Results 1 to 4 of 4

Thread: Question for Oldsod.

  1. #1
    wstern Guest

    Default Question for Oldsod.

    Hi Oldsod,

    I just wanted to get your opinion on a different approach to security (using a Virtual Machine with VMWare 5.5.8).

    Consider the following scenario:

    You have a Windows XP based computer with ZAISS.
    You disable all browsers, and any clients which can connect with the internet.

    You sole interaction with the internet (Browsers, email clients, IM clients, Skype, etc)
    is done using the Virutal Machine (A plain and simple clean Windows XP image).

    You set the VMWare VM so that after you exit it, it automatically reverts back to its original configuration,
    erasing any malware, changes in settings, etc that might have occurred during the session.

    You also configure the VM so that its totally encapsulated - No shared folders, disable cut and paste of files and clipboard.

    My understanding of a virtual machine configured this way is that no malware can escape out of it to your physical machine.
    Please correct me if this is not an accurate statement? Also, please let me know if you feel this system would be "bullet proof"
    even if visiting the most dangerous sites on the web using the VM?

    Thanks,

    Bill

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Question for Oldsod.

    Kind of complicated and needs patience?
    Why not run in the limited user accounts?

    I just use a live linux distro on media disk if going to the bad parts of the web .... really simple and it is not possible to get infected in any way what so ever.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    wstern Guest

    Default Re: Question for Oldsod.

    Hi Oldsod,

    Thanks for your reply. Yes, booting the Linux OS off of a "Read Only CD" should provide protection
    because the Linux OS booted off the CD shouldn't know how to access an NTFS disk volume to infect files on it.
    Also, the malware would have trouble infecting the Linux OS running in Ram.

    The flaw I see is that a Master Boot Record rootkit could conceivably infect the boot sector on the c: drive
    (provided it was able to handle infecting the Linux OS in Ram).

    Another drawback to that approach is that any malware infecting the Linux OS running in Ram
    could conceivably infect other NATed computers on your home network, if the infection turned out
    to be a worm and your Linux OS had no outgoing firewall configured.

    In my view, no security suite or Anti-virus software can protect you against most new drive by downloads
    from innocent trusted websites which are hacked to disperse drive by downloads.

    The VM idea should provide safety, because any malware can't escape the VM to your real computer,
    and if you set the VM to automatically go back it its original clean snapshot after you power it down,
    the malware would automatically get deleted anyway.

    Bill

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Question for Oldsod.

    "The flaw I see is that a Master Boot Record rootkit could conceivably infect the boot sector on the c: drive
    (provided it was able to handle infecting the Linux OS in Ram)."

    It can not infect the MBR asthe hdd is not used or it is 'inactive' while using the live linux distro.
    Plus what are the chances of getting a windows infection while seen on the internet as a linux and what are the chances of getting a MBR infection in the first place?

    "Another drawback to that approach is that any malware infecting the Linux OS running in Ram
    could conceivably infect other NATed computers on your home network, if the infection turned out
    to be a worm and your Linux OS had no outgoing firewall configured."

    Of the dozen or so known malware designed just for linux, these would not cross over to the other windows machines (they are desgned for linux not for windows)...plus any windows type of malware would be unable to 'run' on a linux as you say, so no chance of infections.
    Thus impossible for a worm to even run on the linux while in memroy and then infect the windows machine.
    The linux live distro can not be infected because it is hard coded onto the media disk and can not be changed or altered.
    Thus a windows worm cannot run in memory of a live distro to infect windows - it needs a drive on that computer to write to and there is none available.

    PLUS there should be a software firewall running on the other LAN connected windows machines (even windows firewall would stop unwanted connection attempts from an infected LAN computer)

    "In my view, no security suite or Anti-virus software can protect you against most new drive by downloads
    from innocent trusted websites which are hacked to disperse drive by downloads."

    There is...it is called brain.exe
    (you may have to translate that page).

    Please give real examples of these possible exploits that you have described and in good detail so that arguement can be further examined.
    If you claim these possible exploits, then please provide examples and with explainations or descriptions.

    Oldsod.

    Message Edited by Oldsod on 05-06-2009 01:52 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •