Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Securely Open Uncertain Files in Virtual Box

19 Nov 2015   #1
BretMan

Windows 7 Ultimate x64
 
 
Securely Open Uncertain Files in Virtual Box

Hello,

I regularly receive files by email from new contacts. Although I may trust the sender, I may not trust the PC's or smartphones they're coming from since most people procrastinate with virus scans. On rare occasions I've been victimized by malware in one of the files sent but fortunately my anti-virus has spotted them right away. Yet, I don't want to rely on this detection as antivirus software is always in catch-up mode and one day I may get infected by malware that's not yet recognized.

I've heard about a way to open downloaded files inside a secure virtual environment so if there is malware present it stays inside that virtual environment and can't infect my PC. Also, I'd be able to scan it for malware while in there too.

I don't understand how this works. I've heard of a "sandbox" for browsers, which seem to be kind of the same idea but it's just for isolating potential malware that may be picked up while browsing online. I've also heard of "virtual machines" but I'm not sure that's what I'm looking for as I understand them to work off a network and seem complicated. I don't have a network, just individual PCs

Basically what I want is a virtual space that I would access downloaded files from and scan and open them in there too. Somehow, whatever applicable program is needed to open them will work in there and if there's malware, it won't affect that program or my PC.

If anyone knows about this please give me some guidance and education about how this would work or if it can even be done.

Thank you.


My System SpecsSystem Spec
.
02 Dec 2015   #2
up2trix

Windows 7 Pro
 
 

Bret: in short, yes, doing untrusted actions inside a virtual machine is a huge step forward in security. Opening files from dubious sources, doing general web browsing (in that link, scroll down to the "Use of Virtual Machines" section), etc.

You have got to do some background research first, tho, to educate yourself on the basics of virtualization.

I started my own experimentation using VirtualBox on top of a Win 7 host OS. I highly recommend VirtualBox as your first hypervisor.

I run Linux (Xubuntu) inside the VM, and use this for general browsing, as Windows is just too vulnerable.

In the future, I want to play with either VMWare or a Linux base OS with KVM or Xen as the hypervisor.
My System SpecsSystem Spec
02 Dec 2015   #3
wasnotwas

W10 Pro x64, W7 Pro x64 in VMware
 
 

Would a virus written for Windows be detected in a Linux VM ? Would there be a suitable Linux app to open the suspicious Windows files ?

Browsing in a Linux VM might be secure, but the OP needs to test the files in a Windows VM. My preference is VMware Workstation, but the free VMware Player is quite adequate. The OP would, of course, need a separate Win licence for the VM.

VMware Player is at the end of this page
My System SpecsSystem Spec
.

02 Dec 2015   #4
up2trix

Windows 7 Pro
 
 

Quote   Quote: Originally Posted by wasnotwas View Post
Would a virus written for Windows be detected in a Linux VM ?
"be detected" is ambiguous.

If you mean would a Windows specific ("written for Windows") virus infect Linux, the answer is almost surely no, since by definition such a security hole should be very target specific. That said, not all malware is operating system dependent (e.g. Flash, Java, etc sometimes offer cross platform vulnerabilities).

If you mean could a Linux program, say a malware scanner, somehow detect the presence of Windows malware in a file, then of course it could, if it was written to do that. It looks like ClamAV does precisely this.


Quote   Quote: Originally Posted by wasnotwas View Post
Would there be a suitable Linux app to open the suspicious Windows files?
Besides a malware scanner like ClamAV, you could always try to open, say, a word processing doc in something like Libre Office on Linux. The malware probably would not infect Linux, but it might crash your viewing app.


Quote   Quote: Originally Posted by wasnotwas View Post
Browsing in a Linux VM might be secure, but the OP needs to test the files in a Windows VM.
Maybe, maybe not--see above.

One awesome thing that you can do with virtual machines is that you can either clone them or reset them to an initial state, so that even if your VM is infected, you either discard that copy or reset it to remove it. (Beware: cloning Windows VM's is sometimes tricky due to licensing.)

By the way, instead of (or in addition to) virtualization, you should always be scanning all untrusted files with something like Malwarebytes anyways. I do that all the time with files that I download.
My System SpecsSystem Spec
03 Dec 2015   #5
wasnotwas

W10 Pro x64, W7 Pro x64 in VMware
 
 

Quote   Quote: Originally Posted by up2trix View Post
By the way, instead of (or in addition to) virtualization, you should always be scanning all untrusted files with something like Malwarebytes anyways. I do that all the time with files that I download.
I concur. R click - scan with your usual A/V and R click - scan with Malwarebytes is all I do with downloaded files, although MBAM context menu is not always on by default (it's in the settings). There's also VirusTotal, where you can upload files upto 128MB to be tested by about 50 different scan engines.

https://www.virustotal.com/
My System SpecsSystem Spec
03 Dec 2015   #6
up2trix

Windows 7 Pro
 
 

Quote   Quote: Originally Posted by wasnotwas View Post
Quote   Quote: Originally Posted by up2trix View Post
By the way, instead of (or in addition to) virtualization, you should always be scanning all untrusted files with something like Malwarebytes anyways. I do that all the time with files that I download.
I concur. R click - scan with your usual A/V and R click - scan with Malwarebytes is all I do with downloaded files
Agreed. I use AVG paid version as my main malware defense, and then for downloaded files I additionally scan them with Malwarebytes free.


[QUOTE=wasnotwas;3185327]
Quote   Quote: Originally Posted by up2trix View Post
There's also VirusTotal, where you can upload files upto 128MB to be tested by about 50 different scan engines.

https://www.virustotal.com/
Thanks, I did not know about that. Great idea for a website. Looks like they use all the major malware detection engines. Only major defect is that they have max fie size limits (<= 32 MiB if you use their convenient Windows right clickable app, <= 128 MiB if you manually upload via their website). This is actually a killer for me, since I need to scan file sharing downloads, such as TV shows.
My System SpecsSystem Spec
Reply

 Securely Open Uncertain Files in Virtual Box




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Uncertain About Best Way to Activate
I started my upgrade from XP/Pro to Win7/Pro by purchasing a copy of Microsoft Windows 7 Professional Upgrade SKU 882224883443. Then I searched, posted, and read a lot and concluded that my life would be simpler if I downloaded a comparable ISO from DigitalRiver. I found a link with a list ...
Installation & Setup
Using virtual machine to open suspicious PDF files.
How safe is it to open an infected file on a virtual machine? Is there no chance that the computer hosting the VM will get infected? What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB...
Virtualization
Virtual Files / Virtual File representation
Don't know which is the appropriate place to post this so I try in in General. Here's the deal... I am looking for a solution that allows me to create virtual representations of files in a designated folder on my HD that allow me to open the file as if it was right in the folder. Example:...
General Discussion
Can I retrieve files on virtual machine even if cannot start Virtual
I installed Windows XP mode on my PC 14 months ago. Everything was working fine . One dayabout 6 months ago, I could not start my virtual machine. I stupidly reinstalled XP mode. Result I lost all my files of the programs running in XP (autosketch). My installation allowed me to reinstall...
Virtualization
uncertain about re-install
Okay so I need to reinstall my Windows 7 Ultimate x64 bit after having issues wityh windows update and SP1. So here is my problem: I have a 500GB hdd partitioned as follows: Basicly I have: Windows 100MB emergency partition Windows 7 "C" drive 425GB
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App