Does virtual mode protect against ALL viruses/malware?

Discussion in 'Returnil releases' started by Uli9000, Oct 8, 2009.

Thread Status:
Not open for further replies.
  1. Uli9000

    Uli9000 Registered Member

    Joined:
    Sep 29, 2009
    Posts:
    85
    Location:
    Edinburgh
    Hi

    I've been using RVS2010 assuming that, because virtual mode dumps ALL changes at reboot, that ANY virus/malware are dumped too (assuming none have got onto the virtual hardisk). So the protection would be, theoretically at least, complete. Is this correct?

    I only ask because I read somewhere here that some could get through, hence the virus protection.

    Thanks

    Uli
     
  2. developers

    developers Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    62
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    If there are no vulnerabilities in the VM software (i.e. vmware player or virtualbox) then theoretically everything is contained and does not touch your actual computer. We cant know for sure if there are or aren't any vulnerabilities so there is no definite answer.

    Having said all that however, malware writers are not really bothering to write malware designed to jump out of virtual machines.
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi All,
    Apologies for the delay in getting back to you on this.

    LUA is a good idea as it removes admin privileges which these programs require in most cases. It does not however stop all malware from getting those permissions (social engineering being one good example - click that link in the e-mail and then give an allow in LUA...). There are also programs/hacks that can make changes to hardware (Bluepill - yes an oldie, but you get the idea) or the BIOS which is not virtualized in software solutions like RVS.

    The good thing however is that there are a limited number of families that can do this so can be effectively fought using targeted AE and AM techniques. As this will not be true forever, we are working to include more powerful AI/machine learning techniques in a future version of RVS that can also provide distributed immunity whenever these malicious components are encountered.

    Mike
     
  5. Uli9000

    Uli9000 Registered Member

    Joined:
    Sep 29, 2009
    Posts:
    85
    Location:
    Edinburgh
    Thanks mike. I think I understand.

    Uli
     
Thread Status:
Not open for further replies.