Found a Suspicious File? Test It In A Virtual Machine!

Matthew Hughes 21-05-2015

It’s a dilemma we’ve all faced at some point. Your boss has emailed you a file.


On one hand, you know you have to look at it. But on the other hand, you know what your boss is like. Their browser is covered by 25 different toolbars 4 Annoying Browser Toolbars and How to Get Rid of Them Browser toolbars just don't seem to go away. Let's look at some common nuisances and detail how to remove them. Read More , and your boss has no idea how they got there. On a near-weekly basis, their computer has to be quarantined, disinfected and hosed down by the IT department.

Can you really trust that file? Probably not. You could open it on your computer, and risk getting a nasty infection. Or, you could just run it in a virtual machine.

What Is A Virtual Machine?

If you want to think of a computer as a collection of physical hardware components, a virtual machine What Is a Virtual Machine? Everything You Need to Know Virtual machines allow you to run other operating systems on your current computer. Here's what you should know about them. Read More is a collection of simulated components. Rather than have a physical hard drive, physical RAM and a physical CPU, each of these are simulated on already existing computer hardware.


Since the components of a computer are simulated, it then becomes possible to install a computer operating system on that simulated hardware, such as Windows, Linux, or FreeBSD Linux vs. BSD: Which Should You Use? Both are based on Unix, but that's where the similarities end. Here's everything you need to know about the differences between Linux and BSD. Read More .


People use virtual machines for a broad variety of things, such as running servers (including web servers), playing older games How to Run Old Games & Software in Windows 8 One of Microsoft's big strengths -- and weaknesses -- is their focus on backwards compatibility. Most Windows applications will work just fine on Windows 8. This is especially true if they worked on Windows 7,... Read More that struggle to run properly on modern operating systems, and for web development.


But crucially, it’s important to remember that what happens on that virtual machine doesn’t then cascade downwards to the host computer. You could, for instance, intentionally install the CryptoLocker virus CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More on a virtual machine, and the host machine would be unaffected. This is especially handy when you’ve been sent a suspect file, and you need to determine whether it’s safe to open.

Getting A VM

There are no shortage of VM platforms available. Some of these are proprietary, paid products, such as Parallels for Mac. But there are also a number of free, open-source packages, that do the job just as well. One of the most prominent is Oracle’s VirtualBox How to Use VirtualBox: User's Guide With VirtualBox you can easily install and test multiple operating systems. We'll show you how to set up Windows 10 and Ubuntu Linux as a virtual machine. Read More , which is available for Windows, Linux and Mac.



Once you’ve chosen your VM software, you then need to choose the operating system that’ll run on your machine. Getting a copy of Linux is merely a matter of downloading an ISO, but what about Windows?

Windows isn’t usually free, even for people just looking to build a VM testbed. But there is a workaround, with

Free VMs? allows anyone to download a time-limited version of Microsoft XP to Windows 10, for free, without registration. By giving away free, albeit crippled, versions of Windows, Microsoft hopes they’ll recapture the interest of web developers, many of whom have jumped ship to Mac and Linux.


But you don’t have to be a web developer to download a VM from This allows you to test suspect software, but without the risk of irreparably damaging your Windows installation.


Just select the platform you wish to test, and the the virtualization software you’re using, and you’ll download a (sizable) ZIP file containing a Virtual Machine. Open it with your chosen virtualization platform, and you’re set.

Learn Something New

One of the key advantages of having a safe, consequence-free box to play with is that it allows you to take risks you otherwise wouldn’t take. For many, this presents an opportunity to learn skills that lend themselves favorably to a career in the booming field of ethical hacking Can You Make A Living Out Of Ethical Hacking? Being labeled a “hacker” usually comes with plenty of negative connotations. If you call yourself a hacker, people will often perceive you as someone who causes mischief just for giggles. But there is a difference... Read More .


You could, for instance, test out a variety of network security tools How To Test Your Home Network Security With Free Hacking Tools No system can be entirely "hack proof" but browser security tests and network safeguards can make your set-up more robust. Use these free tools to identify "weak spots" in your home network. Read More , without breaking any computer crime laws The Computer Misuse Act: The Law That Criminalizes Hacking In The UK In the UK the Computer Misuse Act 1990 deals with hacking crimes. Twhis controversial legislation was recently updated to give the UK's intelligence organization GCHQ the legal right to hack into any computer. Even yours. Read More . Or, for that matter, you could learn about malware analysis, do research and share your findings, and get a job in this booming field.

Security blogger and analyst Javvad Malik believes this way of learning is vastly more effective than obtaining certifications and qualifications:

“IT Security is much an art form as it is scientific discipline. We see many great security professionals come into the industry through unconventional routes. I often get asked by people wanting to break into the industry what certification they need or what course they should pursue and my answer is that there’s no real ‘right’ way of getting into security. It’s not like law or accounting – you can go out there and practice your craft – share your findings and become a contributor to the information security community. That will likely open far more doors career-wise than a formal channel.”

But Are Virtual Machines Really Secure?

Virtual machines are safe on the basis that they isolate the simulated computer from the physical one. This is something that is, for the most part, absolutely true. Although there have been some exceptions.

Exceptions like the recently patched Venom bug, which affected the XEN, QEMU, and KVM virtualization platforms, and allowed an attacker to break out of a protected operating system, and gain control of the underlying platform.

The risk of this bug – known as a ‘hypervisor privilege escalation’ bug – cannot be understated. For instance, if an attacker registered for a VPS on a vulnerable provider and used a Venom exploit, it would allow them to access all other virtual machines on the system, allowing them to steal encryption keys, passwords and bitcoin wallets.

Symentec – a highly respected security firm – has also raised concerns about the state of virtualization security, noting in their “Threats to Virtual Environments” white paper that malware manufacturers are taking into account virtualization technology, in order to evade detection and further analysis.

“Newer malware frequently use detection techniques to determine if the threat is run in a virtualized environment. We have discovered that around 18 percent of all the malware samples detect VMware and will stop executing on it.”

Those who use VMs for practical, real-world stuff should also note that their systems are not invulnerable to the plethora security risks physical computers face.

“The converse argument shows that four out of five malware samples will run on virtual machines, meaning that these systems need regular protection from malware as well.”

Security risks to VMs are easily mitigated, however. Users of virtualized operating systems are encouraged to harden their OS, install advanced malware detection software and intrusion detection software, and to ensure their system is locked down and receives regular updates.

Put In Context

It’s worth adding that it’s exceptionally rare for a piece of malware to escape a VM. When an exploit is found for a piece of virtualization software, it’s quickly remedied. In short, it’s far safer to test suspicious software and files in a VM than anywhere else.

Do you have any strategies for dealing with suspect files? Have you found a novel, security-related use for VMs? I want to hear about them. Drop me a comment below, and we’ll chat.

Related topics: Anti-Malware, VirtualBox, Virtualization.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. k vanderpal
    February 7, 2017 at 7:08 pm

    This is absolute bullshit. it is possible for a virus to leave a virtual machine through COM. some viruses don't just ruin files (in which case the vmware would be a safe idea) but if the virus is designed to attack physical parts then a virtual machine wont do shit

  2. vinodmg
    April 25, 2016 at 5:36 am

    Please help me,

    Where can i find suspicious and virus files for testing??????

  3. A41202813GMAIL
    May 22, 2015 at 11:01 pm

    ...Or, If The File Is Not Greater Than 128MB, You Can Have The Site VIRUSTOTAL.COM, From GOOGLE, Test It For You, Against 50 Of The Most Used AntiVirus Machines In The Market, And In A Couple Of Minutes, Too.


    • Matthew Hughes
      May 27, 2015 at 10:29 am

      Interesting! Thanks so much!

    • A41202813GMAIL ..
      May 29, 2015 at 7:18 am

      My Pleasure. If You Use The Search Box In The Upper Right Corner, You Will Find Out That VIRUSTOTAL Was Already Covered By Some Past Articles Here. Thank You For Responding.

    • A41202813GMAIL ..
      May 29, 2015 at 7:19 am

      My Pleasure. --- If You Use The Search Box In The Upper Right Corner, You Will Find Out That VIRUSTOTAL Was Already Covered By Some Past Articles Here. --- Thank You For Responding. ---

  4. Tony
    May 22, 2015 at 2:14 am

    Some thoughts from one who does not have need for this.

    It would seem that, if you do much of this, it makes sense to get an inexpensive, used laptop or desktop devoted to testing. Make an initial image on an external drive and keep it. When you feel that the machine has been attacked, reformat and reload the image. Isolate it from your network if that's an option.

    • Matthew Hughes
      May 27, 2015 at 10:29 am

      Yeah, but why have a hardware solution when you can have a software solution? ;)