How secure is a virtual machine

Discussions related to using VirtualBox on Windows hosts.
Post Reply
burninyearnin
Posts: 4
Joined: 8. Jun 2011, 23:40
Primary OS: MS Windows Vista
VBox Version: OSE other
Guest OSses: Ubuntu

How secure is a virtual machine

Post by burninyearnin »

Say I decide to run xp on a vista host machine. How unsecure could xp be before it becomes a major concern? Would it be safe for testing programs on without having an antivirus in place on xp, for instance?

If a virus infected xp, could it spread to the host?

What about keyloggers?

Thank you greatly for any assistance.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: How secure is a virtual machine

Post by mpack »

Personally, I would install a non-resident AV in the guest, such as ClamWin. After running suspect software I would then run a manual scan. If a virus is detected then you can either remove it - or maybe just delete the VM, the ability to do the latter is one of the benefits of using a VM (it helps if you have a basic clone ready to replace it tho).

As to the danger of infecting a host. Well of course if you detect the guest infection immediately (which you should have done if you follow the advice of the last para) then the chances of it propagating to the host is close to zero. However you can use a bit of common sense to eradicate the last iota of danger. Infecting the host requires a communications medium and a helpful host network protocol. One example would be a network share where the share contains executable files which can be infected. Only binary executes need to be considered: nothing else will carry a virus payload unintrusively. So simply make sure that shared folders are empty or readonly or contain nothing remotely executable and nothing can go wrong. You don't need to care about image files etc (the idea that images can distribute viable viruses is a very stupid myth).

As backup you can run a virus check on the host too.

Of course if your guest doesn't use shared folders at all (or USB thumb drives - same thing really), then I can't think of any way in which it can infect the host.

As a separate note on keyloggers: all they can do is log keystrokes from that VMs virtual keyboard. It has no access to the host keyboard. So, provided you don't type anything sensitive in your sandbox VM then that VM can contain as many keyloggers as you like.

All without guarantees of course: most of this is common sense, and I have no way to know how much of that you have.

Final, final notes: (1) make sure autoplay is disabled on Windows guests or hosts for all drives. XP made this a PITA to do, and I forget what the easiest way is, but you can google for that. (2) Make sure Windows is not "Hiding extensions for known file types". Most of the myths about executable images come from supposed image files which were actually called something like picture.jpg.exe - so these are actually exe's, not JPEGs, except that Windows helpfully hides the important extension.
burninyearnin
Posts: 4
Joined: 8. Jun 2011, 23:40
Primary OS: MS Windows Vista
VBox Version: OSE other
Guest OSses: Ubuntu

Re: How secure is a virtual machine

Post by burninyearnin »

mpack wrote:Personally, I would install a non-resident AV in the guest, such as ClamWin. After running suspect software I would then run a manual scan. If a virus is detected then you can either remove it - or maybe just delete the VM, the ability to do the latter is one of the benefits of using a VM (it helps if you have a basic clone ready to replace it tho).

As to the danger of infecting a host. Well of course if you detect the guest infection immediately (which you should have done if you follow the advice of the last para) then the chances of it propagating to the host is close to zero. However you can use a bit of common sense to eradicate the last iota of danger. Infecting the host requires a communications medium and a helpful host network protocol. One example would be a network share where the share contains executable files which can be infected. Only binary executes need to be considered: nothing else will carry a virus payload unintrusively. So simply make sure that shared folders are empty or readonly or contain nothing remotely executable and nothing can go wrong. You don't need to care about image files etc (the idea that images can distribute viable viruses is a very stupid myth).

As backup you can run a virus check on the host too.

Of course if your guest doesn't use shared folders at all (or USB thumb drives - same thing really), then I can't think of any way in which it can infect the host.

As a separate note on keyloggers: all they can do is log keystrokes from that VMs virtual keyboard. It has no access to the host keyboard. So, provided you don't type anything sensitive in your sandbox VM then that VM can contain as many keyloggers as you like.

All without guarantees of course: most of this is common sense, and I have no way to know how much of that you have.

Final, final notes: (1) make sure autoplay is disabled on Windows guests or hosts for all drives. XP made this a PITA to do, and I forget what the easiest way is, but you can google for that. (2) Make sure Windows is not "Hiding extensions for known file types". Most of the myths about executable images come from supposed image files which were actually called something like picture.jpg.exe - so these are actually exe's, not JPEGs, except that Windows helpfully hides the important extension.
Cool, I should besafe then.

Thanks.
Zium
Posts: 69
Joined: 16. Oct 2009, 23:09
Primary OS: MS Windows XP
VBox Version: OSE other
Guest OSses: Win98, WinXP, Win2003

Re: How secure is a virtual machine

Post by Zium »

mpack wrote:Final, final notes: (1) make sure autoplay is disabled on Windows guests or hosts for all drives. XP made this a PITA to do, and I forget what the easiest way is, but you can google for that.
Best way is to change registry values.
Post Reply