Keyloggers and Virtualization

5

Whilst pondering about security, and setting up different VM for certain online activities deemed more risky or requiring extra security (banking, or visiting untrusted websites, etc), I came to think about how such a setup (different VMs for different uses) would defend me against a keylogger.

So, two questions then:

1: If a keylogger has been installed inside a VM, can it capture data outside its own VM?

2: The opposite, does a keylogger in a host capture strokes typed within a VM residing in that host?

My bet would be No and Yes respectively, but I really have no idea. Anyone else does?

paranoid

Posted 2010-09-23T16:54:33.597

Reputation: 53

Answers

2

  1. No

  2. Yes

A keylogger runs as software or driver within the machine, it will be limited to the virtual machine it is on.

If the keylogger is installed on a host, it will capture all data on the host. It is possible that some virtualisation software has its own hook that overwrites the keylogger, but I doubt it.

William Hilsum

Posted 2010-09-23T16:54:33.597

Reputation: 111 572

Thanks, that makes sense and it's what I thought it would happen. – paranoid – 2010-09-24T11:50:28.533

2

There is always a chance that there are vulnerabilities in the virtualization software. This in turn could allow malicious software to "escape" into the host OS:

http://secunia.com/advisories/18162/

So the answer would then be: 1. Possible 2. Yes

jmiserez

Posted 2010-09-23T16:54:33.597

Reputation: 977

Nice finding =S, good to know – HappyDeveloper – 2012-05-27T01:30:36.253

Asked: 2010-09-23T16:54:33.597

Viewed: 1 221 times

Active: 2013-06-27T09:28:14.250