LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-30-2008, 11:46 AM   #1
Miah
LQ Newbie
 
Registered: Apr 2006
Posts: 20

Rep: Reputation: 0
Knoppix from pendrive in virtual window - can virus etc. cross to host?


I have a pen drive set up to launch Knoppix5.1 in a virtual window inside of MS windows - XP, Vista. I am using the pendrivelinux QKB.exe method to open the virtual window.

Using QTParted in Knoppix does not show access to the hardrive on the host machine.

Is this isolation real or only apparent?

I'm hoping to use this setup to surf the internet in libraries w/o endangering the host machine.

I have used it in my own laptop using the wireless connection. After a lot of surfing (with ice weasle) a scan by AVG anti-virus found a trojan backdoor (it claimed) in the QKB.exe file. I deleted and formated the pendrive. The trojan (if it was actually one) did not penetrate my laptop hd as far as a full scan could determine.

Not having been able to surf with linux before - no personal internet - I do not know if there is some linux anti-virus I should be using. I haven't searched yet due to time restrictions in library, so if it is common knowledge then please only look at my first true question - is the virtual window truly isolated?

Thank you for your help. I may not be able to respond quickly but I am very interested.
 
Old 01-30-2008, 01:54 PM   #2
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by Miah View Post
I have a pen drive set up to launch Knoppix5.1 in a virtual window inside of MS windows - XP, Vista. I am using the pendrivelinux QKB.exe method to open the virtual window.

Using QTParted in Knoppix does not show access to the hardrive on the host machine.

Is this isolation real or only apparent?
No virtual environment alone makes you safe from attacks or malware, no matter what OS you're using.

Quote:
I'm hoping to use this setup to surf the internet in libraries w/o endangering the host machine.

I have used it in my own laptop using the wireless connection. After a lot of surfing (with ice weasle) a scan by AVG anti-virus found a trojan backdoor (it claimed) in the QKB.exe file. I deleted and formated the pendrive. The trojan (if it was actually one) did not penetrate my laptop hd as far as a full scan could determine.
Not seeing the AV alert description or name would mean that we'd have to make some assumptions. One assumption is that if you're running Linux in a virtual environment and the host OS is Windows-based, you're safe, if you've checked the Linux ISO's MD5 hash to ensure it wasn't altered and that you've check to see that the software is authentic. In my experience, most Windows-based AV products generate false positives when they attempt to scan *nix-based files (I believe this may be what has happened to you).

You probably need to try again to see if you can duplicate the alert and do a deeper investigation.
 
Old 01-31-2008, 02:58 PM   #3
Miah
LQ Newbie
 
Registered: Apr 2006
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unixfool View Post
No virtual environment alone makes you safe from attacks or malware, no matter what OS you're using.



Not seeing the AV alert description or name would mean that we'd have to make some assumptions. One assumption is that if you're running Linux in a virtual environment and the host OS is Windows-based, you're safe, if you've checked the Linux ISO's MD5 hash to ensure it wasn't altered and that you've check to see that the software is authentic. In my experience, most Windows-based AV products generate false positives when they attempt to scan *nix-based files (I believe this may be what has happened to you).

You probably need to try again to see if you can duplicate the alert and do a deeper investigation.
Thanks unixfool. Here's an update.

I also believed it could be a false positive. AVG offered to go online for information but I was't on the net.

To be safe, I deleted and formated the pendrive. I then scanned the Ubunto .exe from pendrivelinux which I had stored elsewhere but which had never been on the net. It reported the same backdoor trojan. So unless the home site was infected it had to be a false positive.

Back online I downloaded new copies of the QKB.exe(Knoppix) @ the Ubunto form of it. I updated the AVG. With the new update everythng scanned clean. So it was apparently a false positive for a few days or less and then was correted.

I further experimented with the actual pendrivelinux OS. It is much smaller and uses the actual windows media player which comes up in the vista window, not the virtual window! So some sort of crossover is at work, at least with that setup. It may be only a HAL sort of virtual crossover that may not allow an active code through - like using the cd player or the wireless. I don't know.

I am not too worried about the knoppix being corrupted, it is an ISO. The little .exe programs are another matter. But the great thing is that with the separate bits in files on my hardrive I can make a new setup in minutes. This allows a total "scorched earth" policy towards the pendrive knoppix virtual machine. Corrupted? Goodbye. I'm only concerned about the host machine being infected.

I read somewhere that reaseachers use virtual machines to explore the darkside of the internet and then merely delete them when corrupted. That's what inspired me to look for this setup - along with convience of use and carry. Plus changing a windows box to linux while you use it, then taking it all away with you.

If anyone else has insights into this "virtual window crossover to host" I hope you will comment. Thanks to all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Link USB pendrive to virtual memory in Trinity Rescue Kit linuxhippy Linux - Software 2 12-12-2006 03:37 PM
New Cross-Platform Virus Proof of Concept win32sux Linux - Security 19 04-19-2006 12:24 AM
LXer: Torvalds creates patch for cross-platform virus LXer Syndicated Linux News 0 04-18-2006 08:21 PM
virtual users and virtual host need to stay at /home nephish Linux - Networking 3 01-14-2006 02:36 PM
USB pendrive kills host controller fridgehead Linux - Hardware 2 09-23-2003 06:53 AM


All times are GMT -5. The time now is 04:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration