play with malware, you shouldn't be doing it... :angel:
- Aug 5, 2012
- 473
HeffeD said:
Can I ask you a question. You are using the same username on the Comodo forums right? Because I believe I was having a discussion with you under a different username.
- Aug 5, 2012
- 473
HeffeD said:Hotrod123 said:
Yes, that would be me. Hello Weatherman97.
Why did you give away my true identity?
Nah I just wanted to mix it up a little bit. But going back to the million dollar question, is my network secured 99.99%? That is the most important thing I am trying to protect because I could easily fix an issue on my host machine, but it would be a pain in the neck to repair all the machines on my network. Also, I looked at the website you posted on the Comodo thread. Already tried it before, but I followed the instructions again with the same result: loss of Internet connection.I already figured it was you because the line of questioning was so very similar.
No. But if you do this, you'll be much closer. (But still impossible to put a percentage value on your security)
I'm not as crotchety as some of the users you encountered when asking this on the VMWare forum, but I agree with them somewhat, and I'm definitely not going to tell you you'll be fine testing malware. Whether you choose to believe them, or me for that matter, (on here or the same thing I've told you at Comodo) is your prerogative.
Testing malware is always going to carry risk. You can mitigate risk somewhat, but it's never completely safe. (and impossible to put a percentage on how safe you are) If you choose to play with it, the onus is completely on you. The last thing I want is to tell you you'll be fine, then have you come back blaming me that you've infected your network.
So as I've already stated, (as have others on different forums) I don't recommend playing with malware at all. Especially on a network with other machines connected.
Hotrod123 said:
No. But if you do this, you'll be much closer. (But still impossible to put a percentage value on your security)
I'm not as crotchety as some of the users you encountered when asking this on the VMWare forum, but I agree with them somewhat, and I'm definitely not going to tell you you'll be fine testing malware. Whether you choose to believe them, or me for that matter, (on here or the same thing I've told you at Comodo) is your prerogative.
Testing malware is always going to carry risk. You can mitigate risk somewhat, but it's never completely safe. (and impossible to put a percentage on how safe you are) If you choose to play with it, the onus is completely on you. The last thing I want is to tell you you'll be fine, then have you come back blaming me that you've infected your network.
So as I've already stated, (as have others on different forums) I don't recommend playing with malware at all. Especially on a network with other machines connected.
- Aug 5, 2012
- 473
HeffeD said:I already figured it was you because the line of questioning was so very similar.
Wow you are on alot of forums.
HeffeD said:
Is there any way you can help explain the internet loss I mentioned in the last couple of sentences on the previous post?
Hotrod123 said:Wow you are on alot of forums.
I get around.
Hotrod123 said:
I thought I'd already answered that in the other thread. Any time you add usability, you reduce security. You aren't isolated if you've allowed internet access through the host machine.
Many YouTube malware testers use the internet to download malware from malware lists to test, but security experts will never test malware if there is an internet connection.
It's a bit of a catch-22. You need to get the malware from the internet, but you don't want your VM to access the internet. So the only way to get the malware to the VM is through file sharing with your host machine, but you don't want your VM to have any contact with your host machine, nor do you want to expose your host machine to the malware you want to test.
Do you see where I'm going with this?
To be blunt, testing malware is never a safe thing to do. You'll be opening security holes to test in a reasonable manner. (the manner you see on YouTube tests) If you have to ask how to do this safely, you shouldn't be doing it.
- Aug 5, 2012
- 473
Hotrod123 said:
I do, but I wish it didnt have to be this way.
You have seen me constantly browse various forums for the best configuration, and after many opinions and ideas I feel like I have found the perfect blend between testing and security(sorry for all the I's). Anyway, thanks for all your help and if I need any more answers you will be sure to be hearing from me again. Similar threads
