Is it safe? Is it?!
August 29, 2012 6:46 PM Subscribe
How safe is a virtual machine for testing unknown software or browsing unknown websites?
I'm running Windows XP in a virtual machine using VMWare, and I'm wondering how safe it is to test software or browse potentially unsafe websites in it?
Is there any chance for something malicious (application or website) to take control of the VM and then (somehow) spillover in to the main operating system? My limited insight into IT and security points me toward "no", but are there any vulnerabilities?
Any information or links are appreciated.
I'm running Windows XP in a virtual machine using VMWare, and I'm wondering how safe it is to test software or browse potentially unsafe websites in it?
Is there any chance for something malicious (application or website) to take control of the VM and then (somehow) spillover in to the main operating system? My limited insight into IT and security points me toward "no", but are there any vulnerabilities?
Any information or links are appreciated.
Best answer: Don't share your native filesystem with the VM, and you should be fine.
posted by aubilenon at 7:01 PM on August 29, 2012 [2 favorites]
posted by aubilenon at 7:01 PM on August 29, 2012 [2 favorites]
Best answer: Here are a couple of links I found. It looks like an attack on the host is possible, but perhaps still more a theoretical than practical concern: [security.stackexchange.com] 1, 2.
posted by en forme de poire at 7:06 PM on August 29, 2012
posted by en forme de poire at 7:06 PM on August 29, 2012
Best answer: Fairly safe. One precaution I'd take would be to not allow file sharing between your host and guest. But even that would be a little over cautious for most cases. If file sharing is allowed, you'll want to be sure that your guest does not share the same username/password combination as any of your host's local admins...this will help prevent any unintended access to admin shares in the event you pick up a nasty worm (the more I think of it..if you really want to harden defenses, operating in bridged mode while blocking your guest via firewall might be the way to go...who knows when the next big 0day network service vulnerability will crop up? The risk is fairly low...but it'd be one less thing to worry about)
posted by samsara at 7:10 PM on August 29, 2012 [1 favorite]
posted by samsara at 7:10 PM on August 29, 2012 [1 favorite]
Best answer: As others mentioned, there's not much of a chance of malware crossing into the host.
But, social engineering issues are just as present as always. If a website uses an exploit to get your Google or Facebook credentials, you're just as screwed. If some software convinces you to give it your personal data, ditto.
To minimize the chances of this sort of thing:
1. As much as is reasonable, use a separate VMs per sketchy application or sketchy website.
2. Do not visit multiple sites at a time in the VM.
3. Do not even visit multiple sites one after the other if you can help it. If a site needs a login, log out as soon as you're done.
4. Do not, ever, visit your regular websites in the VM. Don't give sketchy sites any real information, or allow them to connect with your accounts on normal sites.
5. Try not to move files on or off of the VM. Turn off any VM features like "Shared Folders". Even sharing the clipboard (for copy-paste) could be a problem in some circumstances.
6. Every time you're done using the VM, reset it to a known state. Most VM software has a "Snapshots" feature that lets you do this.
posted by vasi at 9:38 PM on August 29, 2012 [1 favorite]
But, social engineering issues are just as present as always. If a website uses an exploit to get your Google or Facebook credentials, you're just as screwed. If some software convinces you to give it your personal data, ditto.
To minimize the chances of this sort of thing:
1. As much as is reasonable, use a separate VMs per sketchy application or sketchy website.
2. Do not visit multiple sites at a time in the VM.
3. Do not even visit multiple sites one after the other if you can help it. If a site needs a login, log out as soon as you're done.
4. Do not, ever, visit your regular websites in the VM. Don't give sketchy sites any real information, or allow them to connect with your accounts on normal sites.
5. Try not to move files on or off of the VM. Turn off any VM features like "Shared Folders". Even sharing the clipboard (for copy-paste) could be a problem in some circumstances.
6. Every time you're done using the VM, reset it to a known state. Most VM software has a "Snapshots" feature that lets you do this.
posted by vasi at 9:38 PM on August 29, 2012 [1 favorite]
The only big VM threat that's making the rounds right now infects from the host OS into VMs, not the other way around: Crisis malware targets virtual machines.
posted by NortonDC at 11:11 PM on August 29, 2012
posted by NortonDC at 11:11 PM on August 29, 2012
As en forme's first link points out, if your VM hosts a network based attacker then the VM can affect any other machines it can reach. For best security isolate filesystems and network resources.
posted by epo at 6:40 AM on August 30, 2012
posted by epo at 6:40 AM on August 30, 2012
Along with all of the advice above, one of the safer ways you can do it is to run your Windows XP virtual machine on an entirely different host platform (for example 64-bit Linux with 3.2.0+ kernel) to avoid the remote possibility of accidentally executing anything.
For example if you download a suspicious .exe file using the host OS, and later use sftp to transfer it to the VM, avoiding any sharing of the host's filesystem with the VM, there's no way that you can accidentally run the .exe on the host and infect yourself. Actually you could screw up a WINE install pretty good by running a trojan in it.... But that's another case entirely.
posted by thewalrus at 12:28 PM on August 30, 2012
For example if you download a suspicious .exe file using the host OS, and later use sftp to transfer it to the VM, avoiding any sharing of the host's filesystem with the VM, there's no way that you can accidentally run the .exe on the host and infect yourself. Actually you could screw up a WINE install pretty good by running a trojan in it.... But that's another case entirely.
posted by thewalrus at 12:28 PM on August 30, 2012
There's an OS that aims to streamline this for you:
http://www.theregister.co.uk/2012/09/05/qubes_secure_os_released/
posted by armoir from antproof case at 11:27 PM on September 6, 2012
http://www.theregister.co.uk/2012/09/05/qubes_secure_os_released/
posted by armoir from antproof case at 11:27 PM on September 6, 2012
This thread is closed to new comments.
posted by deathpanels at 6:54 PM on August 29, 2012