nX07 Posted January 25, 2008 Share Posted January 25, 2008 I was wondering, if I was running a Virtual PC, with a Virtual HardDisk, and opened a virus-infected file on that VirtualPC.. would the host computer be affected? Link to comment Share on other sites More sharing options...
chroniX Posted January 25, 2008 Share Posted January 25, 2008 if you disconnect the virtual pc from your network and disable all the network adapters , you should be safe. Link to comment Share on other sites More sharing options...
S7un7 Posted January 25, 2008 Share Posted January 25, 2008 Not quick enough... Link to comment Share on other sites More sharing options...
NienorGT Posted January 25, 2008 Share Posted January 25, 2008 If it's on the network and the virus is a network worm or something like that, possible. If it spread via Internet, you just make a useless +1 on the number of infected PCs... Otherwise, I don't see how it could get infected. But I don't see the reason why you would want to open a virus. Link to comment Share on other sites More sharing options...
Iian K Posted January 25, 2008 Share Posted January 25, 2008 Why would you want to do that anyway? Link to comment Share on other sites More sharing options...
nX07 Posted January 25, 2008 Author Share Posted January 25, 2008 I sometimes have to open files that are questionable, so I figure I'd rather be safer than sorry. Link to comment Share on other sites More sharing options...
NienorGT Posted January 25, 2008 Share Posted January 25, 2008 You "have" :blink: I still not understand... Link to comment Share on other sites More sharing options...
nX07 Posted January 25, 2008 Author Share Posted January 25, 2008 You "have" :blink:I still not understand... It's not really needed to go into further explanation, but sometimes thats the situation I am in. :p Link to comment Share on other sites More sharing options...
Xerxes Posted January 25, 2008 Share Posted January 25, 2008 I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection? Link to comment Share on other sites More sharing options...
nX07 Posted January 25, 2008 Author Share Posted January 25, 2008 I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection? Good question :o Link to comment Share on other sites More sharing options...
Lt-DavidW Posted January 25, 2008 Share Posted January 25, 2008 Good question :o +1, and what about viruses that target the MBR? Are there any programs that can tell whether or not they are running on a Virtual PC and if so, how? Link to comment Share on other sites More sharing options...
berz Posted January 25, 2008 Share Posted January 25, 2008 No, it would not infect the host PC. Link to comment Share on other sites More sharing options...
XerXis Posted January 25, 2008 Share Posted January 25, 2008 I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection? Since the days of protected memory a process can only access the memory it allocated, every application is "sandboxed" in this way. Even when you are not running a virtual pc. Further more, your MBR in a virtual pc is an emulated one. A virus in a virtual pc can not affect your real MBR. That is, as long as there is no network connection between your virtual pc and real OS Link to comment Share on other sites More sharing options...
PENGUINwithM4A1 Posted January 25, 2008 Share Posted January 25, 2008 Why not invest in a good AV software? Link to comment Share on other sites More sharing options...
Victor V. Posted January 25, 2008 Share Posted January 25, 2008 Why not invest in a good AV software? AV software are definitely not 100%. Get one and try a porn site, to see what you get =O Link to comment Share on other sites More sharing options...
Rob Veteran Posted January 25, 2008 Veteran Share Posted January 25, 2008 Virtualised environments are fully sandboxed so you can open any file you want in them and you'll be 100% safe. It's when you start bridging the sandboxed environment for reasons of convenience that things start getting hazy. If you have network connections between the virtualised environment and the host, then a network worm could propagate. Also, though there's never been any proof-of-concept code that I'm aware of, it would be possible to exploit any vulnerability in the 'virtual machine extensions'. These extensions are the applications that run on the host and virtual PC allowing things like dragging and dropping of files, freely moving the cursor between the environments etc. It's theoretically possible that, should a vulnerability exist here in what is effectively a bridge between the two environments, a buffer overflow could result in malicious code executing on the host. As I say, I've never read of this actually occurring. Short answer is yes, you're 100% safe, if you close any network connections like shared drives. Long answer is yes you're safe, but there's theoretical vulnerabilities that are interesting for academic study. And yes, I wrote a 6,000-word essay on this subject at university. :p Link to comment Share on other sites More sharing options...
Lt-DavidW Posted January 25, 2008 Share Posted January 25, 2008 AV software are definitely not 100%. Get one and try a porn site, to see what you get =O Spam? Link to comment Share on other sites More sharing options...
SAXD Posted January 25, 2008 Share Posted January 25, 2008 AV software are definitely not 100%. Get one and try a porn site, to see what you get =O You get porn? Link to comment Share on other sites More sharing options...
kurtbel Posted September 30, 2009 Share Posted September 30, 2009 AV software are definitely not 100%. Get one and try a porn site, to see what you get =O If the AV didn?t detected how could you see something? (besides the girls :)) ) Link to comment Share on other sites More sharing options...
hdood Posted September 30, 2009 Share Posted September 30, 2009 Since the days of protected memory a process can only access the memory it allocated, every application is "sandboxed" in this way. This isn't strictly speaking true for the Windows platform. You are only protected from accidentally manipulating other processes. As for the VM. You're safe provided you don't share files that could be infected in it back with the host OS. For malicious code running in the VM to infect the host OS, it would have to be written specifically for it. In other words it would have to know that it's running virtualized, then exploit a bug in the virtualization software (Virtual PC) which would give it access to the host machine. This is theoretically possible, but I've never heard of it actually happening. Link to comment Share on other sites More sharing options...
Kami- Posted October 1, 2009 Share Posted October 1, 2009 Hi, Just so you know, I routinely open Virus infected files in a Virtual environment, for study purposes, my host machine has never been troubled by anything from within the Virtual environment. So in conclusion, I'd say your fairly safe. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted October 2, 2009 MVC Share Posted October 2, 2009 Actually Sandboxie running on a 32bit Virtual Machine is a great combination. That's how I test stuff out. Link to comment Share on other sites More sharing options...
bobsta Posted October 2, 2009 Share Posted October 2, 2009 This isn't strictly speaking true for the Windows platform. You are only protected from accidentally manipulating other processes. Would care to explain how exactly one would "non-accidentally" access memory not requested by the process from the process? I was under the impression from my university course that only the process that requested the memory had access to it. Apart from system processes which clean up memory and other processes. From what I have learned the OP is 100% safe, as long as the observe the exceptions which apply to all pcs(i.e. publicly shared network folders, unsafe network connections...), also some virtualisation software's shared folder feature should be turned off. Otherwise, VMs are great environments to observe and learn from how viruses work. ( NB: All from a security standpoint - I am majoring in Network security in my BIT ) Link to comment Share on other sites More sharing options...
hdood Posted October 3, 2009 Share Posted October 3, 2009 Would care to explain how exactly one would "non-accidentally" access memory not requested by the process from the process? Provided you have access to the process (you need debug privileges if the process belongs to another user, and you can't touch DRM-related processes as they have a special protected status), you can simply open it and call Read/WriteProcessMemory and even call things like CreateRemoteThread to run code in it. Link to comment Share on other sites More sharing options...
Recommended Posts