imagine youre malware and you get downloaded onto a windows machine, youre excited to finally steal data and fulfill your purpose until you hear "Hello everybody, my name is Eric."
I appreciate how your videos minimize fearmongering, when discussing topics like this, people often just give blanket warnings and skip over the technical detail. it's really annoying to try to find out the real risks when articles, videos, and professional are so quick to fearmonger in hopes of scaring people away entirely. So many people echo the idea that virus and malware are this magical thing that you can get by opening an email or visting a site. But that's just wrong, it depends on what you download from the email, if the email client was exploited, what did you click or download on the site, what browser are you on, etc. So thank you for providing an object answer while acknowledging the theoretical possibilities but still remaining grounded. It's nice to just have answers sometimes without feeling like people are talking down to you.
There is one drawback to using a Sandbox to test malicious files. People will test their sus programs in the Sandbox, but the program may have VM detection and not run the payload. The user may assume it is "safe" and execute it on their host, and boom, payloads galore
Interestingly, Windows Sandbox does not have a Trusted Installer. Not sure if this means they completely locked down anything Trusted Installer would be able to do, or they just unrestrict those permissions so the basic sandbox admin can do literally anything trusted installer could to your regular PC
>Can malware escape Windows Sandbox? Yes >Is it Safe? Never give anything you didn't write/audit yourself the benefit of the doubt. Always assume software is unsafe.
Unlike a normal VM, some parts are shared between the sandbox and the host OS. For example, third-party fonts installed on the host OS system-wide show up in the sandbox. I tried installing a font inside the sandbox and it did not get through to the host system, but perhaps there are more shared things, and perhaps one of them mistakenly visible outside of the sandbox…
Fun fact: if you uninstall Edge from your host, it disappears in Windows Sandbox too, leaving you with no browser and only the command line to download one :)
Some more recommendations on the user errors part: 1. Avoid storing samples on the host as much as you can. Should you not able to avoid doing so, only store them in encrypted forms and remove the file extensions. Make it as hard and as complicated as possible to detonate a sample on your host. I have been saved by this specific guardrail many, MANY times. 2. Privilege separation, privilege separation, and more privilege separation. Always use low privilege accounts on Windows when it's possible. On your host, this can be the last line of defense. Create a new local account, instead of relying on UAC, as it's NOT a security boundary (said Microsoft themselves). I've never triggered this line of defense, but someone I know had once saved by this. 3. Don't detonate commands unattended. Run files only. If it's a command, produce a batch file. Most malicious commands are going to pull stuff from the Internet, which should by design not going to work at all in the default state of a lab VM. (Lab VMs should only connect to the Internet when its manually enabled. VM NAT adapters are not safe to use.) 4. Make the UI in your VM drastically different from your host. Not just the light/dark modes. Change the desktop background, account names, start menu appearances, etc. Use a different system language in your VM if you speak more than one language. If you use Chrome on your host, maybe try using Edge in your VM. Avoid using VMs in fullscreen mode. It's an easy way to reduce your ability to distinguish your lab environments from your host. Just make the UIs easily recognizable. 5. Avoid installing analysis tools on your host. Just keep the basic ones you need, like sysinternal suites. 6. A good cyber hygiene helps a lot. I practice an extremely strict set of cyber hygiene rules on my host. Most actions I do on my host are whitelisted. (Yes, a WHITELIST, not a blacklist.) Stay safe!
Good luck telling the average user to not make their account an Administrator one. Why Winblows even make your account an Admin account by default is beyond me.
@@mu11668BNot my point. thanks to Microshaft's inane decisions users are way more susceptible to malware with their default Admin account setup. GNU/Linux distros all already have a least privilege model by default where theres a superuser account and your regulae account is not as privileged. It wouldnt take anything for Micro$oft to program in the admin account to be on by default while the user has a standard account, and have the user input said account's paasword for admin tasks, instead of its current insecure setup.
Quick question: What is the reason for the 4th recommendation? Is it to avoid fingerprinting, to blend in with other users, or to look unique on purpose?
@1KiloDepartmentMy guess: the 4th one is to avoid getting confused on which Windows are you currently on (host or guest) and possibly avoid executing the payload on the host, thinking that you are in the guest.
Another potentially dangerous source of user error on a VM (probably not Windows Sandbox though) would be accidentally setting a shared folder to be writable. Usually on my VMs, if I need shared folders I will have a special "VM writable" folder that's specifically for getting files out from the VM. If you did something like make your home directory a writable shared folder and ran ransomware, your entire host's home folder would be encrypted.
I am glad you made this because I see so many TH-camrs that says “just install a VM on your computer and run it in there” “it’s completely safe and if nothing happens you know it’s not malware” like there’s so many problems with those claims
Thank you for the mention of light themes being better for accessibility! I have fairly severe astigmatism and dark themes are significantly harder to read even with glasses. It's always annoying when websites or apps decide to only support a dark theme because reading them for a few minutes is bound to give me eye strain. This is especially annoying considering every OS and web browser has frameworks to let users set their preference nowadays.
You know what's really really cool about hyper-v, it runs its own kernel called the secure kernel and its own usermode called isolated usermode, this is a comment section so i can't go into detail but it might be a fun idea to just make a video about hyper-v and its internals
One thing I noticed with VMWare is I could see all traffic heading to my host PC if I performed a packet capture from the VM with the network adapter set to bridged. Thats something VMWare should probably patch.
You know, I've been dropping things into virus total, and looking at anyrun for some schtuff and every time I'm like "yeah you know, a few years ago some of this stuff being 'detected' would've totally freaked me out when it's perfectly normal behaviour." I wonder if there is a video in that, or if telling people "this is fine" is something you'd rather not touch because of the .1% chance that someone ignores something actually malicious. Like, "the most common false detections" for benign/harmless but unsigned stuff from github or something. Idk. Could be an evergreen video but might take some work to make sure it's not recommending anything that could backfire.
I have been preaching the good name of Windows Sandbox to people for forever now. Great to see you looking into it and talking about its security, as I get asked that a lot myself. Good stuff Also I had video input enabled this whole time for some reason 😭
I love so much your videos, they are relaxing and entertaining and we all learn new things that we didnt know they existed. Keep going u one of my fav youtubers❤
Eric, your reasoning for keeping the VM in light mode makes me feel like an idiot for not thinking of that sooner. I use different colors for the window accents and taskbar on the handful of computers I use, so I'm not sure why it never occurred to me to just use light mode. It's a shame that Windows considers dark/light mode a personalization option instead of an accessibility setting. I've had more close calls than I care to admit, but so far the worst command I've ever unintentionally executed on my host machine is a reboot. Unfortunately, the host machine was also running the software that let me call clients, so my call dropped too lmao.
2:22 i had no idea this was the case! it explains why ive always felt text was slightly blurred when i use dark mode. making me consider the switch back to light on some applications
2:14 Using dark or light mode may even be an attribute to fingerprinting, although my opinion feels that it is unlikely. There are more useful identifiers than dark or light mode, but it can contribute. I would assume most people utilise the defaults. At the end of the day, you would want to blend in more when doing analysis.
Im still nervous about VMs and Sandbox, How much risk is there if I set up another connection point on my browser that’s not linked to my other devices and used a VM on a old PC I no longer use? (I’m just ultra paranoid, I have never gotten malware on a PC with anything important and I want to keep it that way)
can you check if goodbyedpi is safe i know that this is a random request but i never seen anybody do it with all details and such so if you could do it its would be awesome
I used it a few times. I can watch youtube vids with it and that by itself is good performance, because older pc cant even run youtube smoothly. The MS Edge inside the Sandbox mirrors the Edge on the host, meaning to keep the Sandbox Edge up to date, first update the host Edge first. Sharing files between host and the sandbox is copy paste really I think the only downside is you can only have 1 instance of Windows Sandbox. Imagine having multiple Sandbox running, that's Qubes at that point.
I have a bad case of astigmatism, and it can mainly be corrected along one axis only, not mine though. My eyes are all wonky, but I find dark mode to offer me better contrast, go figure.
I did in 2021, it got taken down by TH-cam because of "piracy". WWVzIGF0IGxlYXN0IGNpcmNhIDIwMjEgaXQgZGlkIGFwcGVhciB0byBiZSBzYWZlLCBJIGRvbid0IHJlY29tbWVuZCB0aG9zZSBraW5kIG9mIHRoaW5ncyB0aG91Z2guIA==
@@EricParker what do you think about it i have it and i dont know what to do i dont think i will be safe just by deleting it but i never had a problem whit it ?
I would rank sandboxie as less secure for the fact that it shares the kernel, so a VM would have better isolation But usability and hadware usage would be better on sandboxie
I do the same with dark mode to tell the host from guest for my unsafe browsing VM. Also, if you wanna be a real gangster wit it, you could use a window rule to add a red border on the VM like how qubes does it. Linux only afaik though and obviously can't record videos like that. If you wanna be a bigger G then you do a poor qubes imitation by using a set of VMs and an isolated VM network. 1. Router VM: NAT network + "LAB" (isolated) network. Runs pfsense or whatever, serves DHCP etc and routes all traffic from LAB to outbound via a VPN. Guests cannot connect to the host or any other LAN hosts since the router routes all traffic through a VPN. Provides a guaranteed killswitch and allows the host to connect to guests. 2. All other VMs: Connected to LAB. 3. Host: Connected to the router via Wireguard. Then, create a guest VM, use waypipe or X forwarding if linux or VNC/whatever if windows and create a window rule to mark the border as red. Iterate on that by making the host immutable and enable SELinux and you've got a solid security posture without the compromises of qubes.
I know no one cares, but i personally use plain QEMU for gpu passthrough vm. Mostly to have "gamer life" separated. Without libvirt there's no cpu pinning etc. but i prefer to learn plain QEMU first before i move forward. Can't wait to see something new in next video.
Just noticed I cannot enable notifications for your channel due to youtube saying its "Content made for Kids". If that's the case, how the hell am I leaving this comment?? (I tried 3 different devices and accounts...)
Why are you pronouncing Dark mode as Dawenk mode? Is this a joke that I need explaining? AI generated speech? Baby talk? Boston accent? Content creator baiting engagement with low hanging fruit?
The most secure VM seems to be where as much things as possible are emulated, like qemu (non-kvm). There's also another VM escape method, if it's connected to internet, the attacker or virus can hack a wifi router and try to access PC on local network
I'd say the opposite. Virtualization is near 100% secure, emulation is very easy to break out of because performant emulation requires JIT, and is usually written in memory unsafe languages.
@@EricParkeradding to this emulators often are made with the focus of running software from one platform on another, if that software is malicious is usually not a concern for the devs at all like note how noted how running windows in WINE for instance will still often mess up your Linux install because they share files between the two, or DOSBOX which gives you “mount (any folder)” as a command for easy file transfer
Device emulators are the source of many QEMU VM escapes lol Prime example is VENOM (floppy disc emulation) And projects like firecraker do as little as possible emulation
I remember this thing needing hyperv or something that i needed to disable for basically every other emulator / vm program idk i forgot the details but it was just annoying
Eric discusses Windows Sandbox, a lightweight, isolated Hyper-V-based VM for safely running applications. It offers temporary environments without saving data and uses GPU virtualization for high resolution. While generally secure, it carries risks like user error and rare vulnerabilities. Best practices include disabling clipboard sharing, printers, webcams, and unnecessary networking. For malware analysis, Eric recommends separate non-Windows systems. Advanced GPU passthrough guides are forthcoming.
Heavily requested passthrough VM guide will be coming up next, subscribe if you're interested.
Done!
I just did GPU HyperV and man its amazing i have friends playing on two VMs and I on the pc it self
👏
How did you get networking to work on Windows on qemu? I cannot fix it for the life of me XD
I cannot wait!
3:07 is a malware analyst two-sentence horror story
"I pressed win + R in my VM.
It executed on the host"
I was lucky that i was looking for the stealer in appdata, not running a command.
ones like virtualbox capture your input so that cant happen thankfully 😅😅😅
Firefox sandbox is better
imagine youre malware and you get downloaded onto a windows machine, youre excited to finally steal data and fulfill your purpose until you hear "Hello everybody, my name is Eric."
:( sad malware noises
funky fumo spotted
no worry it's the Albanian virus
I appreciate how your videos minimize fearmongering, when discussing topics like this, people often just give blanket warnings and skip over the technical detail. it's really annoying to try to find out the real risks when articles, videos, and professional are so quick to fearmonger in hopes of scaring people away entirely. So many people echo the idea that virus and malware are this magical thing that you can get by opening an email or visting a site. But that's just wrong, it depends on what you download from the email, if the email client was exploited, what did you click or download on the site, what browser are you on, etc. So thank you for providing an object answer while acknowledging the theoretical possibilities but still remaining grounded. It's nice to just have answers sometimes without feeling like people are talking down to you.
I dislike his videos because he is anti-map and auttp
@@menjolnoThe what now?
My thoughts exactly!!
There is one drawback to using a Sandbox to test malicious files.
People will test their sus programs in the Sandbox, but the program may have VM detection and not run the payload. The user may assume it is "safe" and execute it on their host, and boom, payloads galore
there really isn't a solution to that problem other than buying a cheap laptop from ebay
can stealth vm be also detected?
@Rahee07 I assume it's like an arms race. VM improves detection prevention -> malware improves vm detection further, etc.
@Rahee07yes, advanced anti vm
The right configuration of the right hyper visor will make it undetectable for most vm detection things in malware
Interestingly, Windows Sandbox does not have a Trusted Installer. Not sure if this means they completely locked down anything Trusted Installer would be able to do, or they just unrestrict those permissions so the basic sandbox admin can do literally anything trusted installer could to your regular PC
Honeypot for when malware tries to edit system files
>Can malware escape Windows Sandbox?
Yes
>Is it Safe?
Never give anything you didn't write/audit yourself the benefit of the doubt. Always assume software is unsafe.
finally a sane comment. i trust Windows Sandbox as much as I trust M$ to not spy on me
@@cryluneit’s probably fairly safe but generally yes
@@LiEnby Fairly safe is not safe enough
@@crylune I looked at your profile and you're also a fan of vinesauce and mental outlaw. Nice to meet you, Brother. nice Senko avatar, btw. 😉
@@Eyevou thanks c:
Unlike a normal VM, some parts are shared between the sandbox and the host OS. For example, third-party fonts installed on the host OS system-wide show up in the sandbox. I tried installing a font inside the sandbox and it did not get through to the host system, but perhaps there are more shared things, and perhaps one of them mistakenly visible outside of the sandbox…
imgine the local saved passwords and browser cookies are shared
This is true for litterally every VM btw, their using your real gpu and real cpu to run instructions, for example
@@LiEnbyI'm not talking about sharing the hardware, that is normal. I'm talking about some system *files* being shared between the two.
Fun fact: if you uninstall Edge from your host, it disappears in Windows Sandbox too, leaving you with no browser and only the command line to download one :)
@@LiEnby not unless you use qemu for emulation
Some more recommendations on the user errors part:
1. Avoid storing samples on the host as much as you can. Should you not able to avoid doing so, only store them in encrypted forms and remove the file extensions. Make it as hard and as complicated as possible to detonate a sample on your host. I have been saved by this specific guardrail many, MANY times.
2. Privilege separation, privilege separation, and more privilege separation. Always use low privilege accounts on Windows when it's possible. On your host, this can be the last line of defense. Create a new local account, instead of relying on UAC, as it's NOT a security boundary (said Microsoft themselves). I've never triggered this line of defense, but someone I know had once saved by this.
3. Don't detonate commands unattended. Run files only. If it's a command, produce a batch file. Most malicious commands are going to pull stuff from the Internet, which should by design not going to work at all in the default state of a lab VM. (Lab VMs should only connect to the Internet when its manually enabled. VM NAT adapters are not safe to use.)
4. Make the UI in your VM drastically different from your host. Not just the light/dark modes. Change the desktop background, account names, start menu appearances, etc. Use a different system language in your VM if you speak more than one language. If you use Chrome on your host, maybe try using Edge in your VM. Avoid using VMs in fullscreen mode. It's an easy way to reduce your ability to distinguish your lab environments from your host. Just make the UIs easily recognizable.
5. Avoid installing analysis tools on your host. Just keep the basic ones you need, like sysinternal suites.
6. A good cyber hygiene helps a lot. I practice an extremely strict set of cyber hygiene rules on my host. Most actions I do on my host are whitelisted. (Yes, a WHITELIST, not a blacklist.)
Stay safe!
Good luck telling the average user to not make their account an Administrator one. Why Winblows even make your account an Admin account by default is beyond me.
@@crylune Average users probably wouldn't try to reverse engineer malware samples anyway. XD
@@mu11668BNot my point. thanks to Microshaft's inane decisions users are way more susceptible to malware with their default Admin account setup. GNU/Linux distros all already have a least privilege model by default where theres a superuser account and your regulae account is not as privileged. It wouldnt take anything for Micro$oft to program in the admin account to be on by default while the user has a standard account, and have the user input said account's paasword for admin tasks, instead of its current insecure setup.
Quick question: What is the reason for the 4th recommendation? Is it to avoid fingerprinting, to blend in with other users, or to look unique on purpose?
@1KiloDepartmentMy guess: the 4th one is to avoid getting confused on which Windows are you currently on (host or guest) and possibly avoid executing the payload on the host, thinking that you are in the guest.
Another potentially dangerous source of user error on a VM (probably not Windows Sandbox though) would be accidentally setting a shared folder to be writable. Usually on my VMs, if I need shared folders I will have a special "VM writable" folder that's specifically for getting files out from the VM. If you did something like make your home directory a writable shared folder and ran ransomware, your entire host's home folder would be encrypted.
Oh!! 😃
Oh!! 😃
I am glad you made this because I see so many TH-camrs that says “just install a VM on your computer and run it in there” “it’s completely safe and if nothing happens you know it’s not malware” like there’s so many problems with those claims
i use it to run malware for fun
i love watching eric parker videos
Thank you for the mention of light themes being better for accessibility!
I have fairly severe astigmatism and dark themes are significantly harder to read even with glasses.
It's always annoying when websites or apps decide to only support a dark theme because reading them for a few minutes is bound to give me eye strain. This is especially annoying considering every OS and web browser has frameworks to let users set their preference nowadays.
Finally someone speaks some sense about light mode. I have really sharp vision with glasses, but, dark mode just makes the text look blurry!
You know what's really really cool about hyper-v, it runs its own kernel called the secure kernel and its own usermode called isolated usermode, this is a comment section so i can't go into detail but it might be a fun idea to just make a video about hyper-v and its internals
I can’t get enough of this-your creativity is on another level!
Windows sandbox is basically a VM
It cannot escape
LOL I forgot to mention that it was a temporary VM
It cannot escape as long as there aren't any critical security vulnerabilities
It cannot escape ❌️
It is unlikely to escape ✅️
VMs aren't perfect
Uploaded 1 minute ago while I'm binge watching the channel? I'm in.
Even crazier I was just thinking abt doing some Virtual Machine research bc they sound cool.
I have Astigmatism and I usually watch your videos in bed without my correction glasses and man is it easier to read thank you
One thing I noticed with VMWare is I could see all traffic heading to my host PC if I performed a packet capture from the VM with the network adapter set to bridged. Thats something VMWare should probably patch.
You know, I've been dropping things into virus total, and looking at anyrun for some schtuff and every time I'm like "yeah you know, a few years ago some of this stuff being 'detected' would've totally freaked me out when it's perfectly normal behaviour." I wonder if there is a video in that, or if telling people "this is fine" is something you'd rather not touch because of the .1% chance that someone ignores something actually malicious.
Like, "the most common false detections" for benign/harmless but unsigned stuff from github or something. Idk. Could be an evergreen video but might take some work to make sure it's not recommending anything that could backfire.
I have been preaching the good name of Windows Sandbox to people for forever now. Great to see you looking into it and talking about its security, as I get asked that a lot myself. Good stuff
Also I had video input enabled this whole time for some reason 😭
I love so much your videos, they are relaxing and entertaining and we all learn new things that we didnt know they existed. Keep going u one of my fav youtubers❤
Eric, your reasoning for keeping the VM in light mode makes me feel like an idiot for not thinking of that sooner. I use different colors for the window accents and taskbar on the handful of computers I use, so I'm not sure why it never occurred to me to just use light mode. It's a shame that Windows considers dark/light mode a personalization option instead of an accessibility setting.
I've had more close calls than I care to admit, but so far the worst command I've ever unintentionally executed on my host machine is a reboot. Unfortunately, the host machine was also running the software that let me call clients, so my call dropped too lmao.
I have two astigmatisms and I've never even considered NOT using dark mode... you're opening my eyes Eric haha
Please can you install an ad-blocker - the constant moving images are very distracting.
Heh, there are links that lead to malware on the sides of his browser window.
@samconnelly7630i think it is part of Erick's research😂😅
afaik he does it because while a download may be safe x site can be full of malicious ads
What are you, a cat???
@@Antleredangelbun what, because I have peripheral vision? 😂
2:22 i had no idea this was the case! it explains why ive always felt text was slightly blurred when i use dark mode. making me consider the switch back to light on some applications
2:14
Using dark or light mode may even be an attribute to fingerprinting, although my opinion feels that it is unlikely. There are more useful identifiers than dark or light mode, but it can contribute.
I would assume most people utilise the defaults. At the end of the day, you would want to blend in more when doing analysis.
Im still nervous about VMs and Sandbox, How much risk is there if I set up another connection point on my browser that’s not linked to my other devices and used a VM on a old PC I no longer use? (I’m just ultra paranoid, I have never gotten malware on a PC with anything important and I want to keep it that way)
Windows Update Minitool is safe ?
Can you analyse this please ?
can you check if goodbyedpi is safe i know that this is a random request but i never seen anybody do it with all details and such so if you could do it its would be awesome
goodbyedpi is safe, many russians use this to bypass the youtube slowdown from roscomnadzor
Do we need to see those pop up ads in the videos?
I enjoy watching these as I find these educational as I am just entering cybersecurity
thank you very much sir ❤
Guys wake up eric posted!
I need to download a large file(100GB) in a controlled enviroment but need use all my speed connection, What you would recommend to use?
Erik can you make a video where you see if NL Hybird is a virus or not?
Why do you need Wireguard?
Mitm proxy
I used it a few times. I can watch youtube vids with it and that by itself is good performance, because older pc cant even run youtube smoothly. The MS Edge inside the Sandbox mirrors the Edge on the host, meaning to keep the Sandbox Edge up to date, first update the host Edge first.
Sharing files between host and the sandbox is copy paste really
I think the only downside is you can only have 1 instance of Windows Sandbox. Imagine having multiple Sandbox running, that's Qubes at that point.
I have a bad case of astigmatism, and it can mainly be corrected along one axis only, not mine though. My eyes are all wonky, but I find dark mode to offer me better contrast, go figure.
Can you make a video about Minecraft Tlauncher
I did in 2021, it got taken down by TH-cam because of "piracy".
WWVzIGF0IGxlYXN0IGNpcmNhIDIwMjEgaXQgZGlkIGFwcGVhciB0byBiZSBzYWZlLCBJIGRvbid0IHJlY29tbWVuZCB0aG9zZSBraW5kIG9mIHRoaW5ncyB0aG91Z2guIA==
please dont use tlauncher, just use prism its perfect
@@EricParker what do you think about it i have it and i dont know what to do i dont think i will be safe just by deleting it but i never had a problem whit it ?
@@dave7474 yeah, especially since having cracked accounts in prism is also very easy to do.
lets go, vm escape is a very interesting topic. thank you
Would like to see how it compares against sandboxie-plus.
Very well id imagine ?
I would rank sandboxie as less secure for the fact that it shares the kernel, so a VM would have better isolation
But usability and hadware usage would be better on sandboxie
Hello
Can you check if roblox executor: Solara is a malicious program?
I do the same with dark mode to tell the host from guest for my unsafe browsing VM.
Also, if you wanna be a real gangster wit it, you could use a window rule to add a red border on the VM like how qubes does it. Linux only afaik though and obviously can't record videos like that.
If you wanna be a bigger G then you do a poor qubes imitation by using a set of VMs and an isolated VM network.
1. Router VM: NAT network + "LAB" (isolated) network. Runs pfsense or whatever, serves DHCP etc and routes all traffic from LAB to outbound via a VPN. Guests cannot connect to the host or any other LAN hosts since the router routes all traffic through a VPN. Provides a guaranteed killswitch and allows the host to connect to guests.
2. All other VMs: Connected to LAB.
3. Host: Connected to the router via Wireguard.
Then, create a guest VM, use waypipe or X forwarding if linux or VNC/whatever if windows and create a window rule to mark the border as red. Iterate on that by making the host immutable and enable SELinux and you've got a solid security posture without the compromises of qubes.
I run a sandbox in a VM usually with loads of anti malware and antivirus
Make sure to activate those windows!
bro is filiming this and addware is on the way
I know no one cares, but i personally use plain QEMU for gpu passthrough vm. Mostly to have "gamer life" separated.
Without libvirt there's no cpu pinning etc. but i prefer to learn plain QEMU first before i move forward.
Can't wait to see something new in next video.
Just a word of caution, device passtroughs are dangerous and can allow malware to infect the host
@@tablettablete186 well, my kernel doesn't include firmware for this gpu.
Time to grab some snacks and binge another Eric Parker video
Can malware escape from Windows to Linux?
Edit: or vice-versa
no, unless the malware is designed to work on Linux, which is rare so to answer your question no
It can, but it is highly unlikely to ever happen
make video about NL Hybrid please!
tldr=yes?
✨algorithm✨
Great video !
can you do a nl hybrid fortnite virus check?
Do hyper v and sanboxie also
Just noticed I cannot enable notifications for your channel due to youtube saying its "Content made for Kids". If that's the case, how the hell am I leaving this comment?? (I tried 3 different devices and accounts...)
i am very light sensitive. dark mode is better.
Nice! New video
I too enjoy DYONK mode.
hi
"As clean as a new install of windows" so not clean at all? lol
different pc + Linux + VM
Is it just me or the audio quality is different
Sounds roughly the same to me. All recorded the same way, (SM7B into dbx 286s).
@EricParker maybe I'm going crazy
Why are you pronouncing Dark mode as Dawenk mode? Is this a joke that I need explaining? AI generated speech? Baby talk? Boston accent? Content creator baiting engagement with low hanging fruit?
No, it isn't. Most Winblows security features aren't
the best solution is to simply not download suspicious shit. mind boggling i know
This is legitimately just misinformation
@@LiEnby Trying to please Satya or something? I work in cybsec and am pretty sure I know what I'm talking about.
The most secure VM seems to be where as much things as possible are emulated, like qemu (non-kvm).
There's also another VM escape method, if it's connected to internet, the attacker or virus can hack a wifi router and try to access PC on local network
I'd say the opposite. Virtualization is near 100% secure, emulation is very easy to break out of because performant emulation requires JIT, and is usually written in memory unsafe languages.
Can’t vm escape? Just do an extremely complex exploit chain instead
@@EricParkeradding to this emulators often are made with the focus of running software from one platform on another, if that software is malicious is usually not a concern for the devs at all like note how noted how running windows in WINE for instance will still often mess up your Linux install because they share files between the two, or DOSBOX which gives you “mount (any folder)” as a command for easy file transfer
Device emulators are the source of many QEMU VM escapes lol
Prime example is VENOM (floppy disc emulation)
And projects like firecraker do as little as possible emulation
Huh, could you send more examples of these escapes? I'm interested. I wasn't aware it is less secure
No adblock and using Edge 🥴 lol
I remember this thing needing hyperv or something that i needed to disable for basically every other emulator / vm program idk i forgot the details but it was just annoying
Eric discusses Windows Sandbox, a lightweight, isolated Hyper-V-based VM for safely running applications. It offers temporary environments without saving data and uses GPU virtualization for high resolution. While generally secure, it carries risks like user error and rare vulnerabilities. Best practices include disabling clipboard sharing, printers, webcams, and unnecessary networking. For malware analysis, Eric recommends separate non-Windows systems. Advanced GPU passthrough guides are forthcoming.
Gemini summary?
@@EricParkerSeems like it
Hi!
yes
Still cant for the life of me hear your intro without some sort of mental distress
Hloebdyy
Heluhbdy
Hlebbddy
What are you sayinggggg
here at 2 views
1 min
hi second
nope not second
just use Shadow Defender
Can you test Sandboxie?
hi