How can you get a file into a VM without creating a potential malware breach? I was told to kill the internet connection, disable any type of sharing with the host, no copy paste, and no sharing disks, but how would I be able to get the files into the VM if it is secure from both sides? The file in question is about 36GB and there is a second file that is 678MB.

Thank you.

you are viewing a single comment's thread
view the rest of the comments

[–] deadcade@lemmy.deadca.de 3 points 1 day ago* (last edited 1 day ago) (5 children)

Start off with a clean slate. Windows, freshly installed from a Microsoft provided ISO (Assuming you're looking at a Windows executable). Try to follow a guide on bypassing the MS account requirement (AtlasOS has a section of their guide telling you how to do this).

When you're setting things up, there's no restrictions to internet access, sharing, etc. You just have to be careful not to open/view the files you want to isolate, which is easy enough by for example putting the files in a password protected zip. You can also install any required tools now (like maybe 7zip).

At this stage, there's a few options:

The easiest is to put your files into a separate folder, then run a simple webserver, like with python3 -m http.server on your host. Then download it on the VM.
Another option is to mount the VMs disk, then copy the files directly. Turn off the VM, mount the disk, copy the files, unmount, then turn it back on.
You could create a disk image that contains your files, readable by the VM.

When you're ready to actually open the file, close off all access from the VM to the host. No networking, clipboard sharing, etc. Do this on the hosts VM settings, not inside the VM. Also note that without further tooling, it's extemely difficult to tell if there's any advanced malware present.

As soon as you view the potentially malicious files, consider anything coming from that VM as malicious. Don't try to view/open files on your host, do not give it network access.

Malware can be (but often isn't) incredibly advanced, and even an isolated VM isn't a 100% guaranteed method of keeping it contained.

[–] Onomatopoeia@lemmy.cafe 2 points 22 hours ago (4 children)

VMware's shared folders is secure - by default it's read-only, and it's only visible to the specific VM on which it's configured.

The client OS doesn't even need a network card, VMware emulates the network just for the shared folder.

I assume other virtualization tools have a similar feature.

[–] deadcade@lemmy.deadca.de 2 points 15 hours ago (3 children)

It's not. There's no way to be 100% certain the shared folder daemon on the host has absolutely zero exploits, same thing for the networking stack used for transport. That also includes VM disk I/O, virtual graphics output, and any other communication between guest and host. It'd take some really advanced malware to abuse such exploits, but you're better off minimizing attack surface as much as possible. That means disabling (or removing) every possible form of communication between host and guest, unless absolutely necessary for operation.

[–] Yourname942@lemmy.dbzer0.com 1 points 11 hours ago (2 children)

thank you for the in depth responses. Do you know if it is follish to keep internet on my host when I have the VM have no network connections, or is it highly recommended to kill the internet for both host and VM?

[–] deadcade@lemmy.deadca.de 2 points 11 hours ago

If you're this unsure about running potential malware in a VM, the best method is to just not run it at all.

You should be perfectly fine running with networking on your host, as long as you disable it in the VM configuration before running the potential malware.

[–] frongt@lemmy.zip 1 points 11 hours ago

It is not going to matter. If the malware can escape the VM, it's going to do that regardless of host network access.