0

Possible Duplicate:
How secure are virtual machines really? False sense of security?

If I download a file in Guest Windows XP machine in Vmware Workstation, which is a virus. Can it affect the Host OS ?

I understand that the work on Guest OS doesnt affect the Host, but I was amazed when Kaspersky detected threat when I was trying to download a virus in Guest OS. So it made me think that may be Kaspersky is scanning packets and it detected virus in it.

So, can a virus affect the host OS when downloaded to Guest OS ?

I'm using NAT in vmware.

Community
  • 1
Novice User
  • 2,088
  • 7
  • 26
  • 38
  • 1
    possible duplicate of [How secure are virtual machines really? False sense of security?](http://security.stackexchange.com/questions/3056/how-secure-are-virtual-machines-really-false-sense-of-security) - and http://security.stackexchange.com/questions/4097/how-to-ensure-that-virtualbox-guests-cant-break-out-of-the-vm-to-get-access-to and http://security.stackexchange.com/questions/9011/does-a-virtual-machine-stop-malware-from-doing-harm –  May 12 '12 at 14:47

2 Answers2

1

If the VM connected with a bridged connection it could possibly spread via the local area network if the virus has any autospread features or exploits that could target your host OS.

If you had shared folders with the guest os you could also be infected.

Your best bet is running the VM in an isolated network.

h00j
  • 756
  • 1
  • 7
  • 18
  • Correct, but just downloading it using NAT on guest, wont harm it, right ? – Novice User May 12 '12 at 13:37
  • You could still be infected if you had shared folders. – h00j May 12 '12 at 13:43
  • @NoviceUser , No, using NAT on guest is the same as using Bridged, the same as Host-only, in all 3 types, there will be a direct connection on the same subnet between the guest and the host. – sharp12345 Feb 01 '13 at 20:52
1

Indeed, Kaspersky detected it during download as network packets go thru the Host machine (amongst other places, and like many other AV products, Kaspersky filters what goes in/out of the host).

Then, if you didn't install the virus (you only say you downloaded it), there is no risk that your host machine is affected.

If you installed the virus, and if the virus got spreading features (either using exploits or misconfigurations), there is a risk that the host is affected. This is very unlikely though, as you have Kaspersky running on it and it seems able to detect this malware.

ack__
  • 2,728
  • 14
  • 25