How works virtual CD ROM and ISO files in VirtualBox

[Miro_R]

Hi all,

I would like to ask about using disk images in VB. Do I understand it right, that .iso files inserted in a virtual CD ROM present in every new virtual machine are all the time read-only and unchangeable? Or there is something like “virtual CD-RW device” in VB?

What is this about: I use virtual box as a sandbox for checking incoming files from clients (I am not an exposed person and I am not doing anything sensitive - it's just a common precaution because I communicate with a lots of people and a lots of people doesn't too much care about PC security and I simply find using virtual machines convenient) and it occurred to me that it might be handy to use ISOs as a read only database of scripts which I can easily share to VB from the host. But I would like to prevent a possibility, that I accidentally run a malware in a virtual machine and it somehow infects my iso (and then I'll spread it to my other virtual machines or to the host by using the same iso...).

Thank you for your opinions in advance.

[scottgus1]

.iso files inserted in a virtual CD ROM present in every new virtual machine are all the time read-only and unchangeable?

Yes. ISO's are meant to be and are used read-only.

Technically, an ISO is just another file on the host disk, and like all other files, can be hex-edited to be different. But we know of no way for a VM program to write to an ISO mounted in the VM's CD drive. (This is not to say that such might not happen in the future, a la Melt-Down/Spectre, which was staring us in the face for 20-odd years before someone looked at it funny.)

I would like to prevent a possibility, that I accidentally run a malware in a virtual machine and it somehow infects my iso (and then I'll spread it to my other virtual machines or to the host by using the same iso...).

A good doublecheck on this would be a decent SHA-style hash on the known good ISO to compare if you do get a baddy on your VM.

[mpack]

Do I understand it right, that .iso files ... read-only?

Correct.

The other disk formats such as VDI and VHD are read-write.

I would use shared folders as my preferred method of moving files in and out of a VM. This is perfectly safe provided you never attempt to run any executables that have been inside the shared folder. You can also simply mark the files as read-only on the host if you don't want the VM to be to modify them.

[Miro_R]

Thank you for your replies! Thought so, but was "afraid" of a possibility of some special feature which I dont know.

Technically, an ISO is just another file on the host disk, and like all other files, can be hex-edited to be different. But we know of no way for a VM program to write to an ISO mounted in the VM's CD drive. (This is not to say that such might not happen in the future, a la Melt-Down/Spectre, which was staring us in the face for 20-odd years before someone looked at it funny.)

A good doublecheck on this would be a decent SHA-style hash on the known good ISO to compare if you do get a baddy on your VM.

Yeah but these vulnerabilities happen hopefully only once in a decade. Doublecheck with SHA-hash sounds pretty bulletproof, but in my case it is probably not necessary. I do not have anything really sensitive, I just do not want to be irresponsible.

I would use shared folders as my preferred method of moving files in and out of a VM. This is perfectly safe provided you never attempt to run any executables that have been inside the shared folder. You can also simply mark the files as read-only on the host if you don't want the VM to be to modify them.

Hmmm, I'll think about it. To be honest I am still using VB without GA, because 1) I do not need them (so far) 2) I feel this as another possible way how to escape the VM. This is probably a little bit paranoid (I know there were some issues with VM Ware, I believe...), but I prefer not to install SW I do not need/use.

[mpack]

I'm been using VirtualBox since 2008, and I've never heard of any malware inside a VM even attempting to use the GAs API to affect the host. And if it did, it couldn't. It just isn't an issue. All of the GA features which could conceivably be abused (but in fact: only if a really dumb but cooperative host user is presupposed too), default to disabled even after the GAs are installed.

About the only things you get by default after installing the GAs is an integrated mouse and faster graphics.

And most VMs will be barely usable without GAs, especially if you intend to use graphical apps at medium display sizes and up.