0

This question may sound naive to a security expert, but I guess that's why I'm here. x-)

Would creating a virtual machine be any protection against potential trojans that monitor my system? My thoughts were that if I'd have a clean system in the virtual machine, I could keep sensitive information there and also restrict outgoing data traffic to an absolute minimum. A trojan would not be triggered by me opening a bitcoin wallet etc., because it doesn't "know" I have installed such a software on my computer?

richey
  • 103
  • 3
  • 4
    If anything, the opposite scenario would be more appropriate. Keep the host locked down and save sensitive things there, use the VM for everything else and (hopefully) any malware will be contained within the VM. – multithr3at3d Mar 07 '17 at 18:27

1 Answers1

2

This is not a good solution. Your question assumes a compromised host and a clean guest. So, the malware will have control over the host. Virtual machines' data is contained in files, stored by the virtualizer on the host. So any malware on the host machine could potentially send those files back to an adversary. The adversary could then simply run that same virtual machine on his/hers virtualizer, and get access to everything stored in the VM.

Now lets assume you encrypt all of the VMs files (and ignore the practicality discussion). This still leaves your VM exposed to screenshots, memory dump analysis (although I am not aware if this has ever been done), and more data exfiltration methods.

Furthermore, VM network activity runs through the host's network interface (NIC), thus exposing the traffic to the malware.

So both of the points you made are not secure:

  • You should not keep sensitive information in a VM on a compromised host.
  • The malware could potentially intercept the network traffic from the guest.

A better solution might be to do the exact opposite - run a clean host, and use a VM for every activity that may expose you to infection (web browsing, file sharing etc.). Consider reading about Qubes and maybe this will interest you for more than just PDF viewing.

MiaoHatola
  • 2,284
  • 1
  • 15
  • 22