4.3.14 conflicts with anti-virus packages.

Discussions related to using VirtualBox on Windows hosts.

Re: 4.3.14 conflicts with anti-virus packages.

Postby michaln » 22. Jul 2014, 12:12

CaptainFlint wrote:I'm sorry if I missed a clearer explanation in this long thread, but did I understand correctly that VB refuses to launch if ANY third-party DLL is simply injected into its process?

The basic criterion isn't whether a DLL is 3rd party or not, it's whether it can be trusted. To establish trust, the DLL must either be located in one of the Windows system directories and authenticode signed, or it must be in the VirtualBox directory and signed with a driver level signature (extension packs). That's the current logic, which will very likely be adjusted.

If you absolutely must inject untrusted/unverifiable DLLs into the VirtualBox process then you'll probably have to build your own VirtualBox, too.
michaln
Oracle Corporation
 
Posts: 2969
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all

Re: 4.3.14 conflicts with anti-virus packages.

Postby xandry » 22. Jul 2014, 12:34

Windows 7 x64 Professional with all updates and Kaspersky antivirus for workstations 6.0.4.1611
First window:
1.png
1
1.png (15.67 KiB) Viewed 5870 times

Two:
2.png
2.png (15.68 KiB) Viewed 5870 times

Three:
Безымянный.png
Безымянный.png (26.05 KiB) Viewed 5870 times


On first and two it says "_filename_ is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

And text version for search engines:
---------------------------
VirtualBox.exe - Ошибочный образ
---------------------------
"C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll" либо не предназначен для выполнения под управлением Windows или содержит ошибку. Попробуйте переустановить программу с помощью исходного установочного носителя или обратитесь к системному администратору или поставщику программного обеспечения за поддержкой.
---------------------------
ОК
---------------------------
---------------------------
VirtualBox.exe - Ошибочный образ
---------------------------
"C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll" либо не предназначен для выполнения под управлением Windows или содержит ошибку. Попробуйте переустановить программу с помощью исходного установочного носителя или обратитесь к системному администратору или поставщику программного обеспечения за поддержкой.
---------------------------
ОК
---------------------------
---------------------------
VirtualBox - Error In supR3HardenedWinVerifyProcess
---------------------------
Failed to verify process integrity: Found executable memory at 0000000060000000 (0000000060000000 LB 0x3000): type=0x40000 prot=0x80 state=0x1000 aprot=0x60000000 abase=0000000000000080
[rc=-5619] Found executable memory at 0000000060003000 (0000000060003000 LB 0x1000): type=0x40000 prot=0x40 state=0x1000 aprot=0x60000000 abase=0000000000000080
[rc=-5619] Found executable memory at 0000000060004000 (0000000060004000 LB 0x4000): type=0x40000 prot=0x80 state=0x1000 aprot=0x60000000 abase=0000000000000080
[rc=-5619] Found executable memory at 0000000060008000 (0000000060008000 LB 0x1000): type=0x40000 prot=0x40 state=0x1000 aprot=0x60000000 abase=0000000000000080
[rc=-5619] Found executable memory at 0000000060009000 (0000000060009000 LB 0x2000): type=0x40000 prot=0x80 state=0x1000 aprot=0x60000000 abase=0000000000000080 (rc=-5619)
Please try reinstalling VirtualBox.
---------------------------
Abort
---------------------------
xandry
 
Posts: 1
Joined: 22. Jul 2014, 11:20

Re: 4.3.14 conflicts with anti-virus packages.

Postby MarcSant » 22. Jul 2014, 13:25

Same error here: I have the same AV package (Norton 2014) in my previous version, the same OS (Windows 7 64) and now the Vm's won't start. So, I believe that this is a bug that affects a lot of users, and need to be addressed ASAP.
MarcSant
 
Posts: 8
Joined: 22. Jul 2014, 13:22

Re: 4.3.14 conflicts with anti-virus packages.

Postby CaptainFlint » 22. Jul 2014, 13:38

michaln wrote:The basic criterion isn't whether a DLL is 3rd party or not, it's whether it can be trusted. To establish trust, the DLL must either be located in one of the Windows system directories and authenticode signed, or it must be in the VirtualBox directory and signed with a driver level signature (extension packs). That's the current logic, which will very likely be adjusted.

If you absolutely must inject untrusted/unverifiable DLLs into the VirtualBox process then you'll probably have to build your own VirtualBox, too.

I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't. Does it mean, I have absolutely no choice but to either build VB myself, or get rid of FlashFolder, PowerPro and all other similar tools? Don't you think it's a little bit too hard a restriction?
CaptainFlint
 
Posts: 106
Joined: 9. Oct 2007, 10:17
Location: Moscow, Russia
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Various Windows and Linux distros

Re: 4.3.14 conflicts with anti-virus packages.

Postby QbProg » 22. Jul 2014, 13:44

The same happens with "Display Fusion" (http://www.displayfusion.com/)
Please, let the user configure if DLL injections should be checked or not.
QbProg
 
Posts: 4
Joined: 11. Dec 2007, 09:18

Re: 4.3.14 conflicts with anti-virus packages.

Postby MarcSant » 22. Jul 2014, 13:45

In time: I made a CLEAN Windows 7 install: using only official and PAID programs (no Keygen, no Crack, or similar programs): them, installed all apps again and imported the VM from a valid and recent backup, and now the VM's won't start. By lucky, in my other machine I have a Windows 8.1, with the same AV package but with previous Virtual Box version and VM's are working flawlessly. So, I don't believe that this is related to AV package... I will try to disable AV and see what's happens. I will post the results soon.
MarcSant
 
Posts: 8
Joined: 22. Jul 2014, 13:22

Re: 4.3.14 conflicts with anti-virus packages.

Postby HOJ-Spirrit! » 22. Jul 2014, 16:25

So after reading all these posts I let Kaspersky scan for vulnerability's it didn't found any in Virtual box. But to make sure it weren't the hooks from kaspersky i disabled kaspersky and still vb didn't ran properly.

Disabling antivirus doesn't mean it is completely disabled so i know kaspersky holds it hooks to vulnerable parts of windows system other antivirus systems do as well, for kaspersky users if you install kaspersky the first time kaspersky already scans for possible viruses and critic files so no way kaspersky is letting you disable itself, the hooks keep on your system also kaspersky's hooks are really hard to find i doubt (That means i'm not sure) an application like VB can find these hooks.

But then how to check if VB is affected by other hooks. kaspersky has a safemode for applications wich you do not trust etc but it is also good to find out if and application is hooked by another application because if an application is started it is scanned by kasperky for other entry's so for example you created your own application in lets say Java then and its hooked it probably won't run (Maybe java and kaspersky aren't a good example since Java is always crap with security and always popes up when scanned). So anyway I started safemode and tried to run VB but it wouldn't run it is directly terminated.

System info from my test PC

Test PC

Operating system: windows 7 ultimate 32 bits
Processor: intel core 2 quad 2.4 Ghz
workspace: 4GB Ram

Dual Screen ATM Video specs:
Ati Radeon HD 5700

Possible conflicting Software:
I'm not gonna add any Microsoft stuff here well maybe skype because skype is always shitty and crap and also causes blue-screens for not reasons and conflicts with drivers. (so if you're getting a random blue-screen and you're thinking wtf i only powered up my system i suggest remove skype ;) )

Adobe Why because its Adobe ;)
Amd graphics software
Malwarebytes Anti exploit
Malwarebytes Anti malware
phyton plus hooks
teamviewer
Kaspersky pure 2.0 Settings are on Maximum Protection Heuristic analyzes etc.
So I hope this feedback Helps :)

And plz Comment with feedback not criticism it is really annoying to read the criticism since i already have to read through twelve pages and VB is FREE so be happy with what you get. ;)
HOJ-Spirrit!
 
Posts: 1
Joined: 22. Jul 2014, 15:33

Re: 4.3.14 conflicts with anti-virus packages.

Postby michaln » 22. Jul 2014, 16:29

CaptainFlint wrote:I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't.

Well, if others insist on creating security holes, that's one thing, but we can't tolerate it, sorry. If the DLL can't be signed, we can't have it in the VM process. If it's not worth signing, it's probably not worth running anyway :)

I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.

Does it mean, I have absolutely no choice but to either build VB myself, or get rid of FlashFolder, PowerPro and all other similar tools?

You could try running VBoxHeadless and thus reduce the amount of unverifiable code in the VM process. Or stick with the previous releases and see what happens.
michaln
Oracle Corporation
 
Posts: 2969
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all

Re: 4.3.14 conflicts with anti-virus packages.

Postby CaptainFlint » 22. Jul 2014, 17:16

michaln wrote:If it's not worth signing, it's probably not worth running anyway :)

Are you telling me that the author of that program who designed it, programmed it, debugged it, helped users to resolve problems, implemented their feature requests, doing all this solely in his private time without being paid a single cent, that this person must also spend his personal money just to let his program run along with VirtualBox? No, seriously?!

michaln wrote:I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.

I hope you will also agree that ability to run an arbitrary EXE file is as large a security hole. Even with all the permission system, kernel protection, UAC, etc., since they cannot protect user's personal data. Still, we have this ability to run applications, because computers as general-purpose devices become useless without it.

I think you know what absolutely safe computer is? It's one locked inside a solid safe with no holes (even for power cord).

michaln wrote:
Does it mean, I have absolutely no choice but to either build VB myself, or get rid of FlashFolder, PowerPro and all other similar tools?

You could try running VBoxHeadless and thus reduce the amount of unverifiable code in the VM process. Or stick with the previous releases and see what happens.

For the moment, it seems, I have to stick with 4.3.12. VBoxHeadless with remote desktop client is no adequate replacement for VB GUI.
CaptainFlint
 
Posts: 106
Joined: 9. Oct 2007, 10:17
Location: Moscow, Russia
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Various Windows and Linux distros

Re: 4.3.14 conflicts with anti-virus packages.

Postby poncho524 » 22. Jul 2014, 17:56

michaln wrote:
CaptainFlint wrote:I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't.

Well, if others insist on creating security holes, that's one thing, but we can't tolerate it, sorry. If the DLL can't be signed, we can't have it in the VM process. If it's not worth signing, it's probably not worth running anyway :)

I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.

Does it mean, I have absolutely no choice but to either build VB myself, or get rid of FlashFolder, PowerPro and all other similar tools?

You could try running VBoxHeadless and thus reduce the amount of unverifiable code in the VM process. Or stick with the previous releases and see what happens.


Then what exactly is Oracle proposing as a solution??
poncho524
 
Posts: 45
Joined: 5. Mar 2008, 17:38

Re: 4.3.14 conflicts with anti-virus packages.

Postby MarcSant » 22. Jul 2014, 17:58

poncho524 wrote:
michaln wrote:
CaptainFlint wrote:I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't.

Well, if others insist on creating security holes, that's one thing, but we can't tolerate it, sorry. If the DLL can't be signed, we can't have it in the VM process. If it's not worth signing, it's probably not worth running anyway :)

I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.

Does it mean, I have absolutely no choice but to either build VB myself, or get rid of FlashFolder, PowerPro and all other similar tools?

You could try running VBoxHeadless and thus reduce the amount of unverifiable code in the VM process. Or stick with the previous releases and see what happens.


Then what exactly is Oracle proposing as a solution??


As I read so far, none.
MarcSant
 
Posts: 8
Joined: 22. Jul 2014, 13:22

Re: 4.3.14 conflicts with anti-virus packages.

Postby MarcSant » 22. Jul 2014, 18:22

The solution that I found so far is stick with 4.3.12 until Oracle's solve this issue: since there is no fantastic feature that I can't live without, this is not a huge problem for me. Remove the 4.3.14 and install the old one and life's goes on.
MarcSant
 
Posts: 8
Joined: 22. Jul 2014, 13:22

Re: 4.3.14 conflicts with anti-virus packages.

Postby Anunes » 22. Jul 2014, 20:27

WHAT is GOING ON?
Was the "R3 -Win Hook " Launch error not detect in Beta-testing?
Why wait to remove the 4.3.14 from download and thus preventing to spread WorldWide a buggy Software?
The error on the Picture down, I have not seen it until now. Why does Windows SmartScreen needs to start about 4.3.14? With 4.3.12 there is no such message!
I am very sorry, I have not enough knowledge about computing, but I am getting cautious about this Software.
I do not know if it is related, but I am experiencing a slower GPU performance and the CPU is not going down to IDLE any longer. There is always activity in background.
One of the 2 things have changed my Laptop performence: Last Win update (1GB) or VB 4.3.14. One of the 2 are the fault.
Maybe I am willing to uninstall all the Win Updates and see.
Attachments
VB4314_error_.jpg
VB4314_error_.jpg (59.61 KiB) Viewed 5608 times
Anunes
 
Posts: 71
Joined: 17. Jul 2014, 18:49

Re: 4.3.14 conflicts with anti-virus packages.

Postby BMN233 » 22. Jul 2014, 20:44

Win7 x64 with Avira Antivirus Pro
Attachments
error.png
error.png (51.83 KiB) Viewed 5596 times
BMN233
 
Posts: 3
Joined: 22. Jun 2014, 14:14

Re: 4.3.14 conflicts with anti-virus packages.

Postby heitkergm » 22. Jul 2014, 21:04

I uninstalled AVG and installed the MSE PreRelease (4.6.205), with which some folks seemed to have success.

Unfortunately, not for me.

Here's what I'm getting:
vb-4.3.14-mse-4.6.206.png
vb-4.3.14-mse-4.6.206.png (17.5 KiB) Viewed 5582 times
heitkergm
 
Posts: 17
Joined: 15. Jul 2014, 15:06

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 29 guests