Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtual Machine?


  • Please log in to reply
11 replies to this topic

#1 Space Monkey

Space Monkey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 17 September 2008 - 12:55 PM

Okay so I was wondering earlier. Is it possible, and if so is it easy enough, to use a Virtual Machine to test files for malware. For example, if you used VM Ware and install Windows or Linux and some security tools on it and tested files on there before using it on your actual PC. So you could determine whether or not a file was clean, and if it was then fair enough you can use it on your actual PC. So, is there any chance that if a file was infected, it could break out of the Virtual Machine and infect your actual PC, rather than just infecting the Virtual PC and you just wiping that and reverting back.

If this can be done, then is there a good free alternative to VM Ware for using Virtual Machines, because as far as I know, VM Ware isn't free and unfortunately I can't purchase it right now. Also, does anybody know of a tutorial or can write one themselves on using a Virtual Machine like VM Ware, for checking files for malware and infections using Virtual Machines. Preferably using Linux as I don't have a spare copy of Windows to use right now, however either will do.

Thanks for reading.

Edited by Space Monkey, 17 September 2008 - 12:58 PM.


BC AdBot (Login to Remove)

 


#2 rickx

rickx

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:09:30 PM

Posted 17 September 2008 - 03:41 PM

an alternative to VM WARE is Microsoft Virtual PC 2007 Free by microsoft.
Download

#3 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:30 PM

Posted 17 September 2008 - 08:47 PM

Check out the info in the links below.

http://tombuntu.com/index.php/2008/04/14/v...-in-ubuntu-804/


Run Windows in a virtual machine using Ubuntu and Virtualbox
http://www.downloadsquad.com/2008/02/10/ru...and-virtualbox/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 Space Monkey

Space Monkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 September 2008 - 04:12 AM

Thanks for the links, however I am currently running Windows. I meant that I want to run Linux in a VM, not that I want to run Windows in one. Sorry for the confusion.

#5 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:30 PM

Posted 19 September 2008 - 10:18 PM

Unfortunately you can't run Windows malware on Linux, virtual
or otherwise.
You can however run malware in a "sandbox"
http://www.sandboxie.com/index.php
VMware Player is free and will allow you to run a
virtual Linux system.
http://www.vmware.com/products/player/

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#6 Space Monkey

Space Monkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 September 2008 - 04:18 AM

Unfortunately you can't run Windows malware on Linux, virtual
or otherwise.
You can however run malware in a "sandbox"
http://www.sandboxie.com/index.php
VMware Player is free and will allow you to run a
virtual Linux system.
http://www.vmware.com/products/player/


Yeah I'm aware of Sandboxes and currently use Firefox in a Sandbox. How would I go about running malware in Sandboxie?

#7 Space Monkey

Space Monkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 September 2008 - 02:31 PM

And about VM Player, is it the same thing as Workstation? Can I just load up an Ubuntu ISO and install it?

#8 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:30 PM

Posted 20 September 2008 - 05:37 PM

Not the same. Workstation allows you to create new virtual systems.
Player only lets you run VM's.
Every Ubuntu appliance:
http://search-www.vmware.com/socialsearch/...ir&q=ubuntu
Can't help with Sandboxie...I don't use Windows.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#9 Space Monkey

Space Monkey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 September 2008 - 05:43 PM

Could I use an evaluation version of Workstation to create the VM and then when the evaluation runs out just use Player from then onwards?
And do you know of a good tutorial to make new VMs of Linux, I haven't done it before.

Seems I can't even evaluate Workstation right now, I'm getting 'Service Temp. Unavailable'

Edited by Space Monkey, 20 September 2008 - 05:45 PM.


#10 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:08:30 PM

Posted 20 September 2008 - 10:56 PM

From what I have read, yes you can continue to use images
created in Workstation after it expires.

Create your own images:
http://www.thoughtpolice.co.uk/vmware/howt...orkstation.html

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#11 Jonny Walker

Jonny Walker

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Utopia
  • Local time:08:30 PM

Posted 21 September 2008 - 03:00 PM

not all malwares work on VM or Sandboxie....
some of them popup an error msg or dont execute at all

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:30 AM

Posted 21 September 2008 - 03:45 PM

I have Sandboxie, you can use it to run files that may be infected simply by going into sanboxie control, finding the file in the sandbox you want to open or execute, then right clicking on it and selecting run sandboxed. So you could installed a bad program running sandboxed and it would install it in the sandbox but not on your actual machine. If you then wanted to see what this program has done you can look through the sandbox to see what new files have been created? or you could run a tool like hijackThis to inspect the changes? although you would have to run hijackThis sandboxed not normally. Beware though some tools don't like being run sandboxed, also a sandbox is not 100% secure and nor is a VM and as another user said some malware will not run in these enviroments. I also have Microsoft Virtual PC 2007 which is good and easy to figure out how to use, i have windows installed on it but im sure you could get a Linux live cd and run that on it although i havn't tried it yet. Be carefull though if you are going to play with malware.

Syler

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users