Can we rely on virtualization software?

I'm just a lurker trying to learn something about computer security from the pro's here . However the security through obscurity for linux is a myth and talked about here

https://wiki.ubuntu.com/BasicSecurity

Linux servers are very common fwir and a major target for hackers.

 

Yeah I've had that conversation before. Protecting a server and protecting a user are entirely different games.

Even if Linux is the most popular server OS that has very little bearing on the user population.

Threats to servers are not the same threats to users. Very often there are huge differences in configurations, use patterns (servers usually just sit there, you don't browser on them or download games), and even which distro is being used, which in and of itself is a form of obscurity.

This is from that article and it's entirely correct.

The fact is that while hackers are absolutely looking at the linux kernel they're not so interested in Ubuntu, which isn't used as a server distro often nor is it nearly as popular as Windows.

 

Q. Can we rely on Virtualization Software?
A. Yes, we can!

Since 2007, I've used:
-Virtualization (Sandboxing),
-Boot-to-Restore or Instant System Recovery,
and
-Imaging Apps.

Scanners Only on-Demand...
No Infection found!

 

I wonder if he tested all the malware plus keyloggers? SBIE is suppose to be vulnerable to keyloggers according to Tzuk, that's why there should be no keylogger testing against Sandboxie, the question is will and does the SBIE configuration help against keyloggers?

 

Big thank you, I promise I won't bother you or anyone else after this description.
I saw an old WildersSecurity thread (of 2010.) where Sandboxie failed to protect:
https://www.wilderssecurity.com/showthread.php?t=269880

I realized multi-layered security is the key here. This is why I will have full package of Online Armor with Sandboxie, just in case.
I only hope I wasn't too harsh and too difficult for you and other posters here.
My honest apology if I was.

 

Well, I bet the poster did not configure in Sandboxie so that malware can't start/run and access the Internet.
That's pretty much always the case.

 

Thats not the default config and it only works for sandboxes that already have a program in them.

 

What I mean is that if you're using start/run restrictions it's going to be on, say a Firefox sandbox. You wouldn't use it for some random program you just downloaded because it wouldn't run.

 

One thing you need to keep in mind is that virtualization software does not keep you from getting infected. You can still get infected just as easily as if it were not installed at all. The only thing is if your using light virtualization like Shadow Defender, Returnil Virtual System, or Deep Freeze then you will be restored back to a clean state each time you reboot. If your using VmWare then you will be restored to a clean state each time you roll back to one of your clean snapshots. So all data on your machine while infected can be compromised until you reboot again or rollback to a clean snapshot. If you want to stay really light then use an AE (anti-executable) like Appguard or use SRP (software restriction policy) alone or together with the Virtual environment to accomplish a very light setup that is also very secure.

 

That depends on what you're calling an infection.

I can install malware to Sandboxie but it won't be able to patch files on my computer and it may not function at all. I wouldn't really call it successful infection in a lot of cases.

 

If it's something like VMWare, then I would keep that out of a daily use security setup, because it's definitely not light. I use VMWare mostly for testing software, usually legitimate, but sometimes suspicious as well. Yesterday, I checked out a link in an email in the vm that was offering a "free iPad" All I had to do was send them my personal information to receive it. I got on it right away

 

I wonder if VMs and Virtualization in general were more common what new types of malware we'd see. I know there are host-execution exploits in VMs that have been shown before. Or maybe malware would just work inside of the VM/ sandbox and send/recieve info within it.

 

I'd really like to test one of those if I can ever get my hands on one

 

http://www.immunityinc.com/documentation/cloudburst-vista.html

 

Thank you for the link. Interesting to see that in action. VMWare at least patched it in 2009.

 

Appguard is pretty light. Some people have different definitions of light.

 

After i read all your post i have grown little more faith in virtual software but i still fill it is unable to protect your hd from malicious attack

 

Why do you feel that way, or are you just kidding? (because of the sarcasm emoticon).

 

Highly dependent on the type of virtual setup, the kind of attack that comes from installed time bomb malware, the net, and physical access.

SourMilk out

 

Can you please provide sources for these Experts and their comments?

Cheers.

 

Perfect security means perfect code and perfect policy. We don't have the technology for perfect code - trying to understand the implications of every line of your code is impossible, trying to understand when there are millions of lines of code is really impossible.

Perfect policy relies on the understanding that you know every way in which you can be attacked and therefor you can create rules to protect against those attacks. There are new hacking techniques coming out all of the time, it's impossible to predict everything.