Prayag

Level 4
which among the two is better for increased security,better performance and usability?
Also,what precautions should i take so that my real system works in tandem with vm and both would work as expected.
 
which among the two is better for increased security,better performance and usability?
Also,what precautions should i take so that my real system works in tandem with vm and both would work as expected.
Here is a conversation already at MT on the two "VMware Player Free and Virtualbox".
Compare Performance - BEST Free VM: Oracle VirtualBox or VMware Workstation Player?

If you are comparing Workstation Pro "Paid version" to Virtualbox, and plan to run Windows as the Guest, I would fully recommend dropping the dime on Workstation Pro between the two.

As for precautions on Workstation Pro, You need to disable "shared folders" and under guest isolation "untick enable drag and drop" & "untick Enable copy and Paste", chose for network either NAT or Host-Only.

Keep in mind, that messing with malware in a VM is not a game, there are potential exploits via the shared memory of the Host system, installing VM tools can also lead to being exploited, and of course chances of something escaping onto the network.

I would fully recommend that if you plan to continue down this path, that you research it until you can no longer see straight, take a break, and research some more before you even begin.
 

Quassar

Level 12
Verified
Here is a conversation already at MT on the two "VMware Player Free and Virtualbox".
Compare Performance - BEST Free VM: Oracle VirtualBox or VMware Workstation Player?

If you are comparing Workstation Pro "Paid version" to Virtualbox, and plan to run Windows as the Guest, I would fully recommend dropping the dime on Workstation Pro between the two.

As for precautions on Workstation Pro, You need to disable "shared folders" and under guest isolation "untick enable drag and drop" & "untick Enable copy and Paste", chose for network either NAT or Host-Only.

Keep in mind, that messing with malware in a VM is not a game, there are potential exploits via the shared memory of the Host system, installing VM tools can also lead to being exploited, and of course chances of something escaping onto the network.

I would fully recommend that if you plan to continue down this path, that you research it until you can no longer see straight, take a break, and research some more before you even begin.
Just unistall VMware tools and use bridge conection (it will use virtual nat driver connections not same as your main).
Other way you can use NAT but you need have fu$%$# good Firewall and know how to use it ^^
 
Just unistall VMware tools and use bridge conection (it will use virtual nat driver connections not same as your mian so connections.
Other way you can use NAT but you need have fu$%$# good Firewall and know how to use it ^^
I would never recommend using Bridge Network for malware testing, it allows the VM Guest full Network Access. I already have explained that Network breach is possible with NAT, although the Guest machine does not have direct access to the Network.
 
Sorry for my mistikate i mean host not bridge
but all the way NAT is most secure of them rest, you have right @S3cur1ty 3nthu5145t
Host-Only is the most secure, although in it's default configuration, a virtual machine in a host-only network cannot connect to the Internet. If you install the proper routing or proxy software on the host system, you can establish a connection between the host virtual network adapter and a physical network adapter.

Setting this up is generally beyond a users ability when first starting out with a Virtual Machine, and why I recommend NAT.
 

Parsh

Level 24
Verified
Trusted
Malware Hunter
As for precautions on Workstation Pro, You need to disable "shared folders" and under guest isolation "untick enable drag and drop" & "untick Enable copy and Paste", chose for network either NAT or Host-Only.
Regarding the last point, the main advantage of using NAT will be that data for the guest machine will channel through only the selected port(s) using the NAT service, but again, an attacker might be able to bounce to another port using some loopholes or unknown exploits, and that we may agree.

In case of Bridged connection, though the Guest machine will have full network access, will it not be safer to use in home network where user has a single computer only?
Even if there are more computer systems, won't good S/W Firewalls installed on the host PC (running the VM) and on the other hosts connected in the LAN be able to block the unusual spreading of malware from the said guest machine?
Please consider this point for the above discussion of NAT vs Bridged for home users:
I already have explained that Network breach is possible with NAT, although the Guest machine does not have direct access to the Network.
 

Peter2150

Level 7
Verified
I do test in a VM Workstation Pro machine. Two things I do. 1) I have all my security software both on the host and on the VM. 2) I use Appguard on the host and guard all the VMware processes. That blocks use of VMware processes to transfer anything through process memory
 
  • Like
Reactions: S3cur1ty 3nthu5145t
Regarding the last point, the main advantage of using NAT will be that data for the guest machine will channel through only the selected port(s) using the NAT service, but again, an attacker might be able to bounce to another port using some loopholes or unknown exploits, and that we may agree.

In case of Bridged connection, though the Guest machine will have full network access, will it not be safer to use in home network where user has a single computer only?
Even if there are more computer systems, won't good S/W Firewalls installed on the host PC (running the VM) and on the other hosts connected in the LAN be able to block the unusual spreading of malware from the said guest machine?
Please consider this point for the above discussion of NAT vs Bridged for home users:
If a user has a dedicated Network for the Host and guest machine ONLY, then I would say this would be fine, and would produce better results when testing in the Guest using it like a physical machine. The problem is, almost no one I know, has only one device in this day and age, and to protect the Network, Bridged networking is not advised.

I do test in a VM Workstation Pro machine. Two things I do. 1) I have all my security software both on the host and on the VM. 2) I use Appguard on the host and guard all the VMware processes. That blocks use of VMware processes to transfer anything through process memory
I do the same. I have both a copy of Appguard on the Host and one in the Guest. VMware is placed in Guarded apps of the Host to negate the possible exploits via memory. When performing Static tests, or light analysis in the Guest machine, that copy of Appguard is there to negate execution as the AV's access the file to scan it can sometimes trigger them to execute. If I'm performing Dynamic testing, Appguard in the Guest is placed into Install mode temporarily for this purpose, as anything allowed will not be present once I reset the Base snapshot.