Is virtualizing good for security?

I need to run some malware in a win10 vm to test. I have scoured the internet a little and people have very mixed opinions. Would I be safe? Yes or no? If not, to what extent (being a score) and reasoning.
I am using win10 in a virtualbox with guest editions, no vfio, NAT for network, a single shared folder which is only for moving files from host to guest and not the other way, 5.10 for host kernel, execution cap 95%, on amd 1600, max all cores, nested amd-v enabled, pae/nx enabled, virtualbox drive on seperate drive, 256mb video, 3d acceleration. I update my host every ~week or so. Ask me for any other info you may need.

Yes. :slight_smile:

Then how do you face concerns such as spectre, meltdown, etc. How can it be? I think I need to truly understand how virtualization works to come to a conclusion and that can take a lot of work.

Those are mitigated by the kernel in each operating system. The virtualized operating system runs in an unprivileged mode of the processor ─ it has no access to the registers used by the host OS ─ and it is up to the kernel of said operating system to mitigate the hardware flaws. The host is GNU/Linux, so the host kernel has the mitigation patches already.

That said, Meltdown and Spectre have so far never been exploited in the wild. They have only ever been exploited under laboratory conditions as proof-of-concept attack vectors. And even the word “attack” is a bit of a misnomer, because the only thing they can be used for is the stealing of confidential information from the processor’s cache.

That has brung me more trust in it but I think I will never feel 100% confident in it just because some things still sometimes come and that hardware isn’t separated. I have a few other computers I could run it on but they are far too weak plus convenience of running everything on main desktop is nice unlike some things being having to config screen sharing or using another display (which I own one other of but it is lower than 1600x900 :frowning: ) plus other stuff like electricity bill, not even enough wall plugs, etc.

As I said, the host and the guest will be running in separate processor modes. The host runs in so-called root mode while the guest runs in an unprivileged non-root mode. The processes running in the non-privileged mode do not have access to anything in the root mode.

In addition to that, Windows malware does not run in GNU/Linux. It’s an entirely different operating system design, and it’s even a different binary format. The only way to get Windows malware to do any damage on a GNU/Linux (or other UNIX) system is to run it on the host via wine, and even then still, it would only have access to the user’s home directory.

First of all, I have wine setup. Secondly, having access to /home isn’t nothing. I mean you can view a lot of files and such but, mistake me if I am wrong, couldn’t you modify ~/.bashrc and do practically anything you want with that which can have a significant affect on the system.

But you won’t be running your malware via wine on the host; you will be running it in a VirtualBox virtual machine, which runs completely isolated from your host.

In theory, one could indeed modify ~/.bashrc via malware executed in wine, but it would have to be a very well-directed and purpose-written kind of malware, given that…

  • ~/.bashrc does not normally exist on a Windows system;
  • the malware regards the user’s $HOME as a Windows volume with a drive letter, and thus a different directory structure; and
  • Windows uses a carriage return followed by a newline as the end of a line, while UNIX uses only a newline character to denote the end of a line.

Furthermore, a corrupted ~/.bashrc does not have “a significant effect on the system”. It is only a shell environment initialization file specific to that one user. Nothing inside a user’s home directory can have a system-wide impact.

Again, GNU/Linux is a UNIX/POSIX operating system. It works very differently from Microsoft Windows, which was never even designed to be an operating system.

Not super relevant to what the subject is but interesting so elaborate.

On other points, eh. I guess so. Because it could be done in theory, I am still a bit iffy. I know it sounds retarded for someone to make malware for windows but also somehow escape and then modify bashrc to run malware in wine to somehow do something that can be significant but it isn’t impossible so I won’t feel 100. You could just setup to use unix syntax for when it escapes to do a lot so eh. I think with a lot of effort, it is still possible. Maybe I’m just being so paranoid that I’m going to OD on red pills I’m coming up with. Would be nice to have some input from another member of the community here.

Well, I don’t want it to sound like an echo chamber in here, but I figured I’d chime in before I went to bed to say I agree with @Aragorn if that’s any consolation.

1 Like

Microsoft Windows began its life as a tiling window manager on top of MS-DOS, a single-user, single-tasking and not-network-aware operating system for computers with a 16-bit microprocessor. Later on when more powerful processors became available, a DOS memory extender and a primitive cooperative multitasker were added. But it was all still based upon the paradigm of a non-networked single-user computer.

Eventually, Windows was moved to a new kernel ─ essentially an almost literal copy of the kernel from VMS ─ called NT, but the problem here is that the Windows API was never designed for that kind of thing, and that as such, Windows is basically a bunch of mutually incompatible subsystems held together with nuts, bolts and duct tape, but all neatly obscured by a slick-looking graphical interface.

UNIX, by contrast, was written on and for minicomputers as a multitasking, multiuser and secure operating system, and was already introduced in 1970. It has since then been an industry standard for now 50 years already.

The chances that a meteorite would come falling through the roof of your house and hit you in the cranium are substantially larger. :wink:

Besides, think of it this way: anyone with physical access to your computer ─ which means everyone living in the same house with you ─ is a potential security hazard.

Yes, you are.

So you don’t trust me, and you’re looking for someone who will confirm your bias? :flushed:

2 Likes

That’s why I live in a bunker :grin: (jk)

The people in my house can only just about figure out that the power button turns on the computer and my disks are encrypted with unique passphrases anyways and as long as I am in my room to close it down when feds come rolling in looking for the computer that distributed copies of x and y, I’ll be fine.

yessss. Exactly. Just kidding. Generally better to trust in a community of individuals than just an individual which is how I treat most things in life.

Anyways, thank you for the information :3 .