Is it safe?

Discussion in 'Computer Security' started by dmacias666@LABridge.com, Dec 5, 2006.

  1. Guest

    In my office we are considering using virtual PC software for security
    reasons. It is seems to us that by using a virtual PC for web browsing we
    can protect the host system from malware and virus.

    Is this assumption correct?

    David

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
     
    , Dec 5, 2006
    #1
    1. Advertising

  2. wrote:

    > In my office we are considering using virtual PC software for security
    > reasons. It is seems to us that by using a virtual PC for web browsing we
    > can protect the host system from malware and virus.
    >
    > Is this assumption correct?


    As for the statement alone, this is not correct. Normally you use various
    file sharing methods to transfers files from inside the VM to the outside,
    whereas they may be executed. VMware with it's drap-and-drop functionality
    offers a certain method of IPC.

    At any rate, with proper configuration, it shouldn't be possible to exploit
    such ways non-interactively.

    On the other hand, this entire concept seems to be a big overkill. And why
    should especially web browsing be a big security problem?
     
    Sebastian Gottschalk, Dec 5, 2006
    #2
    1. Advertising

  3. nemo_outis Guest

    wrote in
    news:20061205115935.230$:

    > In my office we are considering using virtual PC software for security
    > reasons. It is seems to us that by using a virtual PC for web
    > browsing we can protect the host system from malware and virus.
    >
    > Is this assumption correct?
    >
    > David
    >



    While not completely bombproof (nothing is!) it is an excellent solution.
    Be aware that there already is an excellent "packaged" version of this "net
    appliance" approach (augmented with Tor, etc.): Janus VM.

    http://janusvm.peertech.org/

    Regards,
     
    nemo_outis, Dec 5, 2006
    #3
  4. Guest

    What is your opinion about Parallels virtual software?

    David Macias


    (Todd H.) wrote:
    >
    > By and large yes. There is talk of some malware that can break
    > outside of virtualized jails, but I don't believe it's come to
    > fruition yet, at least not publicly.
    >
    > But VMWare Workstation is a much better product choice than Virtual
    > PC, by all accounts from those who have used both (including friends
    > who are Microsoft employees who lament that they must use Virtual PC
    > and not vmware).
    >
    > Best Regards,


    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
     
    , Dec 5, 2006
    #4
  5. Todd H. Guest

    writes:

    > In my office we are considering using virtual PC software for security
    > reasons. It is seems to us that by using a virtual PC for web browsing we
    > can protect the host system from malware and virus.
    >
    > Is this assumption correct?


    By and large yes. There is talk of some malware that can break
    outside of virtualized jails, but I don't believe it's come to
    fruition yet, at least not publicly.

    But VMWare Workstation is a much better product choice than Virtual
    PC, by all accounts from those who have used both (including friends
    who are Microsoft employees who lament that they must use Virtual PC
    and not vmware).

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Dec 5, 2006
    #5
  6. Todd H. wrote:

    > writes:
    >
    >> In my office we are considering using virtual PC software for security
    >> reasons. It is seems to us that by using a virtual PC for web browsing we
    >> can protect the host system from malware and virus.
    >>
    >> Is this assumption correct?

    >
    > By and large yes. There is talk of some malware that can break
    > outside of virtualized jails, but I don't believe it's come to
    > fruition yet, at least not publicly.


    Breaking out of various "jails" is pretty trivial, due to numerous lacks of
    safe programming (like dropping rights, file descriptors and various other
    resources on startup) as well as various methods of IPC. Jails are supposed
    to limit attacking surface and protect against random errors.

    If by "jails" you refer to various secure VMs like Java or various complete
    PC emulators, I'd like like to see any method to breaking out of these
    isolations. At least for VMware (and of course Java) such secure isolation
    is a major design goal and therefore well-implemented.

    The most common breakout method is user stupidity. "Oh, it seems to behaved
    well inside the VM, so I decided to run the code outside it" is an often
    heared result of misconception, since it's almost always (and in real life
    always) trivial for malware to detect that it's running inside a VM and
    behave accordingly.
     
    Sebastian Gottschalk, Dec 5, 2006
    #6
  7. wrote:

    > What is your opinion about Parallels virtual software?


    Parallels is a software API jail, not a VM. It's almost trivial to
    circumvent intentionally.
     
    Sebastian Gottschalk, Dec 5, 2006
    #7
  8. erewhon Guest

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > wrote:
    >
    >> In my office we are considering using virtual PC software for security
    >> reasons. It is seems to us that by using a virtual PC for web browsing
    >> we
    >> can protect the host system from malware and virus.
    >>
    >> Is this assumption correct?

    >
    > As for the statement alone, this is not correct. Normally you use various
    > file sharing methods to transfers files from inside the VM to the outside,
    > whereas they may be executed. VMware with it's drap-and-drop functionality
    > offers a certain method of IPC.


    Ignore this fool. Yes - VPC using ICS is fine - a good sandbox for malware.
    Simply 'close' and discard changes.

    > At any rate, with proper configuration, it shouldn't be possible to
    > exploit
    > such ways non-interactively.


    Dur. All PC's require interaction - unless you consider 'powered off' as a
    valid state.


    > On the other hand, this entire concept seems to be a big overkill. And why
    > should especially web browsing be a big security problem?


    I see? You hide behind a mask of stupidity....

    Carry on.....
     
    erewhon, Dec 5, 2006
    #8
  9. Todd H. wrote:

    > There was talk about breaking out of VMWare virtual machines at defcon
    > a couple years ago, IIRC. I don't recall the details, but it is
    > something people are working on obviously.


    AFAIRC they're talking about how to control a VM through some undocumented
    functions. Basically they reverse-engineered the VMware Tools to see how
    the communication with the VMware instance is accomblished, and just found
    that you really can't do anything special beside the obvious (like moving
    the mouse curser inside the guest OS).
     
    Sebastian Gottschalk, Dec 5, 2006
    #9
  10. Todd H. Guest

    writes:

    > What is your opinion about Parallels virtual software?
    >
    > David Macias


    Hi David,

    I'm not familiar with it at all.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Dec 6, 2006
    #10
  11. Todd H. Guest

    Sebastian Gottschalk <> writes:

    > Todd H. wrote:
    >
    > > writes:
    > >
    > >> In my office we are considering using virtual PC software for security
    > >> reasons. It is seems to us that by using a virtual PC for web browsing we
    > >> can protect the host system from malware and virus.
    > >>
    > >> Is this assumption correct?

    > >
    > > By and large yes. There is talk of some malware that can break
    > > outside of virtualized jails, but I don't believe it's come to
    > > fruition yet, at least not publicly.

    >
    > Breaking out of various "jails" is pretty trivial, due to numerous lacks of
    > safe programming (like dropping rights, file descriptors and various other
    > resources on startup) as well as various methods of IPC. Jails are supposed
    > to limit attacking surface and protect against random errors.
    >
    > If by "jails" you refer to various secure VMs like Java or various complete
    > PC emulators, I'd like like to see any method to breaking out of these
    > isolations. At least for VMware (and of course Java) such secure isolation
    > is a major design goal and therefore well-implemented.
    >
    > The most common breakout method is user stupidity. "Oh, it seems to behaved
    > well inside the VM, so I decided to run the code outside it" is an often
    > heared result of misconception, since it's almost always (and in real life
    > always) trivial for malware to detect that it's running inside a VM and
    > behave accordingly.


    There was talk about breaking out of VMWare virtual machines at defcon
    a couple years ago, IIRC. I don't recall the details, but it is
    something people are working on obviously.

    However, to the best of my knowledge, there are no known exploits that
    allow a sploit to extend privilege beyond a vmware virtual machine.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Dec 6, 2006
    #11
  12. kurt wismer Guest

    wrote:
    > In my office we are considering using virtual PC software for security
    > reasons. It is seems to us that by using a virtual PC for web browsing we
    > can protect the host system from malware and virus.
    >
    > Is this assumption correct?


    yes and no...

    yes because the trivial stuff that comes in through your browser will
    almost certainly be prevented from getting into your physical machine
    (barring acts of stupidity)...

    no, because it won't stop malware and viruses that use a vector other
    than web browsing to get to you... no because you can still
    theoretically do something stupid and transfer malware from the vm to
    the physical machine and execute it... and no because the separation
    between the physical and virtual machines is not necessarily bulletproof...

    and one thing you may want to consider - just because your physical
    machine is protected (to a large extent) from being compromised, that
    doesn't mean that you are protected... specifically, if the vm is
    compromised by adware then you will see ads, if the vm is compromised by
    a spambot then you will spew spam, if the vm is compromised by a virus
    or worm then you will spew replicative malware, and (perhaps most
    importantly) if the vm is compromised by spyware then everything you do
    in that vm (every website password you enter, every bank account you
    access online, every credit card you make an online purchase with) will
    potentially be compromised...

    the vm may protect the physical machine but it won't protect you in and
    of itself, it will need to have host-base security software
    (anti-malware and/or whatever else you'd normally use to protect a
    desktop with) running on it (which will make it rather slow)... from a
    security standpoint a vm will prevent only a very narrowly defined set
    of things, it's real strength is in being easier to recover in the event
    the machine is compromised...



    --
    "it's not the right time to be sober
    now the idiots have taken over
    spreading like a social cancer,
    is there an answer?"
     
    kurt wismer, Dec 6, 2006
    #12
  13. chuck Guest

    At school they use a program called deep freeze, so every time a
    student restarts a computer anything saved or installed will be wiped
    and restored to a previous point. Whats every ones opinion on deep
    freeze. I don't know much about it but that they use it at my college.

    Chuck


    Todd H. wrote:
    > Sebastian Gottschalk <> writes:
    >
    > > Todd H. wrote:
    > >
    > > > writes:
    > > >
    > > >> In my office we are considering using virtual PC software for security
    > > >> reasons. It is seems to us that by using a virtual PC for web browsing we
    > > >> can protect the host system from malware and virus.
    > > >>
    > > >> Is this assumption correct?
    > > >
    > > > By and large yes. There is talk of some malware that can break
    > > > outside of virtualized jails, but I don't believe it's come to
    > > > fruition yet, at least not publicly.

    > >
    > > Breaking out of various "jails" is pretty trivial, due to numerous lacks of
    > > safe programming (like dropping rights, file descriptors and various other
    > > resources on startup) as well as various methods of IPC. Jails are supposed
    > > to limit attacking surface and protect against random errors.
    > >
    > > If by "jails" you refer to various secure VMs like Java or various complete
    > > PC emulators, I'd like like to see any method to breaking out of these
    > > isolations. At least for VMware (and of course Java) such secure isolation
    > > is a major design goal and therefore well-implemented.
    > >
    > > The most common breakout method is user stupidity. "Oh, it seems to behaved
    > > well inside the VM, so I decided to run the code outside it" is an often
    > > heared result of misconception, since it's almost always (and in real life
    > > always) trivial for malware to detect that it's running inside a VM and
    > > behave accordingly.

    >
    > There was talk about breaking out of VMWare virtual machines at defcon
    > a couple years ago, IIRC. I don't recall the details, but it is
    > something people are working on obviously.
    >
    > However, to the best of my knowledge, there are no known exploits that
    > allow a sploit to extend privilege beyond a vmware virtual machine.
    >
    > --
    > Todd H.
    > http://www.toddh.net/
     
    chuck, Dec 6, 2006
    #13
  14. chuck wrote:

    > At school they use a program called deep freeze, so every time a
    > student restarts a computer anything saved or installed will be wiped
    > and restored to a previous point. Whats every ones opinion on deep
    > freeze. I don't know much about it but that they use it at my college.


    If it's a hardware implementation, this heavily depends on the
    implementation. Because it's controlled by software, an attack on the
    software may or may not have implications - one should make sure that a
    restore actually happens and is not just simulated.

    Purely software-implemented variants would require clearly restricted
    privileges.
     
    Sebastian Gottschalk, Dec 6, 2006
    #14
  15. nemo_outis Guest

    "chuck" <> wrote in
    news::

    > At school they use a program called deep freeze, so every time a
    > student restarts a computer anything saved or installed will be wiped
    > and restored to a previous point. Whats every ones opinion on deep
    > freeze. I don't know much about it but that they use it at my
    > college.
    >
    > Chuck
    >


    Deep Freeze can be broken/bypassed. Google on "unfreezer." And there are
    several "roll your own" bypass methods; see for instance:


    http://www.netscape.com/viewstory/2006/09/15/unfreeze-the-deep-freeze-step-
    by-step-tutorial-to-bypass-security/?url=http%3A%2F%
    2Fwww.ethicalhacker.net%2Fcomponent%2Foption%2Ccom_smf%2FItemid%2C49%
    2Ftopic%2C658.0%2F&frame=true


    Regards,
     
    nemo_outis, Dec 6, 2006
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Egbert Nierop \(MVP for IIS\)

    MAC filtering safe enough?

    Egbert Nierop \(MVP for IIS\), Sep 14, 2005, in forum: Wireless Networking
    Replies:
    10
    Views:
    4,840
  2. Voetleuce

    Moz virus safe?

    Voetleuce, Aug 7, 2003, in forum: Firefox
    Replies:
    1
    Views:
    1,148
    ho alexandre
    Aug 9, 2003
  3. English Patient
    Replies:
    3
    Views:
    2,026
    Old Gringo
    Oct 4, 2004
  4. Soapy
    Replies:
    1
    Views:
    731
    The Magnificent Bastard
    Aug 16, 2004
  5. Soapy
    Replies:
    1
    Views:
    791
    Steve Leyland
    Aug 16, 2004
Loading...

Share This Page