Main Area and Open Discussion > General Software Discussion

When testing untrustworthy software, remember virtual machines can be escaped

(1/3) > >>

mouser:
For those of us who occasionally test "untrustworthy" software from sources we can't be sure of, using a virtual machine is generally considered "safe".  Whatever happens in a virtual machine stays in a virtual machine -- or so we hope.

This is just a reminder that malware authors are actively trying to find ways to break out of virtual machines and infect the host pc, and to be careful.

Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.

--- End quote ---


https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-ex

cranioscopical:
So one should be cagey?

Deozaan:
That's why I always test untrustworthy software on Amazon instances. Let them deal with the malware. :D :P

(I don't actually do that.)

wraith808:
(I don't actually do that.)
-Deozaan (March 20, 2017, 01:09 PM)
--- End quote ---

(That you'll admit :))

panzer:
I used to test software on CIA's computers but one day they said that I have managed to infect their entire grid with malware they created and that I have to test software at NSA from now on.

Navigation

[0] Message Index

[#] Next page