1

I'm running a windows 8.1 machine. On it I have bitdefender free av and Malwarebytes free that I scan occasionally. When I think a site may be sketchy to go to, I start my cyberghost VPN free version then start a virtual machine through virtualbox of a trial win 8.1. On that it has bitdefender free av and Malwarebytes premium trial. Typically after going to the sketchy site I reset the modem and router after closing the VM then closing the VPN. Is this over kill? Or is this not enough? I feel like the set up is pretty unpenetrable but I'm also starting to question that. Is it possible to infect my network by going to something sketchy even with this protection? Others use this network that's why I'm asking. Are there any suggestions of what else I can do? I started doing this because I was watching videos on reverse engineering viruses and they said to do it in a vm. Any help is appreciated, thanks.

EDIT I use chrome browser with ublock origin. When I use the virtual machine I have several snapshots that I revert back to after usage (several because after Malwarebytes premium trial ends I revert to before install, change Mac address and install again). My primary concern is I don't want malware or to infect my network, I'm not super concerned about privacy (meaning I understand a free VPN can still sell my info potentially) I just use the VPN to hide my network from malicious sites, is this not right?

argetlam5
  • 11
  • 3
  • 3
    *Is this over kill? Or is this not enough?* - it could be either depending on your personal security requirements. – Philipp Aug 09 '17 at 11:52
  • Related question: https://security.stackexchange.com/questions/129639/protection-from-ransomware-using-virtual-machine/ – Philipp Aug 09 '17 at 12:01
  • 5
    Have you ever asked yourself how the vendor still gets money when giving away "free" products (AV, VPN...)? Related: [Hotspot Shield VPN throws your privacy in the fire, injects ads, JS into browsers – claim](https://www.theregister.co.uk/2017/08/07/hotspot_shield_deceives_with_false_privacy_promises_complaint_claims/). – Steffen Ullrich Aug 09 '17 at 12:28

2 Answers2

3

I feel like the set up is pretty unpenetrable but I'm also starting to question that

Never assume you're invulnerable. It's probably good to be paranoid, but you should define the threat first. What are you worried about getting?

On it I have bitdefender free av and Malwarebytes free that I scan occasionally

This tells me you're worried about malware, right?

Let's look at what you're doing:

I start my cyberghost VPN free version then start a virtual machine through virtualbox of a trial win 8.1

This is wrong. You should be starting the VM, taking a snapshot of the VM, then starting the VPN from inside the VM before browsing to the site. Then, when you're done with the "sketchy site," turning off the VM and restoring the snapshot to a previous time.

This effectively wipes the virtual machine back to the state before you went to the site. "Like it never even happened."

Typically after going to the sketchy site I reset the modem and router after closing the VM then closing the VPN. Is this over kill

This is pointless in terms of securing your machines after "visiting a sketchy site." It's more important that your VPN provider does not keep any logs of personally identifiable information. See also: Which VPN Services Keep You Anonymous in 2017?.

A VPN hides your current address. It does not provide security against viruses. Your router is simply a connection upstream. If your VPN collects info on you, resetting your router is pointless. It's also not relevant.

Is it possible to infect my network by going to something sketchy even with this protection

Yes. Zero day flaws in the operating system make everyone vulnerable. Spear phising and other targeted attacks make you vulnerable. Your humanity is probably your weakest link, but if you're not the active target of a state or bad actor, you probably don't have to worry about this. If you are keeping your hypervisor, operating system and VM operating system up-to-date, you should be pretty well protected.

I also seem to notice that you don't have security installed on your VM? THis topic is a bit of a holy war right now since AV increases the attack surface and relies on hooks in the OS, many people think that 3rd party AV is a bad idea. Still others highly recommend it (Lawrence Abrams from bleepingcomputer.com did an interview with Leo Laporte on TWiT stating he thinks people still need it).

You should (at least) be running Windows Defender on the VM.

You fail to mention what browser you're using... right now Chrome appears to be the most secure, but you should have uBlock origin, https everywhere, and privacy badger running in it... in the VM.

Still one other thing you can do if you're really paranoid ... Tor Browser on top of the VPN with all those add-ons.

But quite honestly, you could very much simplify your life by getting an old laptop, and running Tails from a USB stick from your local Starbucks. Of course, the sketchy site must really be appetizing to make you want to leave the house. But then again ... security is diametrically opposed to convenience.

You could always just ... not visit the sketchy site too.

DrDamnit
  • 854
  • 4
  • 12
  • Why do you suggest using a VPN inside the virtual machine instead of outside? Also I do have an av in my VM as stated above, it's the same as my host computer, bitdefender, which I thought was one of the top antiviruses out there (typically one of the first to catch the ransomware attacks), it also has a premium trial version of Malwarebytes. – argetlam5 Aug 09 '17 at 19:13
  • When you want to encrypt something, you want as close to "end-to-end" as you can get. Starting a VPN on your own computer and then launching the VM to browse the internet does not necessarily mean that your traffic will be encrypted (depends on the configuration and routes). But, you are bringing the bad traffic *through* your computer if you aren't starting it in the VM. Think of it this way: if you had mud on your shoes, would you walk through the front door of the house to get to the show in the middle or would you rather teleported straight to the shower? – DrDamnit Aug 09 '17 at 19:53
0

None of your setup protects you from vulnerabilities in VirtualBox that can be leveraged to gain control of your system. VirtualBox is good for malware analysis assuming the malware does not target VirtualBox. Windows is not ideal for security, antivirus has many limitations and VPNs can be compromised whether they're free or paid. Tor is another option, but exit nodes can be compromised.

Long story short 'inpenetrable' is not a word used in computers and computer networks. Disclaimer, I don't have anything to do with Qubes or any OS but research into a 'reasonably secure' operating system like it could help show the flaws in the Windows/VirtualBox combo for anything besides trivial malware analysis. Don't run malware you don't trust in a virtualbox, and always keep it updated.

flerb
  • 450
  • 2
  • 14