Page 13 of 40

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 22. Jul 2014, 21:10
by J.L.
michaln wrote:
CaptainFlint wrote:I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't.

Well, if others insist on creating security holes, that's one thing, but we can't tolerate it, sorry. If the DLL can't be signed, we can't have it in the VM process. If it's not worth signing, it's probably not worth running anyway :)

I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.

It has already been discussed and conveniently moderated how pointless it is for VirtualBox to try to dictate what to do in an infected system. It's simply counterproductive sacrificing security and usability for something like that. VirtualBox already does a great job keeping things from getting out, but host security should be left to the system and user.

What is VirtualBox trying to protect anyways? We're not running hypervisors where the guest may be more important than the host which is bare-metal so you shouldn't have to worry about DLL injections in the first place. I'm absolutely certain that this hardening will only cost Oracle users in real-world situations.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 22. Jul 2014, 21:20
by poncho524
How was it this new "feature" also was completely missed in the Changelog??

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 22. Jul 2014, 21:36
by J.L.
I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.

That should get the message across for hardening and allow the user to still use VirtualBox at their own discretion.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 22. Jul 2014, 22:41
by jimnms
michaln wrote:
CaptainFlint wrote:The basic criterion isn't whether a DLL is 3rd party or not, it's whether it can be trusted. To establish trust, the DLL must either be located in one of the Windows system directories and authenticode signed, or it must be in the VirtualBox directory and signed with a driver level signature (extension packs). That's the current logic, which will very likely be adjusted.

Apparently it isn't the current logic. Using ProcessExplorer you can see the dll's injected in a process. I had a look at what is in VirtualBox.exe, and every dll is either in the Windows/System32 or VirtualBox directories. On my system, the only non MS or VirtualBox file injected is one called guard64.dll, which is part of the Comodo Internet Security Suite. I'm only using the firewall portion of Comodo and have the guard feature disabled, but apparently it still injects its code. The guard64.dll is located in the Windows/System32 directory and is signed.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 22. Jul 2014, 23:55
by annaparker
I have no antivirus or firewall. Clean Win7 SP1 x64.

Image

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 00:32
by birrellwalsh
Please add "AVG - free" to the list of incompatibles.

Umm, I know this is a product made available to us by Oracle (thank you) and it seems ungracious to ask, but...

Any timeline to a fix? I wanted to run linux within it in the upcoming EDX linux course, which begins August 1.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 01:12
by socratis
Yes, 4.3.14 is a major problem for Windows users. But (and that should be a big "but". IN CAPITALS!)
Anunes wrote:WHAT is GOING ON? Was the "R3 -Win Hook " Launch error not detect in Beta-testing?

Yes it was (search the forums for 4.3.14RC1). I can bet my head that YOU were not a part of the public beta. What on earth are you willing to bet that earns you the right to shout? Honest question...
J.L. wrote:What is VirtualBox trying to protect anyways?

Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.

You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...
jimnms wrote:every dll is either in the Windows/System32 or VirtualBox directories. On my system, the only non MS or VirtualBox file injected is one called guard64.dll

"guard64.dll" should NOT be in System32 directory. That is a SYSTEM directory. Comodo and Microsoft's failure to follow their own guidelines. Not one to blame VirtualBox (or anyone that actually follows the guidelines).

SUMMARY
Please stop shouting about "verification" and "Quality control" in an OPEN SOURCE project. You (as the end user) are as much responsible as the people that work hard to make this happen. If the sh!t hits the f@n once every blue moon, well... sh!t happens!

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 01:16
by HJack
Solved as suggested in
.... /viewtopic.php?f=6&t=62615#p292968
(sorry cannot post urls)


Win7 Pro 64 bit (Italian)
HP G62
4 GB RAM
No antivirus / antispyware
Logged as administrator
Upgraded from previuos version

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 01:16
by socratis
birrellwalsh wrote:Any timeline to a fix?

Current timeline (as of 2014.07.23 00:15 GMT). Downgrade to 4.3.12. It will (99,9%) work fine for your course.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 01:59
by gregz83
Well, for now I have given up and gone back to 4.3.12-93733

download.virtualbox.org/virtualbox/4.3.12/

Call me when you fix it. :P

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 02:21
by J.L.
socratis wrote:
J.L. wrote:What is VirtualBox trying to protect anyways?

Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.

You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...

That are using virtual machines, funny. Aren't they the same people that needs the protection of anti-virus software which are incompatible right now? Let's be realistic here.

LOL, that's why my idea isn't what you've suggested. The user decides what gets approved on their own system, and that includes VirtualBox itself.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 02:30
by MarcSant
J.L. wrote:
socratis wrote:
J.L. wrote:What is VirtualBox trying to protect anyways?

Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.

You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...

That are using virtual machines, funny. Aren't they the same people that needs the protection of anti-virus software which are incompatible right now? Let's be realistic here.

LOL, that's why my idea isn't what you've suggested. The user decides what gets approved on their own system, and that includes VirtualBox itself.


Sorry for the dumb question but, what about the people that don't have an AV product installed? I made a factory recover for my Dell machine, without any program of fix installed, just OS (Windows 8 Professional), installed VB and restored VM images, and in the end I got the same error.

So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 02:41
by Perryg
So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.


Its not the only cause. I understand that it gets lost with all the me too replies. Read the top post.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 02:46
by socratis
J.L. wrote:that's why my idea isn't what you've suggested. The user decides what gets approved on their own system

J.L. wrote:How about VirtualBox (1) display a warning with (2) every "suspicious" DLL listed, and (3) allows the user to bypass it? Preferably with a (4) remember choice for (5) specific DLLs.

No, your idea is not even close to 1/5 of your idea (hint: the red ones are steps that have to be done in the source code).

@MarcSant
It's not just about antivirus. It's about any process that injects a DLL in another process. Graphic card drivers like NVidia for example have been known of doing that, as well as window (re)management utilities. That is not an exclusive list by any means.

Re: 4.3.14 conflicts with anti-virus packages.

PostPosted: 23. Jul 2014, 02:51
by J.L.
MarcSant wrote:Sorry for the dumb question but, what about the people that don't have an AV product installed? I made a factory recover for my Dell machine, without any program of fix installed, just OS (Windows 8 Professional), installed VB and restored VM images, and in the end I got the same error.

So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.

Not really a dumb question, but are you sure you're replying to the right post? I only said AV as an example in that case. Any non-whitelisted DLL injection could be the cause, as I've said before.

Unfortunately, I have a feeling they will treat it as a feature instead of a bug. Don't forget to download new guest additions if you want some more bugs fixed.