Vista - Isolation of Virtual PC

If I use a virtual PC, with no virtual NIC, to access files I know to
contain viruses, are there any riska at all that that virus could move from
the virtual PC to the physical one?

I am assuming not but want to check before I do it.

Thanks

To be safe, you have to make sure no folders are shared either,or
better yet, don't install the VPC additions, but otherwise there's no
way I know of that something could break out of a VM if there was no
networking setup.

--
Bob Comer


might want to make On Mon, 9 Feb 2009 15:07:26 -0000, "K"
<no@xxxxxx> wrote:

On Mon, 09 Feb 2009 10:19:49 -0500, Robert Comer
<bobcomer-removeme-@xxxxxx> wrote:
How could a malicious file enter the VM without any networking or
shared folders or drag-n-drop?
Via the floppy drive perhaps?
Sounds a bit academic....

--

Bo Berglund (Sweden)

In message <73p0p4l2vkgd18d029dfmkemi81raf70f4@xxxxxx> Bo Berglund
<boberglund@xxxxxx> was claimed to have wrote:
Mount an ISO?

Load the infected files first, remove the NIC, then play with them?
Write them directly into the VHD before starting the OS?

Plenty of choices.

On Feb 9, 12:15*pm, Bo Berglund <bobergl...@xxxxxx> wrote:Find a vulnerability in how the additions interact with the host?

In message <n8i0p4hiqu9fegqgtnng1cclm0op3t2s1d@xxxxxx> Robert Comer
<bobcomer-removeme-@xxxxxx> was claimed to have wrote:
Actually, thinking about this a bit more, a bug any of the emulated
hardware devices could potentially expose an exploitable buffer overrun.

It hasn't happened yet, but there is no reason that it can't happen.

>Actually, thinking about this a bit more, a bug any of the emulatedYou'd have to get through two layers to do it, the driver level (not
many driver level exploits) in the VM, and then through the VPC app
itself on the host. It's not all that likely, but I suppose it's
possible. I don't know how VPC is coded, but it's possible also it's
programmed in a way that wouldn't allow a buffer overrun.

So in other words, your guess is as good as mine. <g>

--
Bob Comer


On Mon, 09 Feb 2009 22:28:51 -0800, Dave Warren
<dave-usenet@xxxxxx> wrote:

Thanks everyone.

It's a little but more ambiguous than I thought it might be it would seem.

Maybe I would be better resorting to completely seperate hardware when
working on known infected files. That sounds like the only sure way of
avoiding "potential" crossover.

"K" <no@xxxxxx> wrote in message
news:eYi6hhsiJHA.1388@xxxxxx

On Feb 10, 9:55*am, "K" <n...@xxxxxx> wrote:Alot of the malware analysis guys use Qemu with a custom Linux guest
with Wine to upload malware to study. So that would likely be the
safest VM to use.

In message <29o2p4hf9utjssj59rmhntgkdb8g643bha@xxxxxx> Robert Comer
<bobcomer-removeme-@xxxxxx> was claimed to have wrote:
Assuming the guest is fully p0wned, the driver level wouldn't matter and
could be bypassed entirely by a willing exploit.

I haven't seen any suggestion that VirtualPC runs in multiple privilege
elevation levels, so my educated guess is that an exploitable buffer
overrun would likely get you the malware the full privileges of the
VirtualPC application.

It promises to be a brave new exploit vector one day, especially as VMs
take off in popularity as security boundaries.