Regarding malware and VM.
Some malware are able to know if they are installed in a VM or not.
If the malware is installed in a VM, it won't do anything.
If the malware is not installed in a VM, but in a real system, it will do its evil job.
I don't know any real examples, but I can give you a theoretical example.
The user downloads a malicious but very beautiful screensaver (which is able to recognize VM).
In a VM the screensaver will act as a normal screensaver and the user will think the screensaver is safe.
The user installs the screensaver in his real system. Once the screensaver starts running, it will destroy or harm his computer behind his back, while he is looking at his new beautiful screensaver.
Of course not all malware recognize VMs, but some of them are smarter and can fool you.
It's not the malware that is smarter, it's the malware-writer behind the malware, who is smarter.
So keep this in mind, if you are ever working with VMs. I never used VMs myself, because I have already a tool for testing 4 different OS and each existing software, in stead of VMs, I can use upto 10 bootabel snapshots, which can be archived also. I can create several hundreds of computers this way, if I would have enough disk-space.Regarding sandbox.
As you can see in my signature, I also use sandboxing (Sandboxie) in my system.
Internet Explorer (IE) and Firefox (FF) are both sandboxed in my system, because IE and FF are dangerous software, they place my system in the most dangerous area of the world : the internet, which is responsible for all malware-troubles.
Each good and evil object that is downloaded from the internet without my knowledge, due to my actions on the internet (mouse-clicking, downloading, ...), is stored in a sandbox. Once in the sandbox these good and/or evil objects, can't hurt the rest of my system, they are ISOLATED and will be killed when I empty this sandbox.
This is my first layer of security, I have 3 other layers in total to kill malware, if they escape from the sandbox.
I also use Sandboxie to seal of my data-partition, while I'm on the internet. This way nothing or nobody (including me) can infect, steal or destroy my precious data-files.
The funny thing about malware is that they betray themselves by "changing" your system, once you understand that, you can use that "changing" against them in order to kill them.
Unfortunately all security software suck and have serious shortcomings, so you have to combine them and that helps a little, but still not good enough.
So I'm waiting for sensational improvements in the security-industry, but it doesn't happen, in stead of that I get leaking firewalls and scanners with too many failures, etc. and alot of stupid excuses, why they aren't perfect. Pffft.
Edited by ErikAlbert, 13 October 2010 - 09:24 PM.