How can you get a file into a VM without creating a potential malware breach? I was told to kill the internet connection, disable any type of sharing with the host, no copy paste, and no sharing disks, but how would I be able to get the files into the VM if it is secure from both sides? The file in question is about 36GB and there is a second file that is 678MB.
Thank you.
VMware’s shared folders is secure - by default it’s read-only, and it’s only visible to the specific VM on which it’s configured.
The client OS doesn’t even need a network card, VMware emulates the network just for the shared folder.
I assume other virtualization tools have a similar feature.
It’s not. There’s no way to be 100% certain the shared folder daemon on the host has absolutely zero exploits, same thing for the networking stack used for transport. That also includes VM disk I/O, virtual graphics output, and any other communication between guest and host. It’d take some really advanced malware to abuse such exploits, but you’re better off minimizing attack surface as much as possible. That means disabling (or removing) every possible form of communication between host and guest, unless absolutely necessary for operation.
thank you for the in depth responses. Do you know if it is follish to keep internet on my host when I have the VM have no network connections, or is it highly recommended to kill the internet for both host and VM?
If you’re this unsure about running potential malware in a VM, the best method is to just not run it at all.
You should be perfectly fine running with networking on your host, as long as you disable it in the VM configuration before running the potential malware.
It is not going to matter. If the malware can escape the VM, it’s going to do that regardless of host network access.