Vicenarian
Active Member
- Reaction score
- 19
Ok, so let's say a person wanted to practice removing various malware, by creating a VM and infecting it, then removing the malware. Now, for this to be safe, we have to take some things into consideration.
The main thing I'm worried about is this...worms (and other malware I guess) can spread throughout a network (somehow)...so basically I'm thinking a worm in a guest Virtual Machine could theoretically spread via the host machine's virtualized network adapter (In virtualbox, being the "VirtualBox Host-Only Ethernet Adapter" driver), and then into your home/business network, infecting other computers, which would be very, very bad. I'm no networking expert, so that's why I need some help. How can this be prevented? What steps can a person take to quarantine (as much as possible) malware to a guest OS, and not let it spread to the host and it's network?
Here's my take on it, feel free to add/remove/edit anything:
1. Set up a dedicated Linux host machine with no windows partitions (entirely Linux, so in case malware somehow escapes the Virtual Machine, it won't do damage/infect the host machine itself and/or any windows OS located thereon).
2. Connect the host machine physically to a hardware firewall and then to a router??? Set up settings on the router/firewall???
3. Make sure all "shared folders"/"guest additions" etc. and other unsafe features are disabled in the virtualization software.
4. Install a software firewall on the shared virtual network connection between the host and guest OS. (Like in Virtualbox, a "VirtualBox Host-Only Ethernet Adapter" driver is installed on the host machine, so the guest OS can receive network connections)
5. Invest/use a router that is not vulnerable to "router worms" (Worms that can infect routers and spread across your network) I have no idea how this works, how feasible this is, nor how important this step is. Just throwing out ideas.
Anyway, those are my newbie ideas. Please add whatever input you can, as having a sort of standard procedure in creating a safe malware testing environment would be a great asset to many, I am sure.
The main thing I'm worried about is this...worms (and other malware I guess) can spread throughout a network (somehow)...so basically I'm thinking a worm in a guest Virtual Machine could theoretically spread via the host machine's virtualized network adapter (In virtualbox, being the "VirtualBox Host-Only Ethernet Adapter" driver), and then into your home/business network, infecting other computers, which would be very, very bad. I'm no networking expert, so that's why I need some help. How can this be prevented? What steps can a person take to quarantine (as much as possible) malware to a guest OS, and not let it spread to the host and it's network?
Here's my take on it, feel free to add/remove/edit anything:
1. Set up a dedicated Linux host machine with no windows partitions (entirely Linux, so in case malware somehow escapes the Virtual Machine, it won't do damage/infect the host machine itself and/or any windows OS located thereon).
2. Connect the host machine physically to a hardware firewall and then to a router??? Set up settings on the router/firewall???
3. Make sure all "shared folders"/"guest additions" etc. and other unsafe features are disabled in the virtualization software.
4. Install a software firewall on the shared virtual network connection between the host and guest OS. (Like in Virtualbox, a "VirtualBox Host-Only Ethernet Adapter" driver is installed on the host machine, so the guest OS can receive network connections)
5. Invest/use a router that is not vulnerable to "router worms" (Worms that can infect routers and spread across your network) I have no idea how this works, how feasible this is, nor how important this step is. Just throwing out ideas.
Anyway, those are my newbie ideas. Please add whatever input you can, as having a sort of standard procedure in creating a safe malware testing environment would be a great asset to many, I am sure.