mpack wrote:Personally, I would install a non-resident AV in the guest, such as ClamWin. After running suspect software I would then run a manual scan. If a virus is detected then you can either remove it - or maybe just delete the VM, the ability to do the latter is one of the benefits of using a VM (it helps if you have a basic clone ready to replace it tho).
As to the danger of infecting a host. Well of course if you detect the guest infection immediately (which you should have done if you follow the advice of the last para) then the chances of it propagating to the host is close to zero. However you can use a bit of common sense to eradicate the last iota of danger. Infecting the host requires a communications medium and a helpful host network protocol. One example would be a network share where the share contains executable files which can be infected. Only binary executes need to be considered: nothing else will carry a virus payload unintrusively. So simply make sure that shared folders are empty or readonly or contain nothing remotely executable and nothing can go wrong. You don't need to care about image files etc (the idea that images can distribute viable viruses is a very stupid myth).
As backup you can run a virus check on the host too.
Of course if your guest doesn't use shared folders at all (or USB thumb drives - same thing really), then I can't think of any way in which it can infect the host.
As a separate note on keyloggers: all they can do is log keystrokes from that VMs virtual keyboard. It has no access to the host keyboard. So, provided you don't type anything sensitive in your sandbox VM then that VM can contain as many keyloggers as you like.
All without guarantees of course: most of this is common sense, and I have no way to know how much of that you have.
Final, final notes: (1) make sure autoplay is disabled on Windows guests or hosts for all drives. XP made this a PITA to do, and I forget what the easiest way is, but you can google for that. (2) Make sure Windows is not "Hiding extensions for known file types". Most of the myths about executable images come from supposed image files which were actually called something like picture.jpg.exe - so these are actually exe's, not JPEGs, except that Windows helpfully hides the important extension.
mpack wrote:Final, final notes: (1) make sure autoplay is disabled on Windows guests or hosts for all drives. XP made this a PITA to do, and I forget what the easiest way is, but you can google for that.
Users browsing this forum: Bing [Bot], Petr Vones and 46 guests