0

I want to host an application locally, but I was worried about security of my local files. I decided to 'encapsulate' the application using VirtualBox.

Is that safe for my host OS (Windows)?

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Abdelouahab
  • 103
  • 3

2 Answers2

1

Yes, this approach will certainly help protect your host OS. As a matter of fact, it's an approach I take for most untrusted applications I use, including browsing untrusted web content.

This however is not an absolute way of protecting your host system, it simply increases the attacker's workload substantially. And as a matter of fact there have been exploits that enable applications to escape the virtual "sandbox."

For added security, you should save your guest OS in a known clean state and revert to it after each use.

Vahid
  • 301
  • 1
  • 8
  • the application is simple, but i will host it on my computer, and i fear that some attacker spread a virus ton the host machine, is there any virus knowns? – Abdelouahab Dec 09 '14 at 20:14
1

Yes and No .... But mostly no (Actually Hell no). Virtualisation systems such as workstation or virtualbox are type II hypervisors which run inside of your Host OS, as with a regular processes (like any other program). This means that they use the Host OS's services for things like; networking, outputting graphics, and your I/O devices such as your keyboard and mouse input. Which implies that any given VM is only as secure as your hosting OS. If the hosting OS got compromised ... game over, for both your OS and your VMs.

But this is all kind of the opposite of what you are asking .... So to get to the point.

These type II hypervisors are not designed with security or isolation mind, but instead ease-of-use, performance and seamless integration with the guest OS(s). Not to mention the lack of a trusted window manager and the god awful idea of 'shared clipboards' so you can infect everything through that too YAY!

But by all means use those VM's for your un-trusted activities but I recommend you use an external network Adapter such as an 'alfa awus036h', disable the clipboard (if that's an option) and only enable your VM manager to use specific USB devices.

Also If you are only testing tools and SW you're not entirely certain about ignore everything I just said AHAAH and I'll say for what your doing its just fine but you could use an sandbox such as : Sandboxie - Trust no programs

Hope this helps, Enjoy!

Oavatog
  • 36
  • 3
  • ah! thank you! so it is as risky as making it directly on the os? – Abdelouahab Dec 10 '14 at 03:27
  • 1
    Well not entirely, running it inside of a VM is just another layer of protection that may or may not work depending on how sophisticated the application you are attempting to run is. It's more or a precaution rather than a silver bullet lets say. – Oavatog Dec 10 '14 at 07:01