They actually do a pretty good job when used properly. With current attack technology, an infected guest is unlikely...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to infect the underlying host operating system or other guests, as long as the host and guests are carefully patched and hardened.
So, for example, if you needed to investigate a given malware specimen or surf to a site that might be untrustworthy, you might want to use a guest machine. First, set a revert point (also known as a restore point) on your pristine guest operating system. Then, surf or run the malware to do your analysis. The likelihood of the underlying system getting infected here is very low. After you are done running the malware, you can hit the revert button in your virtualization product and have your pristine system back. To pull all of this off, you can even use VMware's free virtual browser appliance running in its free VMware Player product; the revert options in Player, however, are pretty limited. To get a pristine guest again, use VMware Player and just boot the guest appliance from its original image.
As a disclaimer, this method isn't foolproof. An increasing percentage of malware tries to detect if it is running inside a virtual machine. If savvy malware recognizes such a location, it may alter its functionality and hide or otherwise change some of its most interesting features. So, if malware analysis is your bag, you might want to confirm whether the malware is detecting a virtual machine. For more info on this topic, please check out the presentation that I wrote with my colleague Tom Liston (.pdf). In that paper, we present some mitigation techniques for preventing detection of VMware.
The second area of concern involves the possibility that malicious code could someday escape a virtual machine, jumping from one guest into another guest, or even into the underlying host itself. Such attacks are quite difficult to pull off, and as of this writing, there has been no publicly released code to do so. It's a vibrant area of research, but has to be put in the realm of the theoretical -- for now.
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.