Frank Beuth writes: > On Fri, Oct 18, 2019 at 11:54:18AM +0100, cho...@jtan.com wrote: > >Virtualisation is not a panacea. I have managed to achieve data loss through > >destructi > ve actions taken within a "safe" virtualised sandbox. > > How did you manage that feat?
Basically assuming "safe" then taking actions to subvert that, namely mounting an SMB share within the VM. rm(1) does not discriminate. My own fault obviously but it's notable that the "virtual environment == safe" assumption was shattered so effectively, so easily, and by actions which in most circumstances would be benign. That's not to even start on the fact that it's little more than process switching and virtual memory on steroids, so the extra seperation on top of what the OS already provides is little more than smoke and mirrors. > In the world of malware analysis, running code blindly (in a virtual > machine) in order to figure out what it does (by comparing "before" and > "after" snapshots) is standard operating procedure. > > (standard operating procedure doesn't necessarily make it a good idea, > but it is what it is) There's something to be said for it if your constraints are sound. I doubt a half-decent malware analyst isn't both extremely paranoid about their testing gig and still won't run code without at least a cursory glance at the disassembly. Consider that without access to the source code the game changes considerably. Matthew