Using virtual machine to open suspicious PDF files.


  1. Posts : 110
    Windows 7 Professional x64
       #1

    Using virtual machine to open suspicious PDF files.


    How safe is it to open an infected file on a virtual machine? Is there no chance that the computer hosting the VM will get infected?

    What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB stick to the computer that is hosting the Virtual Machine?

    thanks
      My Computer


  2. Posts : 10,485
    W7 Pro SP1 64bit
       #2

    bishop101 said:
    How safe is it to open an infected file on a virtual machine?...
    It depends on how the VM is setup, flaws in the VM software, the type of infection and the person operating the host and VM.


    bishop101 said:
    ...Is there no chance that the computer hosting the VM will get infected?...
    There is always a chance of infection. All you can do is lessen the chance to an acceptable level.


    bishop101 said:
    ...What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB stick to the computer that is hosting the Virtual Machine?...
    It depends on how the VM is setup, flaws in the VM software, the type of infection and the person operating the host and VM. You can tell the VM to not use USB connections from the host... but, if the VM software is flawed, it might use the USB anyway under certain conditions.


    Other considerations for using a VM to work with suspicious files:
    The VM should be frozen (it should not save any changes made to it).
    The VM should not have any connections to the host OS...
    ...no mapped drive letters or UNC connection
    ...no USB, CD, DVD...
    ...no drag/drop for moving files between VM and host.
    The VM should be on its own isolated network*...
    ...or disconnected** from all networks before opening the file(s) in question.

    *Preferably using a network interface that is connected to a different ISP than the host - since some ISPs treat all connections coming out of one neighborhood as one network.

    **If disconnecting from all networks, the VM should exit (revert to pristine) before network connections are enabled again.

    The caveat to the info above is: I am not a security expert.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:00.
Find Us