Found a Suspicious File? Test It In A Virtual Machine!
It’s a dilemma we’ve all faced at some point. Your boss has emailed you a file.
On one hand, you know you have to look at it. But on the other hand, you know what your boss is like. Their browser is covered by 25 different toolbars , and your boss has no idea how they got there. On a near-weekly basis, their computer has to be quarantined, disinfected and hosed down by the IT department.
Can you really trust that file? Probably not. You could open it on your computer, and risk getting a nasty infection. Or, you could just run it in a virtual machine.
What Is A Virtual Machine?
If you want to think of a computer as a collection of physical hardware components, a virtual machine is a collection of simulated components. Rather than have a physical hard drive, physical RAM and a physical CPU, each of these are simulated on already existing computer hardware.
Since the components of a computer are simulated, it then becomes possible to install a computer operating system on that simulated hardware, such as Windows, Linux, or FreeBSD .
People use virtual machines for a broad variety of things, such as running servers (including web servers), playing older games that struggle to run properly on modern operating systems, and for web development.
But crucially, it’s important to remember that what happens on that virtual machine doesn’t then cascade downwards to the host computer. You could, for instance, intentionally install the CryptoLocker virus on a virtual machine, and the host machine would be unaffected. This is especially handy when you’ve been sent a suspect file, and you need to determine whether it’s safe to open.
Getting A VM
There are no shortage of VM platforms available. Some of these are proprietary, paid products, such as Parallels for Mac. But there are also a number of free, open-source packages, that do the job just as well. One of the most prominent is Oracle’s VirtualBox , which is available for Windows, Linux and Mac.
Once you’ve chosen your VM software, you then need to choose the operating system that’ll run on your machine. Getting a copy of Linux is merely a matter of downloading an ISO, but what about Windows?
Windows isn’t usually free, even for people just looking to build a VM testbed. But there is a workaround, with modern.ie.
Modern.ie allows anyone to download a time-limited version of Microsoft XP to Windows 10, for free, without registration. By giving away free, albeit crippled, versions of Windows, Microsoft hopes they’ll recapture the interest of web developers, many of whom have jumped ship to Mac and Linux.
But you don’t have to be a web developer to download a VM from modern.ie. This allows you to test suspect software, but without the risk of irreparably damaging your Windows installation.
Just select the platform you wish to test, and the the virtualization software you’re using, and you’ll download a (sizable) ZIP file containing a Virtual Machine. Open it with your chosen virtualization platform, and you’re set.
Learn Something New
One of the key advantages of having a safe, consequence-free box to play with is that it allows you to take risks you otherwise wouldn’t take. For many, this presents an opportunity to learn skills that lend themselves favorably to a career in the booming field of ethical hacking .
You could, for instance, test out a variety of network security tools , without breaking any computer crime laws . Or, for that matter, you could learn about malware analysis, do research and share your findings, and get a job in this booming field.
Security blogger and analyst Javvad Malik believes this way of learning is vastly more effective than obtaining certifications and qualifications:
“IT Security is much an art form as it is scientific discipline. We see many great security professionals come into the industry through unconventional routes. I often get asked by people wanting to break into the industry what certification they need or what course they should pursue and my answer is that there’s no real ‘right’ way of getting into security. It’s not like law or accounting – you can go out there and practice your craft – share your findings and become a contributor to the information security community. That will likely open far more doors career-wise than a formal channel.”
But Are Virtual Machines Really Secure?
Virtual machines are safe on the basis that they isolate the simulated computer from the physical one. This is something that is, for the most part, absolutely true. Although there have been some exceptions.
Exceptions like the recently patched Venom bug, which affected the XEN, QEMU, and KVM virtualization platforms, and allowed an attacker to break out of a protected operating system, and gain control of the underlying platform.
The risk of this bug – known as a ‘hypervisor privilege escalation’ bug – cannot be understated. For instance, if an attacker registered for a VPS on a vulnerable provider and used a Venom exploit, it would allow them to access all other virtual machines on the system, allowing them to steal encryption keys, passwords and bitcoin wallets.
Symentec – a highly respected security firm – has also raised concerns about the state of virtualization security, noting in their “Threats to Virtual Environments” white paper that malware manufacturers are taking into account virtualization technology, in order to evade detection and further analysis.
“Newer malware frequently use detection techniques to determine if the threat is run in a virtualized environment. We have discovered that around 18 percent of all the malware samples detect VMware and will stop executing on it.”
Those who use VMs for practical, real-world stuff should also note that their systems are not invulnerable to the plethora security risks physical computers face.
“The converse argument shows that four out of five malware samples will run on virtual machines, meaning that these systems need regular protection from malware as well.”
Security risks to VMs are easily mitigated, however. Users of virtualized operating systems are encouraged to harden their OS, install advanced malware detection software and intrusion detection software, and to ensure their system is locked down and receives regular updates.
Put In Context
It’s worth adding that it’s exceptionally rare for a piece of malware to escape a VM. When an exploit is found for a piece of virtualization software, it’s quickly remedied. In short, it’s far safer to test suspicious software and files in a VM than anywhere else.
Do you have any strategies for dealing with suspect files? Have you found a novel, security-related use for VMs? I want to hear about them. Drop me a comment below, and we’ll chat.