dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
6847

vmuser
@202.188.x.x

vmuser

Anon

Are virtual machines safe from keyloggers ?

Hi, I've a question about keyloggers and virtual machines, ie. VMware, MS Virtual PC.

I am wondering if i am safe in these 2 scenarios:-

Scenario 1
===============
- Host OS is infected with a powerful keylogger.
- OS in VM session is clean.
- Will keylogger capture keystrokes entered inside the virtual machine?

Scenario 2
===============
- OS in VM session is infected with a powerful keylogger.
- Host OS is clean.
- Will keylogger capture keystrokes entered on the host machine?

Hope this isn't too confusing? TIA

orph4824
I Ate What??
join:2001-04-26
Greeneville, TN

1 edit

orph4824

Member

In your first senario both the host and guest will be logged as the vm uses the hosts keyboard hooks

senario 2 only the guest os would be caputred as it as vm implies is an isolated system so to speak.

vmuser
@202.188.x.x

vmuser

Anon

Just as i guessed, thanks.

richtig
Music Is Emotion
Premium Member
join:2003-02-19
Australia

richtig to orph4824

Premium Member

to orph4824
said by orph4824:

In your first senario both the host and guest will be logged as the vm uses the hosts keyboard hooks

senario 2 only the guest os would be caputred as it as vm implies is an isolated system so to speak.
I don't understand this. In the second scenario, as in the first, if the VM OS is communicating at all, e.g. browsing, this requires outgoing communication. How does the VM 'machine' distinguish a key-logger's output from other legitimate output?

yaplej
Premium Member
join:2001-02-10
White City, OR

yaplej to vmuser

Premium Member

to vmuser
I would say it depends.

If your using RDP to connect to the guest VM then I don't believe those keystrokes would be logged by the software on the host system as they would only be going over the RDP session.

If you were connecting to the host system then yes those key strokes would be logged just like normal keystrokes independent of where they were actually targeted to the host, or guest system.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to vmuser

Premium Member

to vmuser
A keylogger on the host will compromise both the host and any virtual machines. A keylogger on a virtual machine will compromise only the virtual machine. You must keep the host secure. You can play with the virtual machine and what ever happens there stays there. The exception is if you enable file sharing and accidently send an infected file from the guest to the host or have not disabled drag and drop. (But that is off the topic of key loggers).

The host machine is immune to infected virtual machines (except by the above mentioned user actions). Other virtual machines are immune to an infected virtual machine. A keylogger on a virtual machine cannot detect keys presses on the host machine or another virtual machine.

vmuser
@202.188.x.x

vmuser

Anon

said by Mele20:
The exception is if you enable file sharing and accidently send an infected file from the guest to the host or have not disabled drag and drop.
OK say an infected file gets copied to the host system. But unless it is executed, i am still safe right?
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

said by vmuser :

OK say an infected file gets copied to the host system. But unless it is executed, i am still safe right?
Sure. So, assuming your AV has the signature for it or can catch it with its heuristics, you are ok. Some folks don't like the idea of having a virus unexecuted on their drive. But it is harmless until executed. I have file sharing for my downloaded programs folders and drag and drop enabled on my virtual machines.

vmuser
@202.188.x.x

vmuser

Anon

said by Mele20:
Some folks don't like the idea of having a virus unexecuted on their drive.
I sure don't.

Thanks to all again. I appreciate all the feedback.