3

What I have found out so far is that keyloggers, for example, can still capture what you type, even within the virtual machine.

I could not, however, find much information regarding other effects of an infection of the host system on the virtual machine. The keylogger thing alone could be easily circumvented by using something like the on-screen keyboard that comes with Windows.

If an attacker could just read whatever you type or copy into your clipboard from memory, however, you might not even bother. So I ask you: Is there a security benefit to using a virtual machine with a potentially compromised host machine?

CBeltz
  • 31
  • 2
  • typically, the use case of a VM is to manage threats from the VM not the host – schroeder Apr 06 '17 at 12:57
  • No, there is no benefit. The attacker can simply run guestcontrol and execute whatever he wants on the guest machine http://www.virtualbox.org/manual/ch08.html#vboxmanage-guestcontrol – J.A.K. Apr 06 '17 at 13:55

1 Answers1

4

There are multiple theoretical situations where your actions in a Virtual Machine would be hidden from garden-variety malware. For example, banking trojans wouldn't know how to inject themselves into your browser that's running in the virtual machine. Although in theory malware can record your screen in HD, usually they don't want to play babysitter.

Additionally, Windows 10 has a feature called Credential Guard that leverages virtualization to protect a certain type of secret key, even if the computer is infected.

Windows Server 2016 also has a feature called Shielded VMs.

However these are edge cases with their own debates about the scope of what they address. For all intents and purposes, in the real world if the host machine is infected, all attached virtual machines should be considered compromised as well.

SwiftOnSecurity
  • 291
  • 2
  • 5