4.3.14 conflicts with anti-virus packages.

Discussions related to using VirtualBox on Windows hosts.
Locked
J.L.
Posts: 78
Joined: 17. Jan 2013, 07:38
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: LMDE, Ubuntu, Windows XP, Windows 7
Contact:

Re: 4.3.14 conflicts with anti-virus packages.

Post by J.L. »

michaln wrote:
CaptainFlint wrote:I have FlashFolder on my computer installed. This is a free (open source, actually) software, its injection DLL is located in its installation directory, and I strongly suspect that its author does not intend to spend money on buying a valid signature. At least, if I were him I wouldn't.
Well, if others insist on creating security holes, that's one thing, but we can't tolerate it, sorry. If the DLL can't be signed, we can't have it in the VM process. If it's not worth signing, it's probably not worth running anyway :)

I hope you will at least agree that injecting random code into random processes is, in fact, a giant security hole. It's a 1980s design done in a very different world.
It has already been discussed and conveniently moderated how pointless it is for VirtualBox to try to dictate what to do in an infected system. It's simply counterproductive sacrificing security and usability for something like that. VirtualBox already does a great job keeping things from getting out, but host security should be left to the system and user.

What is VirtualBox trying to protect anyways? We're not running hypervisors where the guest may be more important than the host which is bare-metal so you shouldn't have to worry about DLL injections in the first place. I'm absolutely certain that this hardening will only cost Oracle users in real-world situations.
Windows 10 is the actual host, not 8 (no option).
poncho524
Posts: 50
Joined: 5. Mar 2008, 17:38

Re: 4.3.14 conflicts with anti-virus packages.

Post by poncho524 »

How was it this new "feature" also was completely missed in the Changelog??
J.L.
Posts: 78
Joined: 17. Jan 2013, 07:38
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: LMDE, Ubuntu, Windows XP, Windows 7
Contact:

Re: 4.3.14 conflicts with anti-virus packages.

Post by J.L. »

I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.

That should get the message across for hardening and allow the user to still use VirtualBox at their own discretion.
Windows 10 is the actual host, not 8 (no option).
jimnms
Posts: 24
Joined: 7. Mar 2012, 23:01

Re: 4.3.14 conflicts with anti-virus packages.

Post by jimnms »

michaln wrote:
CaptainFlint wrote:The basic criterion isn't whether a DLL is 3rd party or not, it's whether it can be trusted. To establish trust, the DLL must either be located in one of the Windows system directories and authenticode signed, or it must be in the VirtualBox directory and signed with a driver level signature (extension packs). That's the current logic, which will very likely be adjusted.
Apparently it isn't the current logic. Using ProcessExplorer you can see the dll's injected in a process. I had a look at what is in VirtualBox.exe, and every dll is either in the Windows/System32 or VirtualBox directories. On my system, the only non MS or VirtualBox file injected is one called guard64.dll, which is part of the Comodo Internet Security Suite. I'm only using the firewall portion of Comodo and have the guard feature disabled, but apparently it still injects its code. The guard64.dll is located in the Windows/System32 directory and is signed.
annaparker
Posts: 2
Joined: 21. Jul 2014, 15:00

Re: 4.3.14 conflicts with anti-virus packages.

Post by annaparker »

I have no antivirus or firewall. Clean Win7 SP1 x64.

Image
birrellwalsh
Posts: 8
Joined: 18. Jul 2014, 07:17

Re: 4.3.14 conflicts with anti-virus packages.

Post by birrellwalsh »

Please add "AVG - free" to the list of incompatibles.

Umm, I know this is a product made available to us by Oracle (thank you) and it seems ungracious to ask, but...

Any timeline to a fix? I wanted to run linux within it in the upcoming EDX linux course, which begins August 1.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: 4.3.14 conflicts with anti-virus packages.

Post by socratis »

Yes, 4.3.14 is a major problem for Windows users. But (and that should be a big "but". IN CAPITALS!)
Anunes wrote:WHAT is GOING ON? Was the "R3 -Win Hook " Launch error not detect in Beta-testing?
Yes it was (search the forums for 4.3.14RC1). I can bet my head that YOU were not a part of the public beta. What on earth are you willing to bet that earns you the right to shout? Honest question...
J.L. wrote:What is VirtualBox trying to protect anyways?
Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.
You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...
jimnms wrote:every dll is either in the Windows/System32 or VirtualBox directories. On my system, the only non MS or VirtualBox file injected is one called guard64.dll
"guard64.dll" should NOT be in System32 directory. That is a SYSTEM directory. Comodo and Microsoft's failure to follow their own guidelines. Not one to blame VirtualBox (or anyone that actually follows the guidelines).

SUMMARY
Please stop shouting about "verification" and "Quality control" in an OPEN SOURCE project. You (as the end user) are as much responsible as the people that work hard to make this happen. If the sh!t hits the f@n once every blue moon, well... sh!t happens!
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
HJack
Posts: 1
Joined: 23. Jul 2014, 01:13

Re: 4.3.14 conflicts with anti-virus packages.

Post by HJack »

Solved as suggested in
.... /viewtopic.php?f=6&t=62615#p292968
(sorry cannot post urls)


Win7 Pro 64 bit (Italian)
HP G62
4 GB RAM
No antivirus / antispyware
Logged as administrator
Upgraded from previuos version
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: 4.3.14 conflicts with anti-virus packages.

Post by socratis »

birrellwalsh wrote:Any timeline to a fix?
Current timeline (as of 2014.07.23 00:15 GMT). Downgrade to 4.3.12. It will (99,9%) work fine for your course.
Last edited by socratis on 23. Jul 2014, 02:28, edited 1 time in total.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
gregz83
Posts: 4
Joined: 16. Jul 2014, 08:35

Re: 4.3.14 conflicts with anti-virus packages.

Post by gregz83 »

Well, for now I have given up and gone back to 4.3.12-93733

download.virtualbox.org/virtualbox/4.3.12/

Call me when you fix it. :P
J.L.
Posts: 78
Joined: 17. Jan 2013, 07:38
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: LMDE, Ubuntu, Windows XP, Windows 7
Contact:

Re: 4.3.14 conflicts with anti-virus packages.

Post by J.L. »

socratis wrote:
J.L. wrote:What is VirtualBox trying to protect anyways?
Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.
You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...
That are using virtual machines, funny. Aren't they the same people that needs the protection of anti-virus software which are incompatible right now? Let's be realistic here.

LOL, that's why my idea isn't what you've suggested. The user decides what gets approved on their own system, and that includes VirtualBox itself.
Windows 10 is the actual host, not 8 (no option).
MarcSant
Posts: 8
Joined: 22. Jul 2014, 13:22

Re: 4.3.14 conflicts with anti-virus packages.

Post by MarcSant »

J.L. wrote:
socratis wrote:
J.L. wrote:What is VirtualBox trying to protect anyways?
Naive and ignorant people.
J.L. wrote:I have an idea. How about VirtualBox display a warning with every "suspicious" DLL listed, and allows the user to bypass it? Preferably with a remember choice for specific DLLs.
You're free to contribute to the whitelist DLLs (doesn't exist yet; feel free to start a thread; or modify the source code; it's open source). As far as I know there's still incoming fire. Would you volunteer to be the head of what gets approved and what doesn't? You have my vote of confidence to be the leader! Be careful that you don't miss one, cause I'm gonna be shouting. Loudly...
That are using virtual machines, funny. Aren't they the same people that needs the protection of anti-virus software which are incompatible right now? Let's be realistic here.

LOL, that's why my idea isn't what you've suggested. The user decides what gets approved on their own system, and that includes VirtualBox itself.
Sorry for the dumb question but, what about the people that don't have an AV product installed? I made a factory recover for my Dell machine, without any program of fix installed, just OS (Windows 8 Professional), installed VB and restored VM images, and in the end I got the same error.

So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: 4.3.14 conflicts with anti-virus packages.

Post by Perryg »

So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.
Its not the only cause. I understand that it gets lost with all the me too replies. Read the top post.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: 4.3.14 conflicts with anti-virus packages.

Post by socratis »

J.L. wrote:that's why my idea isn't what you've suggested. The user decides what gets approved on their own system
J.L. wrote:How about VirtualBox (1) display a warning with (2) every "suspicious" DLL listed, and (3) allows the user to bypass it? Preferably with a (4) remember choice for (5) specific DLLs.
No, your idea is not even close to 1/5 of your idea (hint: the red ones are steps that have to be done in the source code).

@MarcSant
It's not just about antivirus. It's about any process that injects a DLL in another process. Graphic card drivers like NVidia for example have been known of doing that, as well as window (re)management utilities. That is not an exclusive list by any means.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
J.L.
Posts: 78
Joined: 17. Jan 2013, 07:38
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: LMDE, Ubuntu, Windows XP, Windows 7
Contact:

Re: 4.3.14 conflicts with anti-virus packages.

Post by J.L. »

MarcSant wrote:Sorry for the dumb question but, what about the people that don't have an AV product installed? I made a factory recover for my Dell machine, without any program of fix installed, just OS (Windows 8 Professional), installed VB and restored VM images, and in the end I got the same error.

So, I presume that Av incompatible are not the point here: we are facing some kind of bug in the product, and in my opinion will be fixed soon. For those that need VB up and running again just remove the newer version and install the old one. Simple as that.
Not really a dumb question, but are you sure you're replying to the right post? I only said AV as an example in that case. Any non-whitelisted DLL injection could be the cause, as I've said before.

Unfortunately, I have a feeling they will treat it as a feature instead of a bug. Don't forget to download new guest additions if you want some more bugs fixed.
Windows 10 is the actual host, not 8 (no option).
Locked