Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Joe U
Posts: 1
Joined: 9. Jun 2015, 19:14

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Joe U »

Host OS: Windows 7 Enterprise x64 SP1
Significant Apps: Microsoft Forefront, Microsoft Firewall, Microsoft EMET, Avecto Defendpoint
Attached: VBox log.
Available, but couldn't upload : kernel dump.

Symptom:
I import an appliance that works on 4.3.12. When I start the VM, I get BSOD.
This also occurs with 4.3.26
Attachments
VBoxStartup.log.gz
(3.53 KiB) Downloaded 32 times
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Windows 4.3.28 Specifically for errors due to Security

Post by jrw »

You can see the history of my issues at viewtopic.php?f=6&t=68305. Summary:

After a VirtualBox 4.3.28 install, and creation of linux/ubuntu 64 VM, Startup aborts after about 3 seconds when trying to load a Linux Mint iso. After downgrading to VirtualBox 4.3.12, I was able to successfully get the same scenario to boot the iso.

My machine: Dell Latitude E6430 corporate laptop with Win7 Pro SP1 64-bit, i5 processor, 4GB of memory. "Corporate laptop" means that I don't have full control over it. There are some pre-installed applications which I am not willing to remove and, most importantly, I let my company's IT guys install the Windows updates.

In the forum post mentioned above, mpack specifically asked me *not* to post any more logs (since they are duplicative and they waste server space), so I have *not* posted my VBoxStartup.log.zip (but I will post it if you ask here).

My company installs Trend Micro antivirus and uses full disk encryption and Juniper VPN. I have a number of other applications installed, but I'm not sure how they would be impacting VirtualBox. Mpack complained that I "seem to have a habit of installing a number of invasive but uncertified applications". I think by that that he meant invasive = hooks into the core OS. I'm guessing that in that category are some products installed by my company's IT guys: Trend Micro, maybe CyberArmor, maybe Juniper. I'm not sure if they're certified or not. Out of the other applications I installed, I don't think they'd be considered invasive, except maybe 7+ Taskbar Tweaker: various Perl and TCL interpreters, Beyond Compare, Cygwin, FileZilla, Firefox, Ghostscript, Gimp, iTunes, Java, PDFCreator, PuTTY, SysInternals, VideoLAN (VLC), Vim, WebEx, WinSCP, WinZip. I also see a few corporate/manufacturer applications installed that are hardware related: CyberLink PowerDVD, Pulse Secure, Roxio Creator.

Mpack explained in the post mentioned above about the efforts over the past year to "harden" VirtualBox against DLL injection. I understand the issue, but I don't understand how any of the applications above would impact VirtualBox's VMs. Maybe the corporate antivirus/etc tools are not "certified"? But it would seem to me that if they're already trojaned, then my laptop is already at risk -- I don't see how starting a VM is going to worsen the problem. So, why is the VirtualBox VM failing to start, just because it doesn't approve of some previously installed software? In any case, I believe my laptop is a pretty standard issue corporate machine, so there may be a big struggle using VirtualBox on Windows for a lot of corporate machines. I'm very thankful for the availability of VirtualBox 4.3.12!

Let me know if I can provide any more information (like more logs). I'm happy with 4.3.12 right now.
wunjo
Posts: 8
Joined: 26. Feb 2015, 15:25
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: most linux

Re: Windows 4.3.28 Specifically for errors due to Security

Post by wunjo »

Hi Mpack,

Did you guys already found out why directly after first install of VBox there are no errors about certification, and after closing the Vbox and restart the app there suddenly appear these errors?

There must be something wrong calling these certifications, isn't it?
Again using 4.3.12
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

jrw wrote:I understand the issue, but I don't understand how any of the applications above would impact VirtualBox's VMs. Maybe the corporate antivirus/etc tools are not "certified"? But it would seem to me that if they're already trojaned, then my laptop is already at risk -- I don't see how starting a VM is going to worsen the problem.
The VM is not what's being impacted - it's the host which as at risk. Some of the VirtualBox code runs at a higher privilege level, and the app as a whole is covered by an Oracle certificate. Do I need to labor the chain of possible consequences from there? I.e. malware running in the Oracle guise may be able to do things to the host that it couldn't do by itself.

I don't buy any of this myself, but Oracle has to toe the line of press hysteria.
CaptainFlint
Posts: 107
Joined: 9. Oct 2007, 10:17
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Various Windows and Linux distros
Location: Moscow, Russia
Contact:

Re: Windows 4.3.28 Specifically for errors due to Security

Post by CaptainFlint »

I wonder how VMware and Hyper-V managed to cope with this "awfully insecure" mechanism of DLL injection without all this hassle of whitelisting applications and resufing to work at the slightest change of software configuration…
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

Hyper-v loads before the host OS, so is not a comparable product. I have no idea what VMWare do - you would need to ask them about that.
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Martin »

VMware (ESXi) is a type 0 hypervisor which doesn't run on Windows --> no DLLs ;)
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

Not to be an old fuddy duddy but (ESXi) is not their only product. :shock:
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Perryg »

"ESXi" is a type 1 hypervisor but I really fail to see the real difference between type 1 and type 2. Both still need a kernel and supporting software. Just no DE or bloat from programs packages. I have built my own type 1 hypervisor ( debian based ) and it works just the same. So if it walks like a duck and looks like a duck..? Or a rose by any other name is still a rose? I don't know but you get the point.
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

I thought a Type 2 hypervisor requires an OS to run in and is considered software virtualization, and a Type 1 hypervisor runs directly on hardware and requires no OS and is considered hardware virtualization and allows a VM access to the hardware.

I could be wrong, I thought my Atari 800 was complicated.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Perryg »

type 1 does not have magical powers and still needs to have the something to talk to the hardware. They still use a kernel to do this and have supporting software ( translators ) so.....

I am starting to think this whole type 1 VS. type 2 is just a marketing ploy much like hyper-threading. I will say that for the most part the type 2 as they call it would be easier for the normal user because it has a DE and all the things that make it easier to operate if you can't handle the CLI, but that does not change the way it works.
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

I think the only difference might be efficiency.

It was really an Atari 800XL :oops:
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Perryg »

efficiency has always been discounted for ease so I have no argument there.
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

I have no argument anywhere. :) I was just trying to understand the distinction between the two. Sounds like it's a fine line between them.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
noteirak
Site Moderator
Posts: 5229
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7
Contact:

Re: Windows 4.3.28 Specifically for errors due to Security

Post by noteirak »

The difference is that there is an OS (or not) between the hypervisor and the hardware.
On one side you leverage the OS abstraction to focus on the hypervisor (level 2) and on the other you leverage the direct access to do more "magic" at the cost of having to get & support drivers yourself (level 1).
If you run headless, I believe there is no difference in term of how the work is done (level 2 hypervisor still runs in kernel space).
The difference starts to show when you have desktop-like interaction - a level 1 hypervisor is incapable of that :)
Hyperbox - Virtual Infrastructure Manager - https://apps.kamax.lu/hyperbox/
Manage your VirtualBox infrastructure the free way!
Locked