«

In my office we are considering using virtual PC software for security
reasons. It is seems to us that by using a virtual PC for web browsing we
can protect the host system from malware and virus.

Is this assumption correct?

David

--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB

wrote:

> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web browsing we
> can protect the host system from malware and virus.
>
> Is this assumption correct?

As for the statement alone, this is not correct. Normally you use various
file sharing methods to transfers files from inside the VM to the outside,
whereas they may be executed. VMware with it's drap-and-drop functionality
offers a certain method of IPC.

At any rate, with proper configuration, it shouldn't be possible to exploit
such ways non-interactively.

On the other hand, this entire concept seems to be a big overkill. And why
should especially web browsing be a big security problem?

wrote in
news:20061205115935.230$:

> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web
> browsing we can protect the host system from malware and virus.
>
> Is this assumption correct?
>
> David
>


While not completely bombproof (nothing is!) it is an excellent solution.
Be aware that there already is an excellent "packaged" version of this "net
appliance" approach (augmented with Tor, etc.): Janus VM.

http://janusvm.peertech.org/

Regards,

What is your opinion about Parallels virtual software?

David Macias


(Todd H.) wrote:
>
> By and large yes. There is talk of some malware that can break
> outside of virtualized jails, but I don't believe it's come to
> fruition yet, at least not publicly.
>
> But VMWare Workstation is a much better product choice than Virtual
> PC, by all accounts from those who have used both (including friends
> who are Microsoft employees who lament that they must use Virtual PC
> and not vmware).
>
> Best Regards,

--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB

writes:

> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web browsing we
> can protect the host system from malware and virus.
>
> Is this assumption correct?

By and large yes. There is talk of some malware that can break
outside of virtualized jails, but I don't believe it's come to
fruition yet, at least not publicly.

But VMWare Workstation is a much better product choice than Virtual
PC, by all accounts from those who have used both (including friends
who are Microsoft employees who lament that they must use Virtual PC
and not vmware).

Best Regards,
--
Todd H.
http://www.toddh.net/

Todd H. wrote:

> writes:
>
>> In my office we are considering using virtual PC software for security
>> reasons. It is seems to us that by using a virtual PC for web browsing we
>> can protect the host system from malware and virus.
>>
>> Is this assumption correct?
>
> By and large yes. There is talk of some malware that can break
> outside of virtualized jails, but I don't believe it's come to
> fruition yet, at least not publicly.

Breaking out of various "jails" is pretty trivial, due to numerous lacks of
safe programming (like dropping rights, file descriptors and various other
resources on startup) as well as various methods of IPC. Jails are supposed
to limit attacking surface and protect against random errors.

If by "jails" you refer to various secure VMs like Java or various complete
PC emulators, I'd like like to see any method to breaking out of these
isolations. At least for VMware (and of course Java) such secure isolation
is a major design goal and therefore well-implemented.

The most common breakout method is user stupidity. "Oh, it seems to behaved
well inside the VM, so I decided to run the code outside it" is an often
heared result of misconception, since it's almost always (and in real life
always) trivial for malware to detect that it's running inside a VM and
behave accordingly.

wrote:

> What is your opinion about Parallels virtual software?

Parallels is a software API jail, not a VM. It's almost trivial to
circumvent intentionally.

"Sebastian Gottschalk" <> wrote in message
news:...
> wrote:
>
>> In my office we are considering using virtual PC software for security
>> reasons. It is seems to us that by using a virtual PC for web browsing
>> we
>> can protect the host system from malware and virus.
>>
>> Is this assumption correct?
>
> As for the statement alone, this is not correct. Normally you use various
> file sharing methods to transfers files from inside the VM to the outside,
> whereas they may be executed. VMware with it's drap-and-drop functionality
> offers a certain method of IPC.

Ignore this fool. Yes - VPC using ICS is fine - a good sandbox for malware.
Simply 'close' and discard changes.

> At any rate, with proper configuration, it shouldn't be possible to
> exploit
> such ways non-interactively.

Dur. All PC's require interaction - unless you consider 'powered off' as a
valid state.


> On the other hand, this entire concept seems to be a big overkill. And why
> should especially web browsing be a big security problem?

I see? You hide behind a mask of stupidity....

Carry on.....

Todd H. wrote:

> There was talk about breaking out of VMWare virtual machines at defcon
> a couple years ago, IIRC. I don't recall the details, but it is
> something people are working on obviously.

AFAIRC they're talking about how to control a VM through some undocumented
functions. Basically they reverse-engineered the VMware Tools to see how
the communication with the VMware instance is accomblished, and just found
that you really can't do anything special beside the obvious (like moving
the mouse curser inside the guest OS).

writes:

> What is your opinion about Parallels virtual software?
>
> David Macias

Hi David,

I'm not familiar with it at all.

--
Todd H.
http://www.toddh.net/