Using Virtual Machines for Security Analysis
Now that you've seen how to use a virtual machine as a sort of Internet-browsing sandbox, expanding the use of the sandbox may seem logical. Using the Not connected
network setting and then transferring a suspected malware file into a guest machine with drag and drop would appear to offer a safe environment for analyzing the behavior of the file. This technique might indeed work in many cases, but it could easily fail to detect malware in others. The problem is that a malicious coder can easily add code that checks whether his or her malware program is executing inside a virtual machine. The coder could program the malware to behave safely if it detects that it is running in a virtual environment. Thus, the malware would falsely pass the safety test and then run amuck inside the physical machines you wanted to protect.
Some have proposed using virtual machines to host honeypots, another security technique that may seem attractive. Should malware damage the virtual honeypot, the argument goes, the virtual machine can be reset. Once again, the malware can determine if it's running in a virtual machine and behave differently, which makes the analysis a waste of time.
With these caveats in mind, you should always undo your changes when you browse unknown Web sites. You can't assume that the virtual machine is free of malware just because it appears to be normal.
Sandboxes for Safe Browsing
No single solution will improve security, and browsing the Internet will always pose risks. By properly configuring virtual machines and using them as sandboxes for safe browsing, you can provide an additional layer of security without high cost and complexity. Unless you have confidence in and can trust the sites you are browsing, browsing within a virtual machine is a prudent approach.