Viruses malware with Windows host

[ewgoforth]

Hello,

A couple times I've seen warnings coming from my Windows host's anti-virus software when going to web pages on my Virtual Box client which is running Linux. One time this was while I was using Tor on my Linux client, although I also had an inactive regular Firefox window open as well.

I was doing this specifically because I was concerned that the links I was visiting might be a bit dodgy. From the reading I've done it sounds like malware would have a very difficult, but not impossible time, infecting my host OS, but this has made me wonder. I guess my Avast anti-virus is sniffing all the traffic going through my Windows box as some kind of proxy and it sees the Virtual Box - Linux client as just another process on my box. I'm surprised that it would be able to sniff encrypted traffic that was going via Tor.

-Eric

[noteirak]

You are most likely using NAT mode, in which case the traffic is only encrypted until your host (if the Tor client is in your host), afterwards it is handled by the Virtualbox process of the VM.
If you want this to be invisible to the host, you have to use Bridged.

[ewgoforth]

You are most likely using NAT mode, in which case the traffic is only encrypted until your host (if the Tor client is in your host), afterwards it is handled by the Virtualbox process of the VM.
If you want this to be invisible to the host, you have to use Bridged.

Actually the Tor client was in my client, not my host.

[mpack]

All network traffic must have a valid TCP/IP header for it to be delivered at all. I don't know what checks your host antivirus is doing, but it's perfectly possible that it could raise alerts based on the header contents (e.g. IP address of known-dodgy site), without being able to decrypt the payload.