Join 3,424 readers in helping fund MetaFilter (Hide)


Is it safe? Is it?!
August 29, 2012 6:46 PM   Subscribe

How safe is a virtual machine for testing unknown software or browsing unknown websites?

I'm running Windows XP in a virtual machine using VMWare, and I'm wondering how safe it is to test software or browse potentially unsafe websites in it?

Is there any chance for something malicious (application or website) to take control of the VM and then (somehow) spillover in to the main operating system? My limited insight into IT and security points me toward "no", but are there any vulnerabilities?

Any information or links are appreciated.
posted by apip to Computers & Internet (9 answers total) 2 users marked this as a favorite
 
Basically, no. I assume you're using VMWare or something like that? A VM is as strong a sandbox as you'll ever come across. I can't imagine a way that loading a website inside your VM could possibly affect your native OS.
posted by deathpanels at 6:54 PM on August 29, 2012


Don't share your native filesystem with the VM, and you should be fine.
posted by aubilenon at 7:01 PM on August 29, 2012 [2 favorites]


Here are a couple of links I found. It looks like an attack on the host is possible, but perhaps still more a theoretical than practical concern: [security.stackexchange.com] 1, 2.
posted by en forme de poire at 7:06 PM on August 29, 2012


Fairly safe. One precaution I'd take would be to not allow file sharing between your host and guest. But even that would be a little over cautious for most cases. If file sharing is allowed, you'll want to be sure that your guest does not share the same username/password combination as any of your host's local admins...this will help prevent any unintended access to admin shares in the event you pick up a nasty worm (the more I think of it..if you really want to harden defenses, operating in bridged mode while blocking your guest via firewall might be the way to go...who knows when the next big 0day network service vulnerability will crop up? The risk is fairly low...but it'd be one less thing to worry about)
posted by samsara at 7:10 PM on August 29, 2012 [1 favorite]


As others mentioned, there's not much of a chance of malware crossing into the host.

But, social engineering issues are just as present as always. If a website uses an exploit to get your Google or Facebook credentials, you're just as screwed. If some software convinces you to give it your personal data, ditto.

To minimize the chances of this sort of thing:

1. As much as is reasonable, use a separate VMs per sketchy application or sketchy website.
2. Do not visit multiple sites at a time in the VM.
3. Do not even visit multiple sites one after the other if you can help it. If a site needs a login, log out as soon as you're done.
4. Do not, ever, visit your regular websites in the VM. Don't give sketchy sites any real information, or allow them to connect with your accounts on normal sites.
5. Try not to move files on or off of the VM. Turn off any VM features like "Shared Folders". Even sharing the clipboard (for copy-paste) could be a problem in some circumstances.
6. Every time you're done using the VM, reset it to a known state. Most VM software has a "Snapshots" feature that lets you do this.
posted by vasi at 9:38 PM on August 29, 2012 [1 favorite]


The only big VM threat that's making the rounds right now infects from the host OS into VMs, not the other way around: Crisis malware targets virtual machines.
posted by NortonDC at 11:11 PM on August 29, 2012


As en forme's first link points out, if your VM hosts a network based attacker then the VM can affect any other machines it can reach. For best security isolate filesystems and network resources.
posted by epo at 6:40 AM on August 30, 2012


Along with all of the advice above, one of the safer ways you can do it is to run your Windows XP virtual machine on an entirely different host platform (for example 64-bit Linux with 3.2.0+ kernel) to avoid the remote possibility of accidentally executing anything.

For example if you download a suspicious .exe file using the host OS, and later use sftp to transfer it to the VM, avoiding any sharing of the host's filesystem with the VM, there's no way that you can accidentally run the .exe on the host and infect yourself. Actually you could screw up a WINE install pretty good by running a trojan in it.... But that's another case entirely.
posted by thewalrus at 12:28 PM on August 30, 2012


There's an OS that aims to streamline this for you:

http://www.theregister.co.uk/2012/09/05/qubes_secure_os_released/
posted by armoir from antproof case at 11:27 PM on September 6, 2012


« Older What are some quick tricks or ...   |  I have a home imac and a work ... Newer »
This thread is closed to new comments.