Enlighten me on virtualisation please

Discussion in 'sandboxing & virtualization' started by Flexigav, Sep 7, 2012.

Thread Status:
Not open for further replies.
  1. Flexigav

    Flexigav Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    57
    Location:
    Australia
    Do virtual volumes exist on spare HDD space, or in available RAM, or is it dependant on the virtual management software being used?

    Do programs like Deep Freeze virtualise only one volume or partition, namely the one holding the OS, or can they virtualise several volumes together?

    Can a rootkit break over from a virtual OS volume to the MBR that I assume is not included in the virtual volume?
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It depends on the program. Sandboxie for example makesquite a lot sense now that i've analyzed it a bit (how it works).

    Basic idea behind it is that it isolates the program from the actual system and also lowers access rights inside the sandbox. Meaning not only isolates the program, it also prevents anything inside sandbox from gaining access even to stuff inside of it.

    So, if you sandbox a browser, you're isolating it, preventing malware from passing through the browser onto your actual system, but also lowers the chance of malware inside the sandbox affecting the browser itself via for example kernel level keylogger that would otherwise still log keys inside sandbox and potentially send them to a remote server. Sandboxie prevents this by blocking certain system level functions and also lowers access rights.
    Most programs like browser will still function without any problems but malware will have pretty hard time doing anything in there.

    And best of all, Sandboxie virtualized folders are still getting scanned by antiviruses on-access. In case of avast! for example, anything that is going on inside the Sandboxie is also still monitored by File System Shield (real-time scanner), Web Shield (HTTP scanning) and Network Shield (URL scanning).
    This way you basically get sort of behavior analysis inside virtual environment.

    As for the virtualization itself, in case of Sandboxie, it is done on a program level and not partition. It can virtualize anything from any partition, but it depends on the program. If it's sandboxed, it will virtualize all its functions. If it's not, it won't. Sandboxie creates a dedicated protected folder on a root drive where it then operates for all other physical partitions. If you open it up you'll see different drives inside, usually C: and D: .
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424

    Theoretically yes, but I don't think it's ever happened. The girl who made the Evil Maid attack has done research into it though I forget the name of her blog o_O

    Just make sure you use NAT in the VM options and you should be fine. That will protect you from network worms. Also make a clean snapshot that you can revert to.
     
  4. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Don't get yourself limited to Sandboxie. Another favorite out here is DeepFreeze (DF) and it actaully virtualizes entire partition. There are other programs that work in the file system such as Rollback Rx but they are less secure. Personally I go for DF, I like that fact that whatever you do on your computer will not be saved and you get brand new system after reboot.
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Depends on what you want. Virtualizing entire partition to have more secure browser makes no sense. Or vice versa...
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, don't forget to check out the 2nd STICKY thread above :thumb:

    Also consider ShadowDefender as quite a number of us on here use it, including me, & i & others Highly recommend it :thumb:
     
  7. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Why would you ask in the first place ?
    There is a wealth of information on wilders so read before you write.
     
  8. Flexigav

    Flexigav Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    57
    Location:
    Australia
    There is the quick way to get answers, also the fun way and there is the slow and tedious way jumping all over the forum :)
     
Thread Status:
Not open for further replies.