Is host machine safe in case of virus on virtual machine

[patkim]

As goes this title, in case there's virus on a virtual machine is there any possibility of the host also getting affected? The shared folder is disabled or set to read only mode for the vm.
Many times I prefer to try freewares, adwares etc first in vm before doing anything on host os. Thx.

 

[Vyom]

Doing a sudo rm-rf won't affect the files on your local PC.
I think that's enough to say your local pc isn't affected by virtual machine, until and unless there is a way for the virtual OS to talk to host pc through shared folders, which you mentioned is already disabled.

Also, sharing Pen drives on infected virtual machine and host PC should also be avoided, goes without saying. But saying, just in case, you were planning to do so.

 

[Anorion]

its possible, hypervisors have known exploits
here is example > *www.vmware.com/security/advisories/VMSA-2013-0010.html

plus like Vyom said, there are other vectors of infection, network, or usb drives

 

[Hrishi]

Generally it doesn't spreads unless , you have USB drive or shared folders enabled.
But like said earlier , there can be exceptions.

 

[harshilsharma63]

If a malware wasn't specifically designed for a VM, it's unlikely to spread into host OS if shared folders are disabled and no storage device is shared. But; like many have mentioned; virtual environments have security holes. SO, a malware specifically targeted towards VM can exploit these cracks. Kep the hyperviser updated anyways.

 

[patkim]

Thanks all for your inputs.

Pl. help me with this..

Kep the hyperviser updated anyways.

What do I need to do here? I have VMWare Player 5.

 

[harshilsharma63]

Thanks all for your inputs.

Pl. help me with this..
What do I need to do here? I have VMWare Player 5.

What you have to do is always have the latest version installed. BTW version 6 of VMWare player was released a week back.

 

[whitestar_999]

@Anorion,that link is not of concern for op's query:

VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command. A local malicious user may exploit this vulnerability to escalate their privileges to root on the host OS. The issue is present when Workstation or Player are installed on a Debian-based version of Linux.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System.

but i do agree about using latest version of any virtual machine software which has security fixes.