Protection From Malware (Windows Users)

[Love]

I thought I would share a cool method that I use to protect myself from all instances of Windows malware. I have been using Microsoft Windows for over 18 years, and I very much doubt that I will ever upgrade from Windows 7 (not interested in touch screen technology AT ALL). Inside Windows, I use the virtualisation software "Oracle VirtualBox". Inside the virtual hard disk drive, I have installed Linux Mint (an outstanding distribution of Linux in my view), into which I have installed WINE, so that I can launch Windows applications from within the virtual instance of Linux Mint. It is extremely unlikely that a piece of Windows Malware will be able to perform operations outside of WINE, let alone getting beyond the virtual Linux Mint installation; the Windows 7 host will be 100% protected. If anybody uses software that is very likely to contain malware (such as serial generators et cetera), I strongly suggest this method.

[Angrboda]

Generally running windows in a vm for vulnerable apps, only running trusted software, and keeping AV and programs patched is sufficient. You're overdoing things a tad, I think.


(Oh, and smart computing is more important than any gimmicks. Know what best practices are for safe computing and follow them. 90% of security failures are a result of human error. Any system badly configured, badly managed, and inadequately protected will be easy pickings.)

[Love]

Generally running windows in a vm for vulnerable apps, only running trusted software, and keeping AV and programs patched is sufficient. You're overdoing things a tad, I think.

I can see why you think that, and I partially agree. I used to believe that installing all available Windows updates, and installing standard security applications, such as AVG Internet Security Business Edition (which includes a decent firewall), offered extremely comprehensive protection. I also used to be a fan of Sandboxie, but even with all of this, infections were still creeping through. Are you aware of VirusTotal and Metascan Online? As a test, I uploaded a serial generator (which was not detected by my local installation of AVG) to these scanners, and the results were surprising. It was scanned by 40 virus scanners (AVG, Symantec blah blah) and it escaped virus detection on 50% of the scanners, obviously including AVG, hence my new found obsession with extreme security measures.

(Oh, and smart computing is more important than any gimmicks. Know what best practices are for safe computing and follow them. 90% of security failures are a result of human error. Any system badly configured, badly managed, and inadequately protected will be easy pickings.)

I agree that smart computing is very important. However, I have found that this is definitely the safest method to confidently execute unsafe Windows applications.

[Tonus]

I've used a Linux VM for web browsing in the past. But knowledge is the best defense, IMO. I usually only run MSE for system security. Then again, I manage a Windows network with ~120 users, so they provide a fertile testing ground for learning how to best avoid a malware infection, as well as what steps to take when a machine becomes infected.

[Love]

I've used a Linux VM for web browsing in the past. But knowledge is the best defense, IMO. I usually only run MSE for system security. Then again, I manage a Windows network with ~120 users, so they provide a fertile testing ground for learning how to best avoid a malware infection, as well as what steps to take when a machine becomes infected.

What method would you use to safely "test" a piece of Windows malware without infecting the host machine? Also, at the organisation/company where you work, I would be interested to know the security measures that you undertake in terms of protection from malware. For example, it would be interesting to ascertain if enterprise antivirus applications are more comprehensive than the inadequate solutions available to the home user. The malware developers are becoming much smarter at avoiding detection with standard antivirus applications. However, to the best of my knowledge, they have not figured out how to break out of a virtual machine of a different operating system (i.e a Linux VM on a Windows host).

[fr0d0]

[Love]

[JesusHChrist]

However, to the best of my knowledge, they have not figured out how to break out of a virtual machine of a different operating system (i.e a Linux VM on a Windows host).

Have they figured out how to break out of a windows VM on a windows host?

[Love]

However, to the best of my knowledge, they have not figured out how to break out of a virtual machine of a different operating system (i.e a Linux VM on a Windows host).

Have they figured out how to break out of a windows VM on a windows host?

I think so, especially if the VM is sharing a drive or network connection with the host. I tested a piece of well known malware on a Windows 7 VM in a Windows 7 host, and it was also inside a sandboxed instance of WinRAR (in the VM). AVG, however, detected it on the host. The same piece of malware inside WINE on a Linux VM was not detected by AVG on the host, however. I very much doubt that malware developers will ever figure out how to break outside of a VM of a completely different operating system to the host. You could also try Solaris, Mac OS, OS/2 or BSD in the VM; I am sure there are plenty of open source applications that will allow you to execute Windows programs in these operating systems.

[JesusHChrist]

But AVG detecting a virus inside a VM disk file is not the same as the host being forced to execute that code. How would the host run the infected code and become infected itself? Seems like there would need to be a flaw in the VM software itself. I also use virtualbox BTW.

I'll have to look into this as I thought windows within windows was a safe architecture.