Can we rely on virtualization software?

Discussion in 'sandboxing & virtualization' started by COMPYPY, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. jedispork

    jedispork Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    16
    I'm just a lurker trying to learn something about computer security from the pro's here :D. However the security through obscurity for linux is a myth and talked about here

    https://wiki.ubuntu.com/BasicSecurity

    Linux servers are very common fwir and a major target for hackers.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah I've had that conversation before. Protecting a server and protecting a user are entirely different games.

    Even if Linux is the most popular server OS that has very little bearing on the user population.

    Threats to servers are not the same threats to users. Very often there are huge differences in configurations, use patterns (servers usually just sit there, you don't browser on them or download games), and even which distro is being used, which in and of itself is a form of obscurity.

    This is from that article and it's entirely correct.

    The fact is that while hackers are absolutely looking at the linux kernel they're not so interested in Ubuntu, which isn't used as a server distro often nor is it nearly as popular as Windows.
     
    Last edited: Nov 27, 2011
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Q. Can we rely on Virtualization Software?
    A. Yes, we can!

    Since 2007, I've used:
    -Virtualization (Sandboxing),
    -Boot-to-Restore or Instant System Recovery,
    and
    -Imaging Apps.

    Scanners Only on-Demand...;)
    No Infection found! :thumb:
     
  4. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I wonder if he tested all the malware plus keyloggers? SBIE is suppose to be vulnerable to keyloggers according to Tzuk, that's why there should be no keylogger testing against Sandboxie, the question is will and does the SBIE configuration help against keyloggers?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    First of all it depends on what you mean against help. Is SBIE an anti keylogger? Nope! Is it an anti-virus? Nope!

    Will it protect your system. YES!! (If used wisely) But first it is necessary to understand how Sandboxie works. Best thing I can share is an example,

    I was testing a nasty virus and wanted to test it against SBIE. First I ran it and want to see what happened.(Done in virtual machine) When I ran the virus it took over the screen, wouldn't let me do anything. I had to do a power reset, and once the system rebooted, the virus owned the computer. It would have been a messy clean up.

    Then I ran the virus under SBIE. Virus behaved the same way. SBIE naturally doesn't stop it. I still had to reboot to regain control. But here is the huge difference. THE SYSTEM WAS MINE. It was clean, not infected, and deleting the sandbox removed everything. That is the SBIE difference.

    So SBIE and keyloggers. If some website, or an email, foists a keylogger on me, and will automatically run, it will try and run in the sandbox. More than likely it can't run, and also can't access the internet, due to my Sandbox configuration. On the other hand if some thing is downloaded, and I remove it from the sandbox, and run it, all bets are off.

    While I totally trust sandboxie, and it's my first line of defense, I also go for the layering approach and back it with Appguard, and Online Armor.

    Finally a thought about keyloggers. It is my opinion, that this whole area is totally over hyped. Certainly software sellers find that useful. I have keylogger protection in OA and I turned it off. To annoying, and consider, as I type this, my keystrokes are being recorded by both my computer and this site. Do I really need software to tell me this. Also consider this. You can totally lock down your computer. 100% clean, anti everything software, and at the end of the day you are only 50% protected. Why?

    Because if the site you go to has been hacked and they have a keylogger on the site, it's bye bye, game over.

    Bottom line, use your head, stay within your knowledge boundary's and be alert.

    Pete
     
  6. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Big thank you, I promise I won't bother you or anyone else after this description.
    I saw an old WildersSecurity thread (of 2010.) where Sandboxie failed to protect:
    https://www.wilderssecurity.com/showthread.php?t=269880

    I realized multi-layered security is the key here. This is why I will have full package of Online Armor with Sandboxie, just in case.
    I only hope I wasn't too harsh and too difficult for you and other posters here.
    My honest apology if I was.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If you have questions don't ever hesitate to ask. That's the only way to learn.

    PEte
     
  8. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Well, I bet the poster did not configure in Sandboxie so that malware can't start/run and access the Internet.
    That's pretty much always the case.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Thats not the default config and it only works for sandboxes that already have a program in them.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Could you explain what you mean?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What I mean is that if you're using start/run restrictions it's going to be on, say a Firefox sandbox. You wouldn't use it for some random program you just downloaded because it wouldn't run.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    One thing you need to keep in mind is that virtualization software does not keep you from getting infected. You can still get infected just as easily as if it were not installed at all. The only thing is if your using light virtualization like Shadow Defender, Returnil Virtual System, or Deep Freeze then you will be restored back to a clean state each time you reboot. If your using VmWare then you will be restored to a clean state each time you roll back to one of your clean snapshots. So all data on your machine while infected can be compromised until you reboot again or rollback to a clean snapshot. If you want to stay really light then use an AE (anti-executable) like Appguard or use SRP (software restriction policy) alone or together with the Virtual environment to accomplish a very light setup that is also very secure.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That depends on what you're calling an infection.

    I can install malware to Sandboxie but it won't be able to patch files on my computer and it may not function at all. I wouldn't really call it successful infection in a lot of cases.
     
  14. wat0114

    wat0114 Guest

    If it's something like VMWare, then I would keep that out of a daily use security setup, because it's definitely not light. I use VMWare mostly for testing software, usually legitimate, but sometimes suspicious as well. Yesterday, I checked out a link in an email in the vm that was offering a "free iPad" All I had to do was send them my personal information to receive it. I got on it right away :rolleyes: :D
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I wonder if VMs and Virtualization in general were more common what new types of malware we'd see. I know there are host-execution exploits in VMs that have been shown before. Or maybe malware would just work inside of the VM/ sandbox and send/recieve info within it.
     
  16. wat0114

    wat0114 Guest

    I'd really like to test one of those if I can ever get my hands on one :)
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  18. wat0114

    wat0114 Guest

    Thank you for the link. Interesting to see that in action. VMWare at least patched it in 2009.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Appguard is pretty light. Some people have different definitions of light.
     
  20. COMPYPY

    COMPYPY Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    80
    After i read all your post i have grown little more faith in virtual software but i still fill it is unable to protect your hd from malicious attack:rolleyes:
     
  21. wat0114

    wat0114 Guest

    Why do you feel that way, or are you just kidding? (because of the sarcasm emoticon).
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    What kind of attack?
     
  23. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Highly dependent on the type of virtual setup, the kind of attack that comes from installed time bomb malware, the net, and physical access.

    SourMilk out
     
  24. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Can you please provide sources for these Experts and their comments?

    Cheers.
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Perfect security means perfect code and perfect policy. We don't have the technology for perfect code - trying to understand the implications of every line of your code is impossible, trying to understand when there are millions of lines of code is really impossible.

    Perfect policy relies on the understanding that you know every way in which you can be attacked and therefor you can create rules to protect against those attacks. There are new hacking techniques coming out all of the time, it's impossible to predict everything.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.