VMware Communities
UlyssesOfEpirus
Enthusiast
Enthusiast
‎11-10-2012 03:31 PM
Jump to solution

Prevent future host infection from spreading to a VM

Been browsing the internet using VM's for years but available hardware is getting too old for this and now the host will have to be used for browsing, with browser sandboxing or even system sandboxing (deepfreeze).

If all personal data is kept encrypted in a VM from now on, and this VM has no access to the internet, and the host gets infected or owned by a hacker, then how can the host infection be prevented from spreading to the VM?

Can a hacker's keylogger running in the host make a recording of what I am typing inside the VM? And therefore steal the password typed to access truecrypt-encrypted personal data in the VM?

0 Kudos
1 Solution

Accepted Solutions
avanish321
Expert
Expert
‎11-10-2012 09:24 PM
Jump to solution

1) Well if you are sure that your VM is not yet infected, I would recommend you to take the backup of entire VM or, take snapshot of the current state.

Second, install any latest version of Antivirus programs ( Avast, macaffe ) .

And if you are concerned about keyloggers on host, connect a secondary keyboard to your guest directly. For Details, refer this Article

Cheers! Avanish

View solution in original post

0 Kudos
6 Replies
avanish321
Expert
Expert
‎11-10-2012 09:24 PM
Jump to solution

1) Well if you are sure that your VM is not yet infected, I would recommend you to take the backup of entire VM or, take snapshot of the current state.

Second, install any latest version of Antivirus programs ( Avast, macaffe ) .

And if you are concerned about keyloggers on host, connect a secondary keyboard to your guest directly. For Details, refer this Article

Cheers! Avanish
0 Kudos
UlyssesOfEpirus
Enthusiast
Enthusiast
‎11-10-2012 11:25 PM
Jump to solution

Thanks. Aren't there some .vmx options to completely isolate the VM from the host so no access to the (encrypted) VM is possible even if the hacker finds a way to disable antivirus software?

0 Kudos
avanish321
Expert
Expert
‎11-10-2012 11:57 PM
Jump to solution

Yes there is. But it can be done in gui itself.

1) If you do not want internet connection in guest at all, change the network setting to host only.

2) Disable shared folders

3) disable drag and drop / copy and paste under guest sharing.

This way you can have total isolation

Cheers! Avanish
UlyssesOfEpirus
Enthusiast
Enthusiast
‎11-11-2012 12:02 AM
Jump to solution

I was concerned with virtual hardware backdoors that vmware have put in to make VIX possible.  Can this sort of thing be safely disabled?

0 Kudos
WoodyZ
Immortal
Immortal
‎11-11-2012 03:41 AM
Jump to solution

avanish wrote:

Yes there is. But it can be done in gui itself.

1) If you do not want internet connection in guest at all, change the network setting to host only.

2) Disable shared folders

3) disable drag and drop / copy and paste under guest sharing.

This way you can have total isolation

You do not have total isolation because the Host Only Network is a path between Host and Guest and vice verse.  Even disabling the NIC along with other things you mention doesn't completely isolate the VM if VMware Tools are installed since vmrun and or VIX API technically could be called into play.

0 Kudos
WoodyZ
Immortal
Immortal
‎11-11-2012 03:49 AM
Jump to solution

What sites are you going to that has you so concerned!? Smiley Happy  In addition to normal best practices for safe surfing you might also employ the use of the free Norton DNS.

0 Kudos