Does Virtualization help make you safer from Internet Threats?

Discussion in 'sandboxing & virtualization' started by DesuMaiden, Mar 26, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Jan 25, 2013
    I've read that virtual machines can help my internet browsing much safer.

    My previous laptop got trojans from simply clicking on pictures of memes from google images. Plus I once got a trojan from browsing a random academic website for psychology when I was looking for resources for one of my school projects.

    I've gotten those nasty viruses on my previous windows vista laptop which completely ****ed up that laptop (thus rendering its life span to only a mere 3 years). Now that I have a new laptop which I've been using for the past 6 months, I want to make it as safe as possible while I browse the web.

    I don't even browse any questionable websites on the internet, but my previous nasty experiences from getting deadly viruses from browsing perfectly safe-for-work-content made me very paranoid. Thus I needed to find a full-proof way of protecting myself from viruses, hackers, and other threats on the internet.

    I've read that Virtual machines can make my computer safer from internet threats. Is that true? How can viruses/hackers penetrate virtual machines to mess up my host OS?

    Your help is greatly appreciated.
  2. WSFfan

    WSFfan Registered Member

    May 10, 2012
    The Earth
    Get Sandboxie paid version(lifetime license-very friendly license terms)or simply use its free version.Use Hitman Pro or Malwarebytes Anti-Malware or any antimalware program that you trust for scanning the downloaded files.

    Sandboxie guide:

    Please note that the following is simply a guide, and there are other viable variations to use at each step:

    1. Create as many separate sandboxes as is required for your internet facing applications. Try to have one separate sandbox per internet facing application.

    2. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. You may also need to allow other programs depending on whether the application interacts with other processes.

    3. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. “My Documents”).

    4. In each sandbox, configure Read-Only access to C:\WINDOWS

    5. In each sandbox, force the relevant application to always run in its sandbox

    6. Do not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)

    7. You will need at least 2 browsers. One browser will be used for everyday browsing and other non-critical/sensitive activity.

    8. The other browser will be used for online banking and other critical/sensitive activity.

    9. For the browser in step 8, configure its sandbox to automatically delete whenever the browser closes.

    10. Depending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.

    11. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. “My Documents”).

    12. Create separate sandboxes for each USB/external drive hardware you have connected (or would connect) to your computer. Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).

    13. Create separate sandbox(es) for your CD/DVD drive(s). Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).

    14. Create a separate sandbox for your Virtual Machine program. Other configurations/restrictions may be applied here (see above).

    15. Create a separate sandbox for opening newly introduced files (with a
    sandboxed explorer.exe) on your REAL system. For easy access, you will also need to create a shortcut to this sandbox and place this shortcut appropriately. Configure this sandbox to automatically delete on closing. Please click -"here- for more information about this step.

    16. This step is only necessary if you're using SRP to block cmd.exe (see above):
    Make a copy of cmd.exe and rename it (eg. cmd1234.exe). Change the Sandboxie Delete Command accordingly in each sandbox to:
    %SystemRoot%\System32\cmd1234.exe /c RMDIR /s /q "%SANDBOX%"

    Credits to ssj100.Source link is -"here-
    Last edited by a moderator: Mar 26, 2013
  3. luciddream

    luciddream Registered Member

    Mar 22, 2007
    I made similar comments about Shadow Defender awhile back... it will protect your host OS from changes. Potentially bad changes caused by malware. Or any traces left behind, you feel good knowing after a reboot anything that took place during that session is wiped clean... as if it never was, without ever touching your host OS. I know I feel much better now running OpenVPN through VirtualBox.

    But while your host OS may remain pristine after every reboot, which gives great peace of mind, any info. during that session could be leaked out to God knows where. And that is why IMO having things like SBIE & HIPS is vital, along with a strong SRP, and maybe use a separate account (LUA) to do sensitive things like online banking.

    I now don't have much of a need for Shadow Defender that I'm running VirtualBox, but still see plenty of value in Sandboxie, and definitely in my HIPS.
  4. m00nbl00d

    m00nbl00d Registered Member

    Jan 4, 2009
    I never understood the tactic behind renaming things like cmd.exe. If the attacker really wants to attack you using cmd.exe couldn't he/she just spend maybe only a few seconds looking for the hash that corresponds to the process in question?

    It only creates a false sense of security, IMHO. Don't bother with it. Either fully block it or don't. If you need similar functionality, use an alternative to the command line tool, that will allow you to perform the same action(s). Then, simply block cmd.exe.
  5. Sully

    Sully Registered Member

    Dec 23, 2005
    If it were me, I would first use an imaging tool of some sort and create my own method of always storing my data to keep so that restoration is quick and painless. Thats actually what I do, so if I were to ever get a nasty, I would restore my image and inside of 10 minutes be back to normal.

    To mitigate the threats from ever coming to fruition, I think a virtual machine is a bit overkill. I would use one if I was doing specific things, but for general browsing I would use shadow defender or sandboxie. Even LUA/SRP/Applocker could go a long way in helping. Other tools might include a hips of some sort, or geswall. There are also quite a few tweaks you can put in place which restrict things a bit. Kees1958 has quite a few he uses with success.

    If its the browser that introduces you to problems, I think you can find a solution without resorting to a virtual OS. If its what you download that gives you issues, you have problems of a different sort that require a bit different solution IMO.


    edit: I assume you do mean virtual machines, like vmWare or virtual box, etc.
Thread Status:
Not open for further replies.