Is a virtual machine totally safe?

[Gat Pelsinger]

I see all these people running viruses on VMs. But I've never dared to run one. Are VMs total safe to run viruses on? Is there any chance my main PC might get infected?

[Eigenvektor]

Nothing is 100% safe, of course. A virtual machine that is isolated from the network should generally be pretty safe.

 

This assumes the virus isn't sophisticated enough to figure out it is running on a virtual machine and is able to exploit a vulnerability in the VM (or it's guest tools) itself and infect the host that way.

 

I still wouldn't use it to run a virus on purpose, but if I have to run software that is potentially infected, it is much safer to do so inside a VM than on your hardware directly.

[Oshino Shinobu]

Depends really. If you're running using a secure Hypervisor like Hyper-V or VMWare (that's fully up to date) and don't have it connected to the network (or isolated on a completed seperate network), it's generally safe, though you do need to know how to set them up properly in order to keep them isolated.

 

It's generally security researchers that use them for running viruses, so they can research what they do and how to stop them. Not much reason to do it yourself. As you've got to get the virus on there in the first place, there's always a risk.

[ClickARoniSpaghettiToni]

Totally safe? Absolutely not

 

Relatively safe if you know what you're doing? Sure

 

A train wreck pre-collision if you don't know what you're doing? Yup

 

If you want to be safe, physical layer separation is always the winning solution. Disabling all networking physically (remove WiFi chip, unplug hardwire) is relatively simple and easy to do.

[Gat Pelsinger]

@Eigenvektor @Oshino Shinobu @ClickARoniSpaghettiToni

 

But is it ok to run those viruses which are actually made for scientific purposes? Those are not designed to even break the VM barrier, right? Are those safe? Because I really want the thrill to run very dangerous viruses which absolutely annihilate Windows. 

[Eigenvektor]

10 minutes ago, Hensen Juang said:

But is it ok to run those viruses which are actually made for scientific purposes? Those are not designed to even break the VM barrier, right? Are those safe? Because I really want the thrill to run very dangerous viruses which absolutely annihilate Windows. 

Sounds like unnecessary risk to me. How do you plan to get the virus into the VM, without accidentally infecting yourself while doing so? Do you know for certain the virus isn't designed to break out of a virtual environment? Also make sure it's not a boot sector virus or anything else designed to infect firmware.

 

At the very least, I'd use a Linux based host, if you're certain the virus you're dealing with is only designed for Windows. Then make sure to remove the network from the virtual machine before running anything on it. Take a snapshot before infection and roll back to the snapshot afterwards.

 

If you want extra security, physically remove the host from the network. Wipe the entire machine from a read-only bootable USB stick when you're done. Even then there's no 100% security unless you know exactly what type of virus you're dealing with and what its capabilities are.