Page 1 of 1
Question about security on Virtual box
Posted: 30. Oct 2019, 13:06
by stan here
I received a message with a file which I don't really trust, some how I feel like I shouldn't run this on my main / host pc so I have decided to open the file inside my VM, my question now is this, assuming the file is infected, is it possible for the virus to break out of the vm and infect my main pc?
Re: Question about security on Virtual box
Posted: 30. Oct 2019, 13:28
by socratis
- Take a Snapshot of the VM.
- Launch the VM without any networking (cables disconnected).
- Create a SharedFolder and copy the file-in-question into the VM.
- Remove the SharedFolder.
- Run the file-in-question inside the VM, see if there's a virus in there.
- Delete the Snapshot reverting the VM to its original state.
- Your Host will never see anything coming in from the Guest.
Re: Question about security on Virtual box
Posted: 30. Oct 2019, 13:39
by mpack
Or simply delete the file without looking at it. That should be automatic when "receiving a message with a file I don't trust".
Testing behaviour inside a VM is not always bulletproof. If the file is executable then it can detect a VM and change its behaviour. Of course this is perfectly safe if you never intend to install on the host regardless of the result of the test.
Re: Question about security on Virtual box
Posted: 30. Oct 2019, 13:44
by Whiskeyjack
stan here wrote:I received a message with a file which I don't really trust, some how I feel like I shouldn't run this on my main / host pc so I have decided to open the file inside my VM, my question now is this, assuming the file is infected, is it possible for the virus to break out of the vm and infect my main pc?
If you do not trust the source don't open the file. Just delete/purge it and blacklist the sender. No one can give you the guarantee you are asking for.
Re: Question about security on Virtual box
Posted: 30. Oct 2019, 15:30
by stan here
socratis wrote:
- Take a Snapshot of the VM.
- Launch the VM without any networking (cables disconnected).
- Create a SharedFolder and copy the file-in-question into the VM.
- Remove the SharedFolder.
- Run the file-in-question inside the VM, see if there's a virus in there.
- Delete the Snapshot reverting the VM to its original state.
- Your Host will never see anything coming in from the Guest.
Can I just make a fresh windows VM with anti virus installed to test run the file? I am sharing internet from my internet device to my pc using usb tethering, assuming there's a virus in my VM, is it possible for the virus to break out of the vm then infect the internet device connected to my pc?
Re: Question about security on Virtual box
Posted: 1. Nov 2019, 02:49
by socratis
As I've mentioned, if there's no connection between the VM and the Host, it's very difficult (if not impossible) to connect the two.
No connection between the Host and the Guest means: No SharedFolders, No Network for the VM.
So if you want this to work, you get the file in the VM, and before you run it, you disconnect your VM. I already mentioned the step-by-step guide already.