Is it possible to safely contain a virus - not letting it spread?

10

I need to run a program, but I don't trust the author. I think it is infected with spyware, viruses, or malicious files. I scanned it and didn't find anything, but I'm still not feeling good about it.

So I was thinking to create another Windows user account.

  • Will viruses on one account infect the second account? Do I have to scan both user accounts?
  • And if I removed the account infected, will viruses be removed from the PC?

If that won't work then:

  • Is there any "sandbox" to do some testing and insure that you're PC is safe?
  • Is Virtualbox an option?

I have Windows 7.

Lynob

Posted 2013-08-14T22:16:59.540

Reputation: 3 254

Answers

8

Use Sandboxie. You can get it at sandboxie.com

Using another account will only help if you set the account as limited and the program you're trying to run doesn't request privilege escalation. Running your program in a sandbox like Sandboxie is much safer and easier.

Duke Nukem

Posted 2013-08-14T22:16:59.540

Reputation: 865

. . . and having a backup. – Psycogeek – 2013-08-14T22:48:55.850

@Psycogeek i don't think a backup will work that's why i haven't mentioned it in the question, i searched yesterday and here's what i found http://superuser.com/questions/201468/can-system-restore-remove-virus-from-the-computer

– Lynob – 2013-08-14T22:57:08.477

6system restore , no way. a real whole backup of the system, that is restored fully without the system being operational or existing at all, including MBR. Like acronis from a CD, or some such cloning or imaging methods. – Psycogeek – 2013-08-14T23:00:15.673

I wouldn't trust sandboxie to keep you safe if the app requires privilege escalation. Really, the only safe thing to do is run it in a VM. – Fake Name – 2013-08-15T08:29:45.470

1

@FakeName A VM is not magically secure, there may be flaws: http://en.wikipedia.org/wiki/Virtual_machine_escape

– Tobias Kienzler – 2013-08-15T10:41:54.037

@TobiasKienzler - I know that, but it's sure as hell a lot more secure then just an API wrapper (which is what santboxie is. It wraps the standard windows API, and redirects calls to it into the sandbox). – Fake Name – 2013-08-15T18:45:52.227

@FakeName That is true, I just wanted to state that even a VM (though by design more secure than sandboxie) may not be as secure as an actual physically separated machine – Tobias Kienzler – 2013-08-16T06:43:18.957

Don't forget that viruses can use exploits and zero days to get privilege escalation. There's no way to trust the file without trusting the source. – Gabriel Graves – 2013-08-19T20:38:22.357

13

Note that a problem (the main problem) with solutions like VirtualBox, Vmware, or Windows Virtual PC, is that some (many) viruses are designed to spread to network shares and attached drives.

A solution to this problem is to make sure that your virtual box/machine has no network connections and no attached drives.

Which does make it rather harder to use, and much less convenient. But not impossible. Copy any software you want to test to the virtual box/machine, stop it, disconnect it. Restart it and install/test/use the software you want to install/test/use, then stop and discard any changes that have been made to the virtual machine.

Excel VBA problem with Find

Posted 2013-08-14T22:16:59.540

Reputation: 141

2

When running suspect programs, you have to be aware that the program will infect the operating system of the computer, not just the user account.

To do so semi-safely, it would be best to run some sort of virtualization program like parallels or vmware or others which creates a virtualized instance - another copy of the operating system running partitioned. You could then boot the virtual OS, run the program and then later exit and throw away the virtual copy.

That said, it is highly desirable to NOT do this since it could do things like try to change your router settings or get other info about your LAN devices, damage or transmit info from files it can see and do other things - only limited by how much you allow the virtualized OS to see other things on your LAN.

Blackbeagle

Posted 2013-08-14T22:16:59.540

Reputation: 6 424

Routers have passwords for a reason rouge programs cannot change static settings – Ramhound – 2013-08-15T00:26:23.513

Yeah, but many people don't change the default passwords. More don't disable UPNP. And MANY router software packages are riddled with security flaws that allow for compromising them. – Blackbeagle – 2013-08-15T07:02:30.187

2

From my personally experience if you want to run a program, but do not trust it, don't run it. However, take a look at where the program comes from. Many programs can be found on sites like sourceforge.com, github.com, etc, are open source and are generally peer reviewed - thus are unlikely to harbor a virus.

  • Will viruses on one account infect the second account? Do I have to scan both user accounts? Yes, and yes Viruses will spread (why they are called viruses).
  • And if I removed the account infected, will viruses be removed from the PC? Unlikely - if the viruses was designed well removing directories (users) will not help.
  • Is there any "sandbox" to do some testing and insure that you're PC is safe? Yes, many. This depends on what you want and what type of testing.
  • Is Virtualbox an option? A great option. and free. This will lower the chance of the virus escaping the testing grounds. However, there is still a chance (small) that a good virus can escape.

Mark Lopez

Posted 2013-08-14T22:16:59.540

Reputation: 925

Asked: 2013-08-14T22:16:59.540

Viewed: 922 times

Active: 2018-01-29T13:23:48.650