Virtualbox - Win 7 Pro Guest - Infection Question

Discussion in 'sandboxing & virtualization' started by siriusly, Jul 1, 2014.

Thread Status:
Not open for further replies.
  1. siriusly

    siriusly Registered Member

    Joined:
    May 26, 2014
    Posts:
    19
    I am thinking of setting up my golden master of a win 7 pro guest that I will use clones of for general internet use and I am wondering if there are issues to consider when it comes to infection.

    How dangerous would it be for the Host OS to have mapped network drives?

    Would it better to have specific folders mapped that could be scanned afterwards or often by the Host OS to be sure that nothing has been transferred across in daily use?

    What are the pitfalls of using a Win 7 Pro Guest in this way?

    Thanks
    S
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Are you referring to VirtualBox's Shared Folders feature? I use this feature to share files from the host with the guest. The guest could potentially alter the shared files.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I'd treat the virtual box in the same way as a real one - do you want an infected machine in your (semi)-trusted local network? Is the risk higher or lower than other real machines you currently have? If you think about it, an machine that has been compromised can be used as an attack platform to reach other machines on your local network. And could certainly read/exfiltrate/cryptolock anything in your shares, depending on permissions. Any other VM attached peripherals (e.g. webcams) could also be attacked/used.

    One of the issues of virtual machines is people's attitude (sometimes casual) to their security, and it's normally harder to keep them fully patched before use, especially if they've been sitting there idle for long periods.

    There is a difference between using the shared folders feature and Windows fie sharing, simplistic Windows file sharing will require a bridged network connection. NAT networking could potentially provide higher levels of isolation but search for: "Tutorial for safer VirtualBox networking" on this site to understand the issues involved.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. siriusly

    siriusly Registered Member

    Joined:
    May 26, 2014
    Posts:
    19
    Thanks guys for the answers. I opted for running any browser work with Sandboxie and firewalling the units as well. If I want to get files off of them I will scan those files for virii before moving. Cheers!
     
Loading...
Thread Status:
Not open for further replies.