Run Virtual Machine of Windows 7 while running Windows 7 OS toprevent rootkits?

  • Thread starter Thread starter RayLopez99
  • Start date Start date
R

RayLopez99

I've read below that certain rootkits will not infect a PC if that
instance is a virtual machine--they rootkit will not load on it.

Has anybody tried surfing the net while running a Virtual Machine of
Windows 7 while the OS is Windows 7? I have used VMware's free
offering but only the XP version of a VM running under Windows 7.


RL

http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf

Detecting virtual machine environment
The rootkit dropper checks whether the rootkit is being executed in
the context of a virtual
machine. It does so by reading the local descriptor table register
(LDTR) that is used to calculate the
linear address from the segment_selector:offset pair. Microsoft
Windows operating systems don’t use a
Local Descriptor Table (LDT), so the LDTR contains zero, but many
virtual machine programs use it,
nonetheless. In this way, the rootkit can easily check whether it is
running inside virtual machine. The
following figure shows how TDL3 uses this technique to ensure that it
isn’t executed inside a virtual
machine
 
RayLopez99 said:
I've read below that certain rootkits will not infect a PC if that
instance is a virtual machine--they rootkit will not load on it.

Has anybody tried surfing the net while running a Virtual Machine of
Windows 7 while the OS is Windows 7? I have used VMware's free
offering but only the XP version of a VM running under Windows 7.


RL

http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf

Detecting virtual machine environment
The rootkit dropper checks whether the rootkit is being executed in
the context of a virtual
machine. It does so by reading the local descriptor table register
(LDTR) that is used to calculate the
linear address from the segment_selector:offset pair. Microsoft
Windows operating systems don’t use a
Local Descriptor Table (LDT), so the LDTR contains zero, but many
virtual machine programs use it,
nonetheless. In this way, the rootkit can easily check whether it is
running inside virtual machine. The
following figure shows how TDL3 uses this technique to ensure that it
isn’t executed inside a virtual
machine
Click to expand...

Sure, use a VM if you want.

But nothing in a computer, comes with guarantees. I would say you're
about 1% safer, just so you won't feel heroic or anything. It doesn't
mean you can avoid renewing your AV subscription for the host OS.

Security is "Belt and Suspenders". If there are multiple forms of
protection, that don't conflict with one another, then use them.

Paul
 
RayLopez99 said:
I've read below that certain rootkits will not infect a PC if
that instance is a virtual machine--they rootkit will not load
on it.
Click to expand...

Keep a backup copy of Windows and programs, using Macrium Reflect.
I have a well advanced installation that has been going strong for
many months. When you get ready to restore your last known good
copy, immediately make a "delme" copy of your current
installation, and also export any data that is not kept in a nice
neat little file (for example, Firefox bookmarks).

In my last installation, the installation ended up with 16
rootkits/discrepancies. This last installation still has a grand
total of three.

For more information, Rope, refer to prior posts in this group.
 
Keep a backup copy of Windows and programs, using Macrium Reflect.
I have a well advanced installation that has been going strong for
many months. When you get ready to restore your last known good
copy, immediately make a "delme" copy of your current
installation, and also export any data that is not kept in a nice
neat little file (for example, Firefox bookmarks).

In my last installation, the installation ended up with 16
rootkits/discrepancies. This last installation still has a grand
total of three.

For more information, Rope, refer to prior posts in this group.
Click to expand...

You have at least three rootkits? I don't have any, and only caught
one when I foolishly ran an executable file on a friend's USB stick
out of curiosity.

Don't you use an anti-virus program, and if so which one? Also a
hardware and software firewall.

RL
 
But nothing in a computer, comes with guarantees. I would say you're
about 1% safer, just so you won't feel heroic or anything.
Click to expand...

Really? Just1% safer? That's of course a subjective answer, but I
appreciate your opinion, and it's apparently a low one of the
protective power of VMs. I use a VM for Visual Studio 2008
programming on a virtual Windows XP OS, since I don't like using VS08
on my Windows 7 machine which has VS10 on it, even though in theory
they are not supposed to conflict. But I've never run a VM of the
same OS as the real OS--hence my original question, whether it is
worthwhile to do so. I understand you think not.

RL
 
Back
Top