VM question regarding viruses

[pagani123]

If i download a file that could contain a virus on a vm and use it, can the virus appear on my regualr desktop?

Thanks

[tt2468]

1 minute ago, Maybach123 said:

If i download a file that could contain a virus on a vm and use it, can the virus appear on my regualr desktop?

Thanks

As long as it's on a different network, you should be safe.

[pagani123]

1 minute ago, wrathoftheturkey said:

In theory, yes. Since everything from both your VM and primary OS goes through your CPU and RAM at some point, there's always room for error. That said, the proportion of viruses that can actually escape the virtual environment is minuscule, it'd have to be a pretty kick-ass virus. 

alright i want to use 3d ripper dx to get a model off of a game and into gta v. but i am a little nervous using it as it seems like a sketchy program. I may try it this way.

[cynexit]

3 minutes ago, Maybach123 said:

If i download a file that could contain a virus on a vm and use it, can the virus appear on my regualr desktop?

There are just three ways this could happen:

1) The malware contains a vm escape by e.g. using a bug in the hypervisor. This is super rare and worth a fortune so chances are very low someone would use this in the wild, ergo nothing to worry about.

2) You directly share the folder the malware is located on with the host machine e.g. a NAS/samba share. If you didn't configure such a thing your fine here too.

3) The malware operates via the network and the host and guest are in the same network. This would also imply that the host has a vulnerable service which is, again, very unlikely.

 

To conclude: Possible yes, but very very unlikely if you didn't misconfigure your VM.

[Guest]

7 minutes ago, wrathoftheturkey said:

I'd say get an old computer, install some Linux Distro, disconnect from the internet and go for it. After getting a crapload of trojans trying to pirate Fallout 4, I'm a little on the safety-first side of things. But that's just me

But can Linux run exe sketchy programs for GTA V like @Maybach123 wants? Vine or Wine (forgot what is called) does not work on all. 

[tlink]

6 minutes ago, wrathoftheturkey said:

I'd say get an old computer, install some Linux Distro, disconnect from the internet and go for it. After getting a crapload of trojans trying to pirate Fallout 4, I'm a little on the safety-first side of things. But that's just me

thats about as secure as a good configured VM i would say. a virus can hide itself in the firmware of your motherboard and harddrives and stuff like that making the virus impossible to remove, copying itself to any usb device attached and viola you infected your main system. i would say this is about the same complexity as escaping a VM.

[pagani123]

1 minute ago, wrathoftheturkey said:

1) Clearing the drive will naturally remove any viruses installed to it

2) A virus that can hide itself in the firmware of a motherboard is probably equally unlikely as a hypervisor jumping virus, but since it's presumably an old computer you don't intend on using for anything else it's insignificant, and 

3) Again, this is presumably a burner computer, you won't be touching your main system with it (except maybe to upload a file to google drive, the chances of masking a file like this as legitimate instead of just corrupting it are infinitesimally small so Google Drive should be fine)

 

That is, if you really want to throw up your tinfoil hats. An air-gapped computer beats VM any time

yeah im not sure if a gta v .ytf (3d model) file can even hide a virus as it is not a normal extension. 

[tlink]

6 minutes ago, wrathoftheturkey said:

1) Clearing the drive will naturally remove any viruses installed to it

2) A virus that can hide itself in the firmware of a motherboard is probably equally unlikely as a hypervisor jumping virus, but since it's presumably an old computer you don't intend on using for anything else it's insignificant, and 

3) Again, this is presumably a burner computer, you won't be touching your main system with it (except maybe to upload a file to google drive, the chances of masking a file like this as legitimate instead of just corrupting it are infinitesimally small so Google Drive should be fine)

 

That is, if you really want to throw up your tinfoil hats. An air-gapped computer beats VM any time

but that was exactly my point, that it is very unlikely. rigging up an old computer with an internet filetransfer while trying to airgap it from other devices on the network is an hassle. clearing the drive DOES NOT REMOVE EVERY VIRUS. there are viruses that hide in firmware, this has been proven beyond any doubt. and has been known for 2 years now. https://blog.kaspersky.com/equation-hdd-malware/7623/. since its an old computer that you try to keep of the internet most people would be using usb's to transfer files, and you would need an usb  anyways to install a new OS unless you want to burn your entire OS to disk. you get my point no? my point was that the risk of an old pc is the same as a well configured VM. the hassle is about the same since configuring an VM is not that much harder or dangerous than installing linux and airgapping( until different use case) a system.

[tlink]

1 minute ago, wrathoftheturkey said:

Literally just said Google Drive

 

But you'd take it out before installing the sketch file

 

My point is that it's not.

google drive is exactly my point. you require internet for google drive. which is an hassle. 

 

yes but unless you would ever want to use that system again you would need to reflash every firmware. any device you plug in from that point is running risk of infection if the virus hides in firmware, even if the drives are completely empty. even if the platters are physically replaced. maybe even if the platters have been removed completely. it might even hide in the bios. you would need to completely rely on cd's from that point on. or throw away every usb you use on that machine.

 

but you don't understand my argument for what i can see atleast.

[tlink]

11 minutes ago, Maybach123 said:

yeah im not sure if a gta v .ytf (3d model) file can even hide a virus as it is not a normal extension. 

it very likely can, the point is never if its possible, but if the risk is high enough to consider it. and just because it can, doesn't mean that it has been done.

[pagani123]

@wrathoftheturkey it gives my 4/60 positive on virus total (not sure if that makes any difference) 

[tlink]

1 minute ago, wrathoftheturkey said:

Reset CMOS and get a new drive at that point and you're golden.

no actually you're not. you need to reflash the firmware for that. but what exactly executes this reflash? the firmware itself. you get my point do you not? every piece of software can be infected, and you should treat is as such. every piece of firmware in your pc can be infected and can be malicious. infecting firmware might even be easier than bypassing a hyper visor. my point was that it is about the same in terms of security. both have their plusses and minusses, but if configured correctly they are about the same. a VM is more prone to human error, while completely removing every rom or whatever data storage there is on a pc is expensive and time consuming, although i could also consider this very prone to human error since every step needs to be done carefully.

[tlink]

4 minutes ago, wrathoftheturkey said:

Actually the CMOS runs on a little battery, it's volatile. All you have to do to reset it is short it out or take out a battery for a bit.

yes but cmos is NOT the firmware. otherwise you would brick your system every time you reset your CMOS. an example of how the bios is writable: my asus z170 pro gaming motherboard uses a uefi bios with a writable firmware. i can take out the battery all i want, my settings will reset but my recently changed settings will remain the same. the firmware of a motherboard is not stored on a volatile memory chip. the settings itself are. i can make a video of this process to prove it to you if you like?

[tlink]

Just now, wrathoftheturkey said:

Okay, so there's something everyone needs to understand about viruses. There is always risk, but there's no qualitative "this is risky enough to justify this much security." Kind of like getting hit by lightning, you don't climb any tall trees during a storm but otherwise you don't worry about getting hit by it otherwise, even though it technically COULD happen on any cloudy day. The chances of anyone designing a strong virus for such a format are low because it's such a niche format it wouldn't be profitable, it's not widespreadly downloaded enough. I was getting into the theory, but practically either of these methods is  probably sufficient unless you keep a tinfoil hat collection in your closet

this was always my point. my point was that a well configured VM is just as safe as a testing PC. 

[samiscool51]

some viruses can detect if it's in a virtual machine and not release it's payload unless it's run on a real computer

as for if you can get infected, some more advanced viruses can infect the virtual host but it's rare to see one in the wild,

the way most visualization programs work is my setting some amount of RAM to it's self and the visualized OS, meaning it's separate from the main OS

[tlink]

1 minute ago, wrathoftheturkey said:

How about we stick with positive statements and not get into the normative?

 

Both a well-configured (vague definition but basically don't be an idiot with it) and air gapped PC are probably safe enough

sorry but in my culture its kinda vague to end an argument like that. do you think im right or not? did i get my point across? the social cue's on that probably flew over my head.

[tlink]

4 minutes ago, wrathoftheturkey said:

I'm saying that this argument is going nowhere. I don't necessarily cede to your argument, but I don't suppose we can settle this without vigorous testing of the virus-space, and if we could do that we wouldn't have viruses to begin with

 

And 

It's best to stick to the facts. If you and someone else both have well-defended positions on a topic, you find some common ground and call it a day. 

but i don't find your position well defended. i undermined every argument you made. either way its a middle ground fallacy,

 

but if you don't want to further discuss it than that is also okay.