Safe Web Surfing - Can using a Virtual Machine (Virtualbox, VMware, etc.) deliver?

[corinthos]

Hi, I am wondering if web surfing can be made most secure by using something like VirtualBox to do all of your FireFox web browsing in, or if there are security concerns there too.

Thanks in advance!

 

[Aberforth]

All this virtualization techniques are just a patch work, but they do prevent from large scale disasters. Yet, the fact remains there are still flaws in the program which is open to attacks, people are just too lazy to write rock-solid code so there should be no need for virtualization but they come up with these stupid virtual ideas to make their lives a little easier.

Virtualization does have disadvantages, it will tax system performance, speed, memory and will be open to memory/buffer attacks.

 

[her209]

It may not stop the propagation of a virus from the VM to the other computers in your network but any spyware/malware installed on the VM will be wiped off instantly when reverting back to clean the baseline snapshot.

 

[ViRGE]

Originally posted by: her209
It may not stop the propagation of a virus from the VM to the other computers in your network but any spyware/malware installed on the VM will be wiped off instantly when reverting back to clean the baseline snapshot.

Assuming of course the attacker isn't trying to break out of the VM. VMWare for example has had to patch flaws in their system where programs inside the VM could break out and access the host. A VM is only mostly secure, and it's going to be notably less secure if it's an older version with a known flaw.

 

[Jeff7181]

Only the nastiest of nasties will break out of a virtual machine. I'd go as far as to say you'd have to TRY to get a virus capable of such as it hasn't been a concern for many many many years. A very minuscule percentage of viruses or other types of malware will be able to break out of a virtual machine and infect the host. The only thing I would suggest to prevent it spreading over the network to your host OS is to make sure your VMs are not on the same network as your host and/or other computers. (ie. don't let it obtain an IP address from your router if your router handles DHCP because it'll put it on the same network)

 

[LumbergTech]

you could also run a different OS in a VM so that theres absolutely no way the virus could tranfser

 

[pallejr]

Originally posted by: LumbergTech
you could also run a different OS in a VM so that theres absolutely no way the virus could tranfser

Why should that be impossible? If there is a security breach in the virtual machine software, which allows it to break out, it is very much possible.

 

[sourceninja]

I think a virtual machine is a little overkill. I'd just use something like sandboxie or in linux running firefox in a chroot.

 

[degibson]

I use this very technique all the time - like all security, its not 100% effective. But unlike many of the options out there, its very close to 100% Surf in a VM honeypot -- it makes a lot of sense to me. I don't even run AV or even firewalls on the VM -- I simply restore it from checkpointed state every time I start surfing.

The only downside is that occasionally I break down and update some software here and there from trusted sources, then make the checkpoint again.

 

[QuixoticOne]

I think it is a great idea to set up a VM to use a web browser in.

Microsoft has one you can test out:
http://www.microsoft.com/downl...413c8ef&displaylang=en

VMWare has others that are almost ready to download and run without doing much anything to them; typically these are LINUX distributions like Ubuntu 8.04.1 or Fedora 9 or whatever with Firefox 3.01.whatever at least in the latest packages of them. Try to find one made within the last few weeks so it'll be more likely to have more of the recent OS and browser security updates already applied to it.
http://vmware.com/appliances/

As others have said, some very nasty kinds of malware can detect VMs and break out of them due to bugs or intentionally insecure configurations of the VM software itself. Needless to say, it is a bad idea to permissively share lots of drives / major folders between the host OS and the VM, et. al.

If the VM has network access, as others have said, it can potentially use the network to attack your local host machine or other machines on your LAN. As others have said, you can set the VM guest to use a more isolated LAN configuration so that it is not on the same logical network as your host machine or other machines on your LAN.

You can start by giving the VM guest an IP address in a different block than the host, e.g. if the host LAN is
192.168.1.10/24, you could set the VM guest as 10.10.0.10/24 to make it harder for IP level packets to go between VM guest and VM host LAN machines.

You could also set up a VLAN if your software / systems support that and put the host LAN on Vlan #1 and the VM guest on Vlan #2 or whatever.

Of course MAC based firewall rules could help also.

You might even be able to share a USB ETHERNET device from the host to the guest and have the guest thereby have a totally isolated physical NIC for its usage.

Even though it is kind of kludgy and I agree with the first response saying that software should just be engineered to be secure in the first place, given the realities of the world, using a VM is a good additional layer of security. It would be unlikely to hurt (make the situation worse) and it might help in most cases.

Make a habit of restarting the VM from a 'clean' image every time or at least if you have any doubt if the VM has been compromised. It is quite possible the VM could get compromised, but it'd be unlikely to spread to the host if you don't let the VM evolve / remain compromised for long under rootkit control.

This sort of configuration would work well with some kind of internet based bookmark system so you can save your bookmarks and share them to the guest VM even after you clean start the VM or don't allow it any persistent local storage use at all.

Playing back stuff like HD video would be a bit limited in the VM due to the lack of GPU / CPU performance compared to the host, but mostly it'd be pretty good.

You could end up with some DRM problems due to the use of the VM if you buy / play DRMed media from the browser in the VM.

It'd be especially good for commerce since you could, say, do your online banking from a clean restart of a VM so you wouldn't have to worry about other browser sessions stealing data from this one or whatever.

IMHO major software programs like browsers, probably even video games, et. al. should just be *designed* to run in a VM from the start. This would minimize security issues and also make the portability of applications between PCs better in the case that you want to upgrade or whatever.


the

 

[violupro]

Why should that be impossible? If there is a security breach in the virtual machine software, which allows it to break out, it is very much possible.

The virus (or malware or w/e) would have to be tailored for specifically this purpose (and I highly doubt any are or would bother to).

For example, say you're running a windows host and a linux guest. If the virus is written for windows, then it won't execute under linux and can never break through any security holes in the VM software. If the "virus" is written for linux, then even if it did break out of the VM it wouldn't be able to execute under windows.

 

[mechBgon]

Exploits can do harm without breaking out of the VM or infecting the OS. A stolen WoW login, PayPal login, etc is worth money. YOUR money. If that can be accomplished with e.g. a Flash Player exploit or a FireFox exploit on a one-time basis, you lose. So even when using a VM, apply best practices.

 

[postmortemIA]

running browser in VM had to have sucky performance ... trailing sound, no video acceleration, one core rendering, etc...

 

[Modelworks]

running browser in VM had to have sucky performance ... trailing sound, no video acceleration, one core rendering, etc...

Actually there is no difference for most users if the VM is set up correctly.


I like sandboxie , 2 minutes to install and just right click it, run web browser in sandbox
I put it through a test of the most popup, virus filled, malware infected sites I could find. It was loaded down with about 20 windows, and examining the virtual file system sandboxie uses there were lots of virus downloaded.

Closed the sandboxie session and reopened the browser, all of it was gone.

This btw is where MS is going with windows 8. All programs will run in their own VM with the OS providing access to the hardware. No program will have direct access to any other programs VM or the hardware, the OS itself remains static and unchanging. You can then set limits for what that VM can do on the system, preventing the browser from becoming infected and bringing down the system.

It would be like using windows now with a very basic install enough to run the drivers and not installing any applications at all. Then you run every single application in its own VM.

 

[Modelworks]

Exploits can do harm without breaking out of the VM or infecting the OS. A stolen WoW login, PayPal login, etc is worth money. YOUR money. If that can be accomplished with e.g. a Flash Player exploit or a FireFox exploit on a one-time basis, you lose. So even when using a VM, apply best practices.

Anyone who is still typing in passwords to sites needs a wake up call. Key loggers are rampant now and hardware based key loggers that go between a keyboard and the usb port can be had for under $20. If not using a password manager people should at least use a onscreen keyboard that works via mouse clicks and not the keyboard itself.

 

[adn258]

THIS WILL BE LONG BUT INFORMATIVE

I've used sandboxie, I've used Virtualbox etc. etc. as a computer programmer and a security consultant I can tell you a little bit about these areas lol.

Malware unfortunately can do anything within it's environment that software can, only in a malicious fashion. Computers only do what they are PROGRAMMED and told to do, nothing more, nothing less; there is no magic with computers.

That being said if you are using a virtual machine I think that is a very viable way to protect yourself while visiting unfamiliar sites etc. I have used a virtualbox FOR MALWARE ANALYSIS which is a little hobby of mine.

We run the malware within a vitrtual environment and if you are doing behavioral analysis you can see what registry keys are being changed, files created, internet connections being made etc. you can also sometimes decompile the malware to try and do code analysis.

Most malware is written in Languages like c++ but once compiled they turn to binary 1'2 and 0's 00001100 just like anything else, and some malware writers will deliberately screw with the code to make it deliberatly HARD TO UNDERSTAND or decompile.

In any case the malware creator would have had to have taken the virtualbox into consideration, and somehow would have to exploit that (I have yet to see this ACTUALLY happen after even deliberately downloading and running malware on a windows VM).

I'm sure it has happened, it's just very rare; thinking like a criminal and virus writer, why would they do this? Some hackers hack for information, but I'd say 90% of hackers now and 90% of malware is used to try and get $$$$. Surprise, surprise, this means if I was writing a hacking tool, virus etc. I'd want to infect the highest numbers of people I could using probability whilst not wasting my time on the what if's. This means the for small number of people using the "what if's", I"d be out of luck with, but why would I care?. Think about it most people don't even know what a Virtualbox or Sandbox is. IF I can't hack the person using a Virtulbox I will simply move on to the other 9 out of ten poor old ladies who don't know crap about computers and have their CC numbers in a text file waiting for me.

If I were hacking people using malware I'd

1.Choose windows since it still has well over 80% of the market; you have the greatest chance of infecting someone.

2. 90% of computer users probably aren't using sandboxes or virtual machines so why bother? You can't get them all, but that's not the point the point is getting a good chunk of people hacked so as to steal their information.




This all being said DON'T FEEL TOO COMFORTABLE YET USING A VIRTUAL MACHINE/SANDBOX!!!!

I frequently like to check a site called malwaredomainslist dot com, to see what projects and tools the best Internets criminals are up too next.

This site is used for people whom run into malware online can then post a link to where it is. Don't get me wrong there are some brilliant computer programmers/hackers out there. In fact I'd be willing some of the smartest criminals and people in the world are right here using the internet to do their bidding's on dumb people .

To give you an idea Ken Jennings from Jeopardy was a software engineer, and half the people I see on that show are. These people aren't stupid. IF one of them turns to the dark side so to speak, they will find a way into "Averagely protected computers". You don't have to worry, they will always figure out a way around all of it, since they are just as smart as the users making the protections like sandboxie, IF NOT SMARTER. There's no system someone can think of that you can't think of a way around it, this has been shown historically time and time again.

Note: "Averagely Protected Computers In There". When and if Windows 8 uses virtualization as part of the core OS what do you think will happen? When virtualization becomes the norm instead of the exception, Script Kiddies may very well have even LESS SUCCESS, but do you think this will stop the Ken Jennings, or brilliant programmers gone to the dark side equivellents? Brilliant programmers and viruses writers will then start creating ways around it "once it becomes the new norm". This is a no Duh right? IT's one of the reasons why Linux and Mac have almost no viruses; nobody cares at this point.
That's not to say you couldn't create a virus for a mac I'm sure you could it's just rearely something you bump into in the wild internet.

Suffice to leave you now and say that a hacker can gain access to your computer, if you're not taking the proper percautions JUST BY VISITING THE WRONG SITE. They could gain access to most computers out there now just BY THEM VISITING THE WRONG SITE. Yes I'll repeat that hackers can hack you just GOING TO a bad web site and have access to ALL YOUR FILES, web sites visited, documents etc on your computer. Pretty creepy eh?
One of the popular methods they use to employ this is a reverse command shell, so they can attain command line access to your computer. I know of sites right now on malware domains that when visited execute exploits THAT STILL haven't been fixed and will use shellcode to give the hacker access to your PC and most users WOULDN'T EVEN KNOW THIS WAS HAPPENING TO THEM.

The attacker simply says hey I found this cool site on the comment section of a web page or something, idiots visit it and BAM they have no idea the attacker now has full command like access to their files, computer etc. Then people wonder why identity theft is so prevellent. I will have you note that if you go to these exploit pages with SANDBOXIE they will spawn back a remote command shell but the command shell i.e. cmd.exe will be running under the supervision of SANDBOXIE.

What this means is that they can still potentially download your files i.e. steal them, however just like anything else running within the sandbox they can't delete or alter anything like add a new user or someting.
One thing I would definitely emphasize users and readers on here to do is go to SANDBOXIE edit in it's control to stop cmd.exe from running within the sandbox. What would happen then is if you go to these exploit pages for instance they would try to open cmd.exe and send that over a port to the attacker but it would simply just close it within the sandbox .
There are ways of hardening sandboxie so as to prevent these types of attacks as well.

 

[bankster55]

Latest vers of comodo (free) 5.XXX has its own sandbox, very effective
Next vers of comodo (V 6.0?) is supposed to attain 100% detection
Dont flame me, thats what THEY say
Just something to keep a heads up for

Best is Win 7 and Ubuntu 10.10 dual boot and strictly use Ubuntu for surfing and email - comes with FF. Just stay out of root (admin)

 

[adn258]

Latest vers of comodo (free) 5.XXX has its own sandbox, very effective
Next vers of comodo (V 6.0?) is supposed to attain 100% detection
Dont flame me, thats what THEY say
Just something to keep a heads up for

Best is Win 7 and Ubuntu 10.10 dual boot and strictly use Ubuntu for surfing and email - comes with FF. Just stay out of root (admin)

Also a viable options as explain is duel booting. 100% detection lol I don't think so? Sandboxie pwns the sandbox in comodo (NOT THAT COMODO IS BAD) it's just that running things like the browser sandboxed actually messes with sound and stuff in your browser.