I am planning to use VirtualBox to test some malware and security solutions. I use CIS on my host PC. Now, VirtualBox is a safe application according to Comodo so I should be fine. But just to be sure, is there a way for an infected guest (running under VirtualBox) to infect my host PC? For example could a worm propagate trough the network between the guest and the host and affect my host? I obviously need internet connection in my guest so I can not disable the network.
Other issues, like shared folders/clipboard, are not a concern as I can easily disable them.
I would suggest that VMWare is a better solution for testing security products.
The OS emulation of VirtualBox isn’t adequate for certain security technologies. As such, some security products will not function as expected, so any results garnered from such a test cannot be trusted. Did the malware get past the security product, or was the product unable to act properly due to the limitations imposed by VirtualBox?
I don’t have any pointers on how to adequately isolate your VM from your host.
Yea as Comodo Support has said Virtual Box is not supported…
Because it’s doesn’t completely Virtualize correctly as Vmware.
All they really say is not to use it…
Nothing happened yet, I just asked if it could happen. If there is a possibility.
But if I use VMWare instead of VirtualBox, the question remains: could an infected guest pose a threat to my host?
Please correct me if I’m wrong. An infected VM is just like an infected physical machine on my network. Except it is seen as SAFE by the AV, because the process running the VM is a safe process. So, assuming a worm is VM-aware and infects the VM, then it can try to portscan/attack/exploit vulnerabilities on the host, via the network. Is that possible? What network connection should I chose for my VM (NAT, bridged) and how should I set-up my host firewall for the best protection?
I hope it is a little more clear now, sorry for my not-so-good english. I just want to test AVs in VM and be absolutely sure nothing can infect my host.
You can never be absolutely sure about this…
Malware that can escape a VM is rare, but it does exist. I always tell people that they should only test malware on a machine they do not care about, because there is always a risk! So use a machine that you don’t have problems wiping it if it becomes infected, or you have backups of the machine.
There is no way to completely isolate the VM from the host machine if you require networking, since the networking adapter provides a link between the two. NAT would be the safest mode to use.
You’ll also want to disable any file sharing between the VM and the host.
And this is likely obvious, but I feel I have to state it. Disconnect your host machine from your LAN so if it happens to become infected, it will not be able to spread to other machines on your network.