Securing VirtualBox

I'm unsure about how secure VirtualBox is and what I can do to stop myself from inadvertently allowing problems from virtual OS from attacking my actual OS.

I also don't understand how virtual VirtualBox is, rather than being like Shadow Defender or Sandboxie, it seems to me more like an application to run an OS within an OS rather offering secure virtualisation. As this post indicates, I'm somewhat confused on the matter, any help would be much appreciated.

 

Of what I understood the only way for malware to escape from the virtual machine is to use a virtualbox exploit (very rare, check secunia website) or a network exploit. The files you leave in the folder you share with virtualbox could also get infected. So as long as your host os and virtualbox are updated you should be okay.

 

First make sure you check NAT when using VB. Second disable any shared folders, including USB. Third remember to revert to a clean snapshot every time you start VB, or delete the VB image and start over again.

I think that is enough to keep you safe. Exploits against VB are very few, it doesn't stop a APT or targeted attack which would/will compromise any machine so with that in mind tread carefully and always be on the lookout for strange occurrences.

 

As stated,malware "crossing over" onto a "real" system from a VM is extremely unlikely;even more so if your Processor supports virtualization.

Apart from anything else there's relatively little financial incentive to create such malware,(far richer pickings creating standard exploits for a lot less effort).

If you have the host system locked down with a good security policy,for example a HIPS monitoring VB,the risk is almost zero imo.

 

Probably depends on what you want to use Vitualbox for.

If for testing stuff – go with ComputerSaysNo suggestion and lock it down tight as a fishes bum!

If for installing other OS – distros – go with andyman35 suggestions

Cheers!

 

Thanks for the information everyone. Just one more thing, I don't have Java installed on my main OS, Windows 7, would Java then be installed on Linux in VB? If so can this cause the problems that everyone has been warned about?

 

I use Virtualbox to run an XP VM inside Windows 7. Initially to install the OS you have to enable Virtualbox to capture the optical drive or USB, but you can turn that off afterward if you wish. You can also share folders to easily make installers available to the Guest OS (so you don't have to download them again, etc) and later remove the shared folders. Also note that security implemented on the Host doesn't protect the Guest VM. The Guest is completely separate and needs antivirus and anything else you normally consider necessary. Regarding performance it's likely that your processor supports virtualization, but it may not be turned on by default - boot into the BIOS and find/enable it. Enjoy!

 

No. Java is not installed. You don't need Java to run VirtualBox. The same company (ORACLE) makes VirtualBox and Java this is where you may be getting confused.

 

What I meant was that when I isntall Linux Mint into a virtual machine, Java is added to the guest OS by the installation process so that must mean that Java is alive and well in my VB even though I don't have it running in Windows. SO can the Java exploit effect my VB? This is what I'm confused about.

 

True indeed, it is even more likely that the malware will not work on a VM:
http://blog.malwarebytes.org/intelligence/2013/02/sandbox-sensitivity/

The point of the shared folders raised earlier is very valid though. I recommend making only one folder that is shared. Move your files back and forth on the host system rather then sharing more then one folder.

 

Yes in that is the case if it's added to Mint like you said then you would be at risk of infection.

But if you take regular snapshots you can always revert to one at each start up. This would render the malware useless and it would be deleted when you revert to the good snapshot.

If your under a targeted attack then anything is possible. Mind you.

 

Thanks for clarifying this point for me. As far as snapshots go, I've read on the Oracle forums that using them leads to instability and the potential to lose them all as they are chained together and one bad link in the chain is dangerous. If this is the case then I'd probably just use the one snapshot of a clean install with all the latest updates added. I'd always revert to this and maybe create a new snapshot after a month or so.


Just something else I wanted to ask anyone who can help, which are the versions of Linux best suited to Virtual Box? You see I've found Ubuntu to be quite difficult esp when you take it to full screen mode in that it doesn't fit the full screen whereas Mint looks and behaves really well. Are there any distros or OS that are just made for Virtual Box that I should try.

 

I have a question that Is somewhat similar. If I open the command prompt in my host(Windows 7) and type "netstat -a", a few entries with the local address of 192.168.56.1 (the address of the Virtualbox host adapter) and with the remote address of either my computer or "*:*" show up; even with Virtualbox closed. Can other computers see these open ports and is there anything that should be done to harden the network aspect of Virtualbox?

 

With regard to snapshots – you really only need to keep one! Eg, after you install a distro and have it setup to login stage – make a snapshot. After you make further changes to your distro – delete your first snapshot – then make another snapshot! Remember that snapshots take up space on your system – so don't keep too many.
Always make a snapshot after any major change to a distro! (Consider a snapshot similar to a Restore Point in Windows - not as an image backup)

What you need to consider with Virtualbox is whether you have the graphics capabilty to support 3D acceleration. Virtualbox is poor in this regard. As an example – I have a Notebook with a first gen Core i3 CPU – my graphics is only what is inbuilt into the CPU. I cannot run Cinnamon desktop in any Linux distro – too unstable.
I have both Ubuntu12.04 and 12.10 installed – but 12.04 has niggling stabilty issues and 12.10 is painfully slow – these distros need 3D acceleration to run properly.

Your best bet may be to use one of the Linux Mint distros. Even if you don't have 3D capability, you can still run any of these distros. All you need to consider here is which desktop to use. You shouldn't have any problems with say, Mate.
If you do have the graphics capability to support 3D – you should be able to run any distro.

Your mention of full screen problems is probably a GuestAdditions issue – eg, whether you have – or haven't installed it properly. (Did you switch to fullscreen mode on the 'View' tab?)
You really need to search Virtualbox forum – or do a search of the net on this aspect. There are far too many potential issues to easily discuss here.

Cheers!

 

Thanks for the info Krysis. I must admit, I am finding that Mint is great in VB but you're right I should probably do some more research to iron out any issues that I am experiencing. Working with an application tends to be the best way of understanding it.

 

Thanks for this link, so I guess the best security option is to have VirtualBox for both inbound/outbound protection?