I'm new to the whole virtual machine thing, and I have a question about viruses (and trojans, etc). If I am running a session in a virtual machine and I open a suspect file that contains a virus of some sort, is it possible for that virus to infect the host machine?

Logic tells me that if it propagates via network than it would/could, but that if I create a virtual machine that doesn't have access to the network card I should be safe, but I don't understand enough of how it really works to know if that is true.

My concern is that it would somehow jump out of the VM and infect the boot record / trash the hard drive of the host - is that possible?

It shouldn't be able to escape the VM, but as you mention, the network is a point where it could do that. The virus will only have access to the resources within the virtual machine, though. It would have to be a virus which exploited some bug in the VM code for it to get onto the machine itself, I would think.

If you have Shared Folders enabled in the VM which allows the Guest OS inside the VM to "reach out and touch someone," namely the Host OS in some way, shape, or form, then yes, the Host OS becomes vulnerable to infection.

The only true "sandbox" in a VM would be absolutely no network access whatsoever, no external write-access to any devices outside the VM (USB, external drives, etc - optical media doesn't count since it's primarily read-only by and large), thereby keeping it completely locked down and unable to get out of that VM.

Good point, that would also be a vulnerability.. it shouldn't have write access to anything.

Good point, that would also be a vulnerability.. it shouldn't have write access to anything.

i support ,
you should isolate the VM machine from the basic machine , by all means except the network , since the network goes one way only

So it can either be secure (no network access, no shared access), or it can be useful. I'm guessing I could move whatever files I'm suspicious of to the VM and then lock it down before I execute the files - not convenient, but probably workable. Thanks for the advice.

There's a difference between no network access completely, and network access with shared folders/files. It's that folder/file sharing that enables the real possibility of infection - files or data just passing over the network connection will not inherently cause a security breech. It's when the files or data passing over the network has some ground to land on and dig a hole, figuratively speaking.

Running a VM and accessing a network through the provided network code that allows the VM to do such a thing (that sounds convoluted but it makes sense, I promise) doesn't automagically mean "oh shit, I'm vulnerable." It just means care should be taken when it comes to allowing the VM to access network resources such as shared files or folders on the network itself.

Networks don't get infected; machines on the network get infected because they have software on them that gets infected.

Hope that makes sense...

As one who does this every day in their job function, I have some advice.

Disable all folder sharing, network, etc...

Make sure you have the latest Virtual PC client. There have been vulnerabilties in old versions of VMWare and Virtual PC that allowed malware to jailbreak out of VM.

This posting is provided "AS IS" with no warranties, and confers no rights

There's a difference between no network access completely, and network access with shared folders/files. It's that folder/file sharing that enables the real possibility of infection - files or data just passing over the network connection will not inherently cause a security breech. It's when the files or data passing over the network has some ground to land on and dig a hole, figuratively speaking.

Running a VM and accessing a network through the provided network code that allows the VM to do such a thing (that sounds convoluted but it makes sense, I promise) doesn't automagically mean "oh shit, I'm vulnerable." It just means care should be taken when it comes to allowing the VM to access network resources such as shared files or folders on the network itself.

Networks don't get infected; machines on the network get infected because they have software on them that gets infected.

Hope that makes sense...

However, the VM is on your network. A worm can very easily infect the host machine from the network.

This posting is provided "AS IS" with no warranties, and confers no rights

However, the VM is on your network. A worm can very easily infect the host machine from the network.

This posting is provided "AS IS" with no warranties, and confers no rights

Yeah, that's my real fear, that I infect my wife's computer, and my laptop, and my file server - thus greatly amplifying my headaches.

Welcome to the wonderful world of computers... where no one is safe.

Ever. :)

Is this so you can analyze malware, or is this a defense in depth measure?

This posting is provided "AS IS" with no warranties, and confers no rights

Unless you've got some malware that specifically targets the vulnerabilities in the virtualization setup, then I'd treat a VM the same as a physical computer. Personally, I'd be comfortable testing a malware infection within a virtual machine so long as I disable the network connection beforehand and trash the VM afterward (or revert to an earlier snapshot).

Although with the increasing proliferation of x86 virtualization, I'm sure we'll eventually find more malware that'll be VM aware.

Is this so you can analyze malware, or is this a defense in depth measure?

This posting is provided "AS IS" with no warranties, and confers no rights

Partly just for my info, and partly a defense in depth measure. I have no plans to intentionally execute a virus in the VM or anything (to see what it does, for example), just curious if I could use a VM as an additional measure to protect myself.

Unless you've got some malware that specifically targets the vulnerabilities in the virtualization setup, then I'd treat a VM the same as a physical computer. Personally, I'd be comfortable testing a malware infection within a virtual machine so long as I disable the network connection beforehand and trash the VM afterward (or revert to an earlier snapshot).

Although with the increasing proliferation of x86 virtualization, I'm sure we'll eventually find more malware that'll be VM aware.

A lot of malware I deal with on my day to day work is VM aware. If you live search VM Aware Attacks you'll find hundreds of ways to see if the machine is a VM. (Some even one assembly instruction...)


This posting is provided "AS IS" with no warranties, and confers no rights