Knoppix from pendrive in virtual window - can virus etc. cross to host?
 

I have a pen drive set up to launch Knoppix5.1 in a virtual window inside of MS windows - XP, Vista. I am using the pendrivelinux QKB.exe method to open the virtual window.

Using QTParted in Knoppix does not show access to the hardrive on the host machine.

Is this isolation real or only apparent?

I'm hoping to use this setup to surf the internet in libraries w/o endangering the host machine.

I have used it in my own laptop using the wireless connection. After a lot of surfing (with ice weasle) a scan by AVG anti-virus found a trojan backdoor (it claimed) in the QKB.exe file. I deleted and formated the pendrive. The trojan (if it was actually one) did not penetrate my laptop hd as far as a full scan could determine.

Not having been able to surf with linux before - no personal internet - I do not know if there is some linux anti-virus I should be using. I haven't searched yet due to time restrictions in library, so if it is common knowledge then please only look at my first true question - is the virtual window truly isolated?

Thank you for your help. I may not be able to respond quickly but I am very interested.

No virtual environment alone makes you safe from attacks or malware, no matter what OS you're using.

Not seeing the AV alert description or name would mean that we'd have to make some assumptions. One assumption is that if you're running Linux in a virtual environment and the host OS is Windows-based, you're safe, if you've checked the Linux ISO's MD5 hash to ensure it wasn't altered and that you've check to see that the software is authentic. In my experience, most Windows-based AV products generate false positives when they attempt to scan *nix-based files (I believe this may be what has happened to you).

You probably need to try again to see if you can duplicate the alert and do a deeper investigation.

Thanks unixfool. Here's an update.

I also believed it could be a false positive. AVG offered to go online for information but I was't on the net.

To be safe, I deleted and formated the pendrive. I then scanned the Ubunto .exe from pendrivelinux which I had stored elsewhere but which had never been on the net. It reported the same backdoor trojan. So unless the home site was infected it had to be a false positive.

Back online I downloaded new copies of the QKB.exe(Knoppix) @ the Ubunto form of it. I updated the AVG. With the new update everythng scanned clean. So it was apparently a false positive for a few days or less and then was correted.

I further experimented with the actual pendrivelinux OS. It is much smaller and uses the actual windows media player which comes up in the vista window, not the virtual window! So some sort of crossover is at work, at least with that setup. It may be only a HAL sort of virtual crossover that may not allow an active code through - like using the cd player or the wireless. I don't know.

I am not too worried about the knoppix being corrupted, it is an ISO. The little .exe programs are another matter. But the great thing is that with the separate bits in files on my hardrive I can make a new setup in minutes. This allows a total "scorched earth" policy towards the pendrive knoppix virtual machine. Corrupted? Goodbye. I'm only concerned about the host machine being infected.

I read somewhere that reaseachers use virtual machines to explore the darkside of the internet and then merely delete them when corrupted. That's what inspired me to look for this setup - along with convience of use and carry. Plus changing a windows box to linux while you use it, then taking it all away with you.

If anyone else has insights into this "virtual window crossover to host" I hope you will comment. Thanks to all.