2

I'd want to ask, what's the safest environment to run potentially unsafe software?

I'm aware that this question may be very tricky, because each of those may have its flaws, but generally speaking which of those 3 sounds like safest option?

Hyper V - Windows 10 as host & guest

Virtualbox - Windows 10 as host & guest

Windows Sandbox?

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
Joelty
  • 219
  • 1
  • 3
  • ESXi as host, anything else as guest. – Overmind Feb 03 '20 at 13:29
  • 1
    Whatever environment makes it easiest/most likely for you to update is the safest. For me this is Hyper-V since it updates when Windows does (automatically and without regard to my current desires). – user Feb 03 '20 at 13:47
  • I second to ESX. It's an environment designed for virtualization, not an add-on. – ThoriumBR Mar 05 '20 at 00:25

2 Answers2

0

Like others have said, I would pick Hyper-V out of the options as it is a Type 1 hyperviser with alot of support from Microsoft. They also offer Hyper-V Server for free so you could make a dedicated hypervisor which uses minimal resources (no GUI for instance).

However (and the reason for my answer) is that I wouldn't suggest looking at Windows Sandbox and Hyper-V as mutually exclusive. The reason is that Sandbox by its very nature is a fresh image at each activation which is deleted upon closure. Not only does this mean you cannot forget to (for instance) rollback a checkpoint after installing a bad package, it also means you will reduce any environment conflicts or misconfigurations when testing the software.

If persistence is required then Hyper-V is the way to go. I have used both, with Hyper-V hosting a 'work' VM that might have possibly instrusive software and sandbox if I am testing a once off.

PS. If you need 3D acceleration MS have deprecated the RemoteFX adapter, so if this is a requirement you may be back to VirtualBox or (not in your list) VMware Workstation Pro. You could use DDA (discrete device assignment) to passthrough a GPU with Hyper-V server but this is likely overkill for a testing VM

anotherusername
  • 320
  • 1
  • 6
-1

From these three I would pick Hyper-V. The reason for this is the number of CVE vulnerabilities currently disclosed for these products are lowest for Hyper-V. Additional factor for choosing Hyper-V over others - is that Hyper-V is an Enterprise product, and thus there are higher chances that vulnerabilities will be mitigated faster that for the other, freeware products.

Hyper-V uses traditional architecture, where in standard configuration Hypervisor stands between guest and host hardware. Hyper-V offers much more tools than the other too for forensics.

However, a thing to note, that most current malware have defense mechanisms that allow it to detect hardwareID and some other things to stay silent and safe if it was launched on on Virtual Machine.

As for me, I personally would choose VMWare, simply because I have more experience with it.

Rashad Novruzov
  • 658
  • 2
  • 13
  • 1
    "the number of CVE vulnerabilities currently disclosed for these products are lowest for Hyper-V" - so maybe its the most secure - or maybe nobody gets to see the code. Or maybe its not used very much. – symcbean Oct 31 '20 at 16:08
  • 3
    Using a lack of CVEs as evidence of software being secure is just **plain wrong**. It's like saying "If we don't test, we won't have any vulnerabilities and therefore we are secure." –  Mar 30 '21 at 08:58
  • I am open to any suggestions on how ELSE to rate the overall security of the WELL-KNOWN product. The lack of CVEs does not automatically make it less or not tested at all. – Rashad Novruzov Apr 29 '21 at 15:03