I actually want drag and drop!

[mpack]

Well, my pre-implementation views on drag on drop were always conditional on whether the devs did it in what I regarded as the obvious and easiest way. That would be :-

1. Implement a file read/write API in the VBoxSVC service.
2. To begin a host->guest drap/drop the shell service on the host sends a packet containing host and guest paths and files to the GAs running in the guest.
3. On receipt the GAs kick off a process which copies the files using calls to the file read/write API mentioned in step 1.

Now the problem with this is that any guest code could call that file I/O API, not just the GAs as intended. So, the potential existed that you could download malware into your "sandbox", and if it was VirtualBox-aware then it would have full access to your host, both read and write. In particular it could scan your document folders for email addresses, passwords, pin numbers, other personal details. It could also copy malware to the host. And note that the malware would not be confined to a shared folder, so IMO there is no way shared folders risk could be considered remotely comparable - unless someone was idiot enough to share his entire host drive.

Happily that isn't how they implemented it. I haven't checked the precise details as I still don't use the feature, but what they've done seems to amount to a hidden shared folder. In step 1 a link is added to the hidden shared folder. In step 3 guest code can only access host files when a link to the file is found - so no access to the entire host drive. Since this essentially is a shared folder service (the devs may not agree on how I mentally model the problem), it will not be any safer or more dangerous than shared folders in general. In both cases the user must perform enabling actions before guest code can access anything or affect anything on the host.

[Armando]

A difference seems anyway to remain between shared folders and drag&drop:
while a malware running in the guest can easily access shared folders in the host (reading or writing, depending on permissions) without the user being aware, a malware can not perform a guest to host (or vice versa) d&d operation.

Which makes d&d look (potentially) less dangerous than shared folders and seems to suggest that the safest scenario for moving or copying files to or from the host is: no shared folders, no connected (usb, lan...) drives, just drag and drop.

[mpack]

Malware can't do anything to shared folders either, without help from the user. E.g. in order to infect an executable file in a shared folder, the user first has to copy an executable file there. By copying the file to an accessible location, the user made it available to the guest. This is equivalent to the file copy command implied by a drag and drop gesture.

[Armando]

Malware can't do anything to shared folders either, without help from the user. E.g. in order to infect an executable file in a shared folder, the user first has to copy an executable file there...

Don't you think a clever malware could copy an executable file (its own, for example) to a writable shared folder without the user being aware? Isn't that (copying or deleting files around) one of the typical... hobbies of malwares and viruses?

Surely we could blame the user for... helping the malware enter the VM and execute, but once the malware is "on" some files can actually be moved or copied around with no user action, while drag&drop requires always the user to manually select something and then drag it from here to there.

So, being malware engineers more and more clever and being users (all of them/us) far from infallible, don't you think drag&drop might be generally considered as less risky?

[mpack]

Are you imagining that the malware copies an executable to the shared folder from inside the guest? Yet somehow we can't identify it as executable? Yet somehow the host and the user conspire to execute it anyway?

I'm only aware of one version of that which works. That is when malware copies a file called (say) nudeypicture.jpg.exe to a shared folder on a Windows host. Windows hosts default to hiding extensions for registered file types (which includes ".exe") so the user sees a strange file "nudeypicture.jpg" that he didn't remember putting there and double clicks it. For this reason I recommend the basic precaution of making sure that Windows is configured not to hide file extensions. Later versions of Windows also give you are warning when you are about to run an executable in a shared folder, but IMO the warning is worthless - noobs will click past it without sparing a thought for what it means.

[Armando]

I understand all you said and agree with most of it.
I also recommend not to hide file extensions; which is typical, I'm afraid, of quite... senior computer users :]

I'm not talking about conspiracies; just about clever threats and precautions.
You did not, by the way, answer my last question.

[mpack]

Your "question" presupposes several facts not in evidence, so I don't care to address it.

[Armando]

My question does not pretend to be strictly technical nor infallible. Just a matter of general precaution.
Just a matter of choosing, among many, a behaviour which is more likely to be safer than others.

I understand your professional attitude and your consequent accuracy and need for precision and thoroughness, but maybe, as a moderator, you could consider that many users are not as expert as you are and just look for (and can understand) something simpler, surely less accurate but nonetheless quite useful (to them, at least). :]

[mpack]

I don't have a problem with people learning, but I do dislike having to repeat myself or respond to myth and rumor accepted as fact. The assertion that malware writers are clever is just part of the myth. The scary story wouldn't be scary if the opposition was not reported as being evil and clever. Fact is that they're mostly untalented and unemployed losers who download someone else's kit.

Second, the whole idea of taking basic precautions is so you don't have to remember to be infallable, so I just don't accept the "precautions are ok but..." line of argument.

[Armando]

I also don't like myths and rumors. That's why I usually prefer discussing quite technical matters.
I do not think all malware writers are evil and clever (skillful).
I think SOME of them are; those are the only ones I'm concerned about.

My line is not "precautions are ok but...".
It rather could sound as "precautions are ok AND... I try to take the most effective ones I learn".