linux machine running vm windows for testing malware

Discussion in 'sandboxing & virtualization' started by cgeek, May 18, 2010.

Thread Status:
Not open for further replies.
  1. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    I'm going to be taking some IT classes in the fall and would like to get a head start on learning how to identify and remove malware. I read an article on Raymond's blog about crypters that are circumventing all virtualization programs. So it got me thinking. Is it safer running a windows vm within linux for malware testing and removal?

    Also is it possible for a piece of malware to jump a partition? I'm planning on running on a dual boot system. Linux for testing and Windows for gaming etc....
    Just wanna be safe! ;)

    TIA
    cgeek
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    When you see references such as "anti-Sandboxie," that doesn't refer to the circumvention of Sandboxie, but rather the detection of Sandboxie, which would then give malware running within Sandboxie the opportunity to change its behavior - such as promptly terminating itself.

    As for safety, you can run your virtualization program under a limited Windows user account. For additional peace of mind, you could use a program such as Returnil. As you mentioned, using Linux as the host operating system is another possibility.

    It is possible for malware to escape a virtual machine due to vulnerabilities in the virtual machine software itself, as well as using network-based attacks if your virtual machines are networked. It's best to keep your virtual machine software reasonably up to date.

    Further reading:
    http://searchsecurity.techtarget.com.au/articles/35441-Attacks-on-virtual-machines-get-real
    http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1247329,00.html (older article)
     
  3. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Thank you very much for the info! ;)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.