Using virtual machine to open suspicious PDF files.

B

bishop101

New member
Member
VIP
Local time
9:42 PM
Messages
110
Location
North
How safe is it to open an infected file on a virtual machine? Is there no chance that the computer hosting the VM will get infected?

What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB stick to the computer that is hosting the Virtual Machine?

thanks
 

My Computer My Computer

OS
Windows 7 Professional x64
CPU
AMD Phenom™ 9500 Quad-Core Processor
Motherboard
MCP61PM-HM (Nettle3)
Memory
8 GB DDR2 OCZ
Graphics Card(s)
Power Color 5750
Monitor(s) Displays
HP w2207h
Hard Drives
2x Seagate ST336032 0AS SCSI 326 GB,
WD Caviar Black 600 GB,
WD Caviar Black 1 TB
PSU
Corsair TX 650w
Case
Cooler Master 690 Advanced
bishop101 said:
How safe is it to open an infected file on a virtual machine?...
Click to expand...
It depends on how the VM is setup, flaws in the VM software, the type of infection and the person operating the host and VM.


bishop101 said:
...Is there no chance that the computer hosting the VM will get infected?...
Click to expand...
There is always a chance of infection. All you can do is lessen the chance to an acceptable level.


bishop101 said:
...What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB stick to the computer that is hosting the Virtual Machine?...
Click to expand...
It depends on how the VM is setup, flaws in the VM software, the type of infection and the person operating the host and VM. You can tell the VM to not use USB connections from the host... but, if the VM software is flawed, it might use the USB anyway under certain conditions.


Other considerations for using a VM to work with suspicious files:
The VM should be frozen (it should not save any changes made to it).
The VM should not have any connections to the host OS...
...no mapped drive letters or UNC connection
...no USB, CD, DVD...
...no drag/drop for moving files between VM and host.
The VM should be on its own isolated network*...
...or disconnected** from all networks before opening the file(s) in question.

*Preferably using a network interface that is connected to a different ISP than the host - since some ISPs treat all connections coming out of one neighborhood as one network.

**If disconnecting from all networks, the VM should exit (revert to pristine) before network connections are enabled again.

The caveat to the info above is: I am not a security expert.
 

My Computer My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
You must log in or register to reply here.

Similar threads

Lost ability to Remote Desktop into Win7 machine, 0x519 error
Replies
2
Views
3K
ebo
E
Solved USB 3 on virtual machine.
Replies
6
Views
4K
townsbg
townsbg
Unable to install USB 3.0 drivers
Replies
12
Views
8K
townsbg
townsbg
Can I run Windows on a virtual machine?
Replies
5
Views
1K
Bree
Bree
Using HyperV to boot Win7 VM on Windows 10
Replies
4
Views
2K
SparkyNZ
S
Back
Top