If I opened a virus-infected file on a Virtual PC..

[nX07]

I was wondering, if I was running a Virtual PC, with a Virtual HardDisk, and opened a virus-infected file on that VirtualPC.. would the host computer be affected?

[chroniX]

if you disconnect the virtual pc from your network and disable all the network adapters , you should be safe.

[S7un7]

Not quick enough...

[NienorGT]

If it's on the network and the virus is a network worm or something like that, possible. If it spread via Internet, you just make a useless +1 on the number of infected PCs... Otherwise, I don't see how it could get infected. But I don't see the reason why you would want to open a virus.

[Iian K]

Why would you want to do that anyway?

[nX07]

I sometimes have to open files that are questionable, so I figure I'd rather be safer than sorry.

[NienorGT]

You "have" :blink:

I still not understand...

[nX07]

You "have" :blink:

I still not understand...

It's not really needed to go into further explanation, but sometimes thats the situation I am in. :p

[Xerxes]

I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection?

[nX07]

I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection?

Good question :o

[Lt-DavidW]

Good question :o

+1, and what about viruses that target the MBR?

Are there any programs that can tell whether or not they are running on a Virtual PC and if so, how?

[berz]

No, it would not infect the host PC.

[XerXis]

I'm just curious about one thing, since the virtual machine uses the memory from the host, is it possible that once the virus gets loaded into memory it could infect the host PC? or is the memory reserved for the virtual machine in a sorta "sand box" that would protect the host PC from infection?

Since the days of protected memory a process can only access the memory it allocated, every application is "sandboxed" in this way. Even when you are not running a virtual pc. Further more, your MBR in a virtual pc is an emulated one. A virus in a virtual pc can not affect your real MBR. That is, as long as there is no network connection between your virtual pc and real OS

[PENGUINwithM4A1]

Why not invest in a good AV software?

[Victor V.]

Why not invest in a good AV software?

AV software are definitely not 100%. Get one and try a porn site, to see what you get =O

[Rob Veteran]

Virtualised environments are fully sandboxed so you can open any file you want in them and you'll be 100% safe.

It's when you start bridging the sandboxed environment for reasons of convenience that things start getting hazy. If you have network connections between the virtualised environment and the host, then a network worm could propagate. Also, though there's never been any proof-of-concept code that I'm aware of, it would be possible to exploit any vulnerability in the 'virtual machine extensions'. These extensions are the applications that run on the host and virtual PC allowing things like dragging and dropping of files, freely moving the cursor between the environments etc. It's theoretically possible that, should a vulnerability exist here in what is effectively a bridge between the two environments, a buffer overflow could result in malicious code executing on the host. As I say, I've never read of this actually occurring.

Short answer is yes, you're 100% safe, if you close any network connections like shared drives. Long answer is yes you're safe, but there's theoretical vulnerabilities that are interesting for academic study.

And yes, I wrote a 6,000-word essay on this subject at university. :p

[Lt-DavidW]

AV software are definitely not 100%. Get one and try a porn site, to see what you get =O

Spam?

[SAXD]

AV software are definitely not 100%. Get one and try a porn site, to see what you get =O

You get porn?

[kurtbel]

AV software are definitely not 100%. Get one and try a porn site, to see what you get =O

If the AV didn?t detected how could you see something? (besides the girls :)) )

[hdood]

Since the days of protected memory a process can only access the memory it allocated, every application is "sandboxed" in this way.

This isn't strictly speaking true for the Windows platform. You are only protected from accidentally manipulating other processes.

As for the VM. You're safe provided you don't share files that could be infected in it back with the host OS. For malicious code running in the VM to infect the host OS, it would have to be written specifically for it. In other words it would have to know that it's running virtualized, then exploit a bug in the virtualization software (Virtual PC) which would give it access to the host machine. This is theoretically possible, but I've never heard of it actually happening.

[Kami-]

Hi,

Just so you know, I routinely open Virus infected files in a Virtual environment, for study purposes, my host machine has never been troubled by anything from within the Virtual environment.

So in conclusion, I'd say your fairly safe.

[+Warwagon MVC]

Actually Sandboxie running on a 32bit Virtual Machine is a great combination.

That's how I test stuff out.

[bobsta]

This isn't strictly speaking true for the Windows platform. You are only protected from accidentally manipulating other processes.

Would care to explain how exactly one would "non-accidentally" access memory not requested by the process from the process?

I was under the impression from my university course that only the process that requested the memory had access to it. Apart from system processes which clean up memory and other processes.

From what I have learned the OP is 100% safe, as long as the observe the exceptions which apply to all pcs(i.e. publicly shared network folders, unsafe network connections...), also some virtualisation software's shared folder feature should be turned off.

Otherwise, VMs are great environments to observe and learn from how viruses work.

( NB: All from a security standpoint - I am majoring in Network security in my BIT )

[hdood]

Would care to explain how exactly one would "non-accidentally" access memory not requested by the process from the process?

Provided you have access to the process (you need debug privileges if the process belongs to another user, and you can't touch DRM-related processes as they have a special protected status), you can simply open it and call Read/WriteProcessMemory and even call things like CreateRemoteThread to run code in it.