linux machine running vm windows for testing malware

Discussion in 'sandboxing & virtualization' started by cgeek, May 18, 2010.

Thread Status:
Not open for further replies.
  1. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    I'm going to be taking some IT classes in the fall and would like to get a head start on learning how to identify and remove malware. I read an article on Raymond's blog about crypters that are circumventing all virtualization programs. So it got me thinking. Is it safer running a windows vm within linux for malware testing and removal?

    Also is it possible for a piece of malware to jump a partition? I'm planning on running on a dual boot system. Linux for testing and Windows for gaming etc....
    Just wanna be safe! ;)

    TIA
    cgeek
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    When you see references such as "anti-Sandboxie," that doesn't refer to the circumvention of Sandboxie, but rather the detection of Sandboxie, which would then give malware running within Sandboxie the opportunity to change its behavior - such as promptly terminating itself.

    As for safety, you can run your virtualization program under a limited Windows user account. For additional peace of mind, you could use a program such as Returnil. As you mentioned, using Linux as the host operating system is another possibility.

    It is possible for malware to escape a virtual machine due to vulnerabilities in the virtual machine software itself, as well as using network-based attacks if your virtual machines are networked. It's best to keep your virtual machine software reasonably up to date.

    Further reading:
    http://searchsecurity.techtarget.com.au/articles/35441-Attacks-on-virtual-machines-get-real
    http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1247329,00.html (older article)
     
  3. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Thank you very much for the info! ;)
     
Loading...
Thread Status:
Not open for further replies.