Is it safe?

In my office we are considering using virtual PC software for security
reasons. It is seems to us that by using a virtual PC for web browsing we
can protect the host system from malware and virus.

Is this assumption correct?

David

--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB

dmacias666@LABridge.com wrote in
news:20061205115935.230$VQ@newsreader.com:

> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web
> browsing we can protect the host system from malware and virus.
>
> Is this assumption correct?
>
> David
>


While not completely bombproof (nothing is!) it is an excellent solution.
Be aware that there already is an excellent "packaged" version of this "net
appliance" approach (augmented with Tor, etc.): Janus VM.

http://janusvm.peertech.org/

Regards,

What is your opinion about Parallels virtual software?

David Macias


comphelp@toddh.net (Todd H.) wrote:
>
> By and large yes. There is talk of some malware that can break
> outside of virtualized jails, but I don't believe it's come to
> fruition yet, at least not publicly.
>
> But VMWare Workstation is a much better product choice than Virtual
> PC, by all accounts from those who have used both (including friends
> who are Microsoft employees who lament that they must use Virtual PC
> and not vmware).
>
> Best Regards,

--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB

dmacias666@LABridge.com writes:

> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web browsing we
> can protect the host system from malware and virus.
>
> Is this assumption correct?

By and large yes. There is talk of some malware that can break
outside of virtualized jails, but I don't believe it's come to
fruition yet, at least not publicly.

But VMWare Workstation is a much better product choice than Virtual
PC, by all accounts from those who have used both (including friends
who are Microsoft employees who lament that they must use Virtual PC
and not vmware).

Best Regards,
--
Todd H.
http://www.toddh.net/

"Sebastian Gottschalk" <seppi@seppig.de> wrote in message
news:4tlnegF14m0ioU1@mid.dfncis.de...
> dmacias666@LABridge.com wrote:
>
>> In my office we are considering using virtual PC software for security
>> reasons. It is seems to us that by using a virtual PC for web browsing
>> we
>> can protect the host system from malware and virus.
>>
>> Is this assumption correct?
>
> As for the statement alone, this is not correct. Normally you use various
> file sharing methods to transfers files from inside the VM to the outside,
> whereas they may be executed. VMware with it's drap-and-drop functionality
> offers a certain method of IPC.

Ignore this fool. Yes - VPC using ICS is fine - a good sandbox for malware.
Simply 'close' and discard changes.

> At any rate, with proper configuration, it shouldn't be possible to
> exploit
> such ways non-interactively.

Dur. All PC's require interaction - unless you consider 'powered off' as a
valid state.


> On the other hand, this entire concept seems to be a big overkill. And why
> should especially web browsing be a big security problem?

I see? You hide behind a mask of stupidity....

Carry on.....

dmacias666@LABridge.com writes:

> What is your opinion about Parallels virtual software?
>
> David Macias

Hi David,

I'm not familiar with it at all.

--
Todd H.
http://www.toddh.net/

Sebastian Gottschalk <seppi@seppig.de> writes:

> Todd H. wrote:
>
> > dmacias666@LABridge.com writes:
> >
> >> In my office we are considering using virtual PC software for security
> >> reasons. It is seems to us that by using a virtual PC for web browsing we
> >> can protect the host system from malware and virus.
> >>
> >> Is this assumption correct?
> >
> > By and large yes. There is talk of some malware that can break
> > outside of virtualized jails, but I don't believe it's come to
> > fruition yet, at least not publicly.
>
> Breaking out of various "jails" is pretty trivial, due to numerous lacks of
> safe programming (like dropping rights, file descriptors and various other
> resources on startup) as well as various methods of IPC. Jails are supposed
> to limit attacking surface and protect against random errors.
>
> If by "jails" you refer to various secure VMs like Java or various complete
> PC emulators, I'd like like to see any method to breaking out of these
> isolations. At least for VMware (and of course Java) such secure isolation
> is a major design goal and therefore well-implemented.
>
> The most common breakout method is user stupidity. "Oh, it seems to behaved
> well inside the VM, so I decided to run the code outside it" is an often
> heared result of misconception, since it's almost always (and in real life
> always) trivial for malware to detect that it's running inside a VM and
> behave accordingly.

There was talk about breaking out of VMWare virtual machines at defcon
a couple years ago, IIRC. I don't recall the details, but it is
something people are working on obviously.

However, to the best of my knowledge, there are no known exploits that
allow a sploit to extend privilege beyond a vmware virtual machine.

--
Todd H.
http://www.toddh.net/

dmacias666@LABridge.com wrote:
> In my office we are considering using virtual PC software for security
> reasons. It is seems to us that by using a virtual PC for web browsing we
> can protect the host system from malware and virus.
>
> Is this assumption correct?

yes and no...

yes because the trivial stuff that comes in through your browser will
almost certainly be prevented from getting into your physical machine
(barring acts of stupidity)...

no, because it won't stop malware and viruses that use a vector other
than web browsing to get to you... no because you can still
theoretically do something stupid and transfer malware from the vm to
the physical machine and execute it... and no because the separation
between the physical and virtual machines is not necessarily bulletproof...

and one thing you may want to consider - just because your physical
machine is protected (to a large extent) from being compromised, that
doesn't mean that you are protected... specifically, if the vm is
compromised by adware then you will see ads, if the vm is compromised by
a spambot then you will spew spam, if the vm is compromised by a virus
or worm then you will spew replicative malware, and (perhaps most
importantly) if the vm is compromised by spyware then everything you do
in that vm (every website password you enter, every bank account you
access online, every credit card you make an online purchase with) will
potentially be compromised...

the vm may protect the physical machine but it won't protect you in and
of itself, it will need to have host-base security software
(anti-malware and/or whatever else you'd normally use to protect a
desktop with) running on it (which will make it rather slow)... from a
security standpoint a vm will prevent only a very narrowly defined set
of things, it's real strength is in being easier to recover in the event
the machine is compromised...



--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

At school they use a program called deep freeze, so every time a
student restarts a computer anything saved or installed will be wiped
and restored to a previous point. Whats every ones opinion on deep
freeze. I don't know much about it but that they use it at my college.

Chuck


Todd H. wrote:
> Sebastian Gottschalk <seppi@seppig.de> writes:
>
> > Todd H. wrote:
> >
> > > dmacias666@LABridge.com writes:
> > >
> > >> In my office we are considering using virtual PC software for security
> > >> reasons. It is seems to us that by using a virtual PC for web browsing we
> > >> can protect the host system from malware and virus.
> > >>
> > >> Is this assumption correct?
> > >
> > > By and large yes. There is talk of some malware that can break
> > > outside of virtualized jails, but I don't believe it's come to
> > > fruition yet, at least not publicly.
> >
> > Breaking out of various "jails" is pretty trivial, due to numerous lacks of
> > safe programming (like dropping rights, file descriptors and various other
> > resources on startup) as well as various methods of IPC. Jails are supposed
> > to limit attacking surface and protect against random errors.
> >
> > If by "jails" you refer to various secure VMs like Java or various complete
> > PC emulators, I'd like like to see any method to breaking out of these
> > isolations. At least for VMware (and of course Java) such secure isolation
> > is a major design goal and therefore well-implemented.
> >
> > The most common breakout method is user stupidity. "Oh, it seems to behaved
> > well inside the VM, so I decided to run the code outside it" is an often
> > heared result of misconception, since it's almost always (and in real life
> > always) trivial for malware to detect that it's running inside a VM and
> > behave accordingly.
>
> There was talk about breaking out of VMWare virtual machines at defcon
> a couple years ago, IIRC. I don't recall the details, but it is
> something people are working on obviously.
>
> However, to the best of my knowledge, there are no known exploits that
> allow a sploit to extend privilege beyond a vmware virtual machine.
>
> --
> Todd H.
> http://www.toddh.net/

"chuck" <chuckzito@gmail.com> wrote in
news:1165434547.985030.245920@l12g2000cwl.googlegr oups.com:

> At school they use a program called deep freeze, so every time a
> student restarts a computer anything saved or installed will be wiped
> and restored to a previous point. Whats every ones opinion on deep
> freeze. I don't know much about it but that they use it at my
> college.
>
> Chuck
>

Deep Freeze can be broken/bypassed. Google on "unfreezer." And there are
several "roll your own" bypass methods; see for instance:


http://www.netscape.com/viewstory/20...p-freeze-step-
by-step-tutorial-to-bypass-security/?url=http%3A%2F%
2Fwww.ethicalhacker.net%2Fcomponent%2Foption%2Ccom _smf%2FItemid%2C49%
2Ftopic%2C658.0%2F&frame=true


Regards,