Are virtual machines safe

[2canSAM]

I have a copy of VMware workstation and was wanting to mess aroung with some other OS's. It is my understanding that anything done inside a virtual machine does not affect the actual OS. I really want to dig into XP and mess with settings on group policy and services and crap but want to make sure I will not hose my main machine. I also want to install some viruses and see what they do. This of course would not be networked.

 

[xtknight]

That's right, as long as you don't give it access to your physical hard disk. Of course, damage can be done through the network too (but you covered that). Don't allow the VM access to the network or physical disks and you'll be fine.

 

[M00T]

I'd never consciously play with virii on any box which I need to use on a regular basis. Even if you run vmware, you are playing with fire. Use a separate hard drive or a different machine.

 

[Nothinman]

Even if you run vmware, you are playing with fire. Use a separate hard drive or a different machine.

No he's not, if he disables all network connectivity he'll be fine and even if he doesn't as long as he's not using an account with access to the host via the network he'll be fine. The chances of him infecting himself are pretty slim and using a seperate hard drive is less safe unless you physically remove the other while messing around and that's a much bigger PITA.

 

[spyordie007]

Originally posted by: Nothinman

Even if you run vmware, you are playing with fire. Use a separate hard drive or a different machine.

No he's not, if he disables all network connectivity he'll be fine and even if he doesn't as long as he's not using an account with access to the host via the network he'll be fine. The chances of him infecting himself are pretty slim and using a seperate hard drive is less safe unless you physically remove the other while messing around and that's a much bigger PITA.

If it has no network connectivity, does not use a physical hard drive and doesnt share folders with the host than he's going to be very safe since there wouldnt be a path for an infection within the virtual machine to get to the host.

However by default networking and shared folders are enabled, if your VM gets infected by something that is broadcasting out the network your host machine is going to be at risk.

So simply running a VM in-and-of-itself isnt going to keep everything safe; there needs to be some inteligent thinking before said fire is played with.

 

[M00T]

Very well. I offered an opinion.

 

[2canSAM]

Thanks all. The machine I play with virii on will be locked down. No network, a virtual HDD, and no shared folders.

 

[Nothinman]

So simply running a VM in-and-of-itself isnt going to keep everything safe; there needs to be some inteligent thinking before said fire is played with.

Of course, but one would assume that if you're going to test sometihng potentially dangerous that you're not going to simply take the defaults and hope for the best.

 

[networkman]

We recently deployed 220 brand new Dell systems to our Public PC positions in our library system, where we run a tightly locked down host OS of XPProSp2 and then a virtual session of the same OS using a VMWare clone that we built and configured beforehand. Everything is tuned and protected with a combination of Group Policy and NTFS permissions. So far, the results(after a month) are nearly exactly as planned and tested for beforehand.

The user running in the virtual session is not allowed to fully run rampant of course, but we've yet to encouter a problem with a change in the vm session hosing the host os. 🙂

 

[jlbenedict]

Originally posted by: 2canSAM
Thanks all. The machine I play with virii on will be locked down. No network, a virtual HDD, and no shared folders.

When you go through the virtual machine creation wizard, I believe one NIC is initially added to the virtual machine. After you finish creating the virtual machine, edit the virtual machine settings; remove the NIC and you should be good to go.

Make your virtual HDD a static sized drive, not dynamic.

Share folders is not enabled by default, so you should be safe there. To actually enable them, you have to edit the configuration.

 

[M00T]

Keep up with the vmware updates

The flaw presents the biggest risk to malware researchers who use VMWare's virtual computing software during the audition of virus, spyware and rootkit files. It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.

 

[n0cmonkey]

Originally posted by: M00T
Keep up with the vmware updates

The flaw presents the biggest risk to malware researchers who use VMWare's virtual computing software during the audition of virus, spyware and rootkit files. It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.

That's why if you're testing Windows based OSes in the virtual machine you run VMWare on a Linux system, and vice versa if you roll that way.

 

[spyordie007]

Originally posted by: n0cmonkey

Originally posted by: M00T
Keep up with the vmware updates

The flaw presents the biggest risk to malware researchers who use VMWare's virtual computing software during the audition of virus, spyware and rootkit files. It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.

That's why if you're testing Windows based OSes in the virtual machine you run VMWare on a Linux system, and vice versa if you roll that way.

Correct me if I'm wrong but this sounds like this is a flaw with the host, not the client. So an exploit could be written for either (or both), regardless of what OS the client is running.

Originally posted by: Nothinman

So simply running a VM in-and-of-itself isnt going to keep everything safe; there needs to be some inteligent thinking before said fire is played with.

Of course, but one would assume that if you're going to test sometihng potentially dangerous that you're not going to simply take the defaults and hope for the best.

My response was mostly directed at M00T's comment regarding it not being safe, however time to get on my soapbox... :roll:

Security is about sound judgement. If you simply perform actions suggested by "security experts" you are probably only moderatly better off than if you did nothing at all.

This is why I qualified my comment with the "inteligent thinking" bit. Sound design should always be part of the plan 😉

...The question was "Are virtual machines safe" and the best answer is "They can be".

 

[jlbenedict]

Originally posted by: spyordie007

Originally posted by: n0cmonkey

Originally posted by: M00T
Keep up with the vmware updates

The flaw presents the biggest risk to malware researchers who use VMWare's virtual computing software during the audition of virus, spyware and rootkit files. It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.

That's why if you're testing Windows based OSes in the virtual machine you run VMWare on a Linux system, and vice versa if you roll that way.

Correct me if I'm wrong but this sounds like this is a flaw with the host, not the client. So an exploit could be written for either (or both), regardless of what OS the client is running.

Originally posted by: Nothinman

So simply running a VM in-and-of-itself isnt going to keep everything safe; there needs to be some inteligent thinking before said fire is played with.

Of course, but one would assume that if you're going to test sometihng potentially dangerous that you're not going to simply take the defaults and hope for the best.

My response was mostly directed at M00T's comment regarding it not being safe, however time to get on my soapbox... :roll:

Security is about sound judgement. If you simply perform actions suggested by "security experts" you are probably only moderatly better off than if you did nothing at all.

This is why I qualified my comment with the "inteligent thinking" bit. Sound design should always be part of the plan 😉

...The question was "Are virtual machines safe" and the best answer is "They can be".

I believe the article states the flaw lies within Vmware's NAT service; which of course, this service runs on the host machine..

 

[spyordie007]

I figured so much, but only read the first few sentances of the article 😱

 

[Nothinman]

...The question was "Are virtual machines safe" and the best answer is "They can be".

You can substitute virtual machines with just about anything in that sentence. =)

 

[kobymu]

Originally posted by: Nothinman

...The question was "Are virtual machines safe" and the best answer is "They can be".

You can substitute virtual machines with just about anything in that sentence. =)

lol

Originally posted by: n0cmonkey
That's why if you're testing Windows based OSes in the virtual machine you run VMWare on a Linux system, and vice versa if you roll that way.

What if you are bi ? 😱