5

Whilst pondering about security, and setting up different VM for certain online activities deemed more risky or requiring extra security (banking, or visiting untrusted websites, etc), I came to think about how such a setup (different VMs for different uses) would defend me against a keylogger.

So, two questions then:

1: If a keylogger has been installed inside a VM, can it capture data outside its own VM?

2: The opposite, does a keylogger in a host capture strokes typed within a VM residing in that host?

My bet would be No and Yes respectively, but I really have no idea. Anyone else does?

paranoid
  • 53
  • 3

2 Answers2

2

  1. No

  2. Yes

A keylogger runs as software or driver within the machine, it will be limited to the virtual machine it is on.

If the keylogger is installed on a host, it will capture all data on the host. It is possible that some virtualisation software has its own hook that overwrites the keylogger, but I doubt it.

William Hilsum
  • 117,648
2

There is always a chance that there are vulnerabilities in the virtualization software. This in turn could allow malicious software to "escape" into the host OS:

http://secunia.com/advisories/18162/

So the answer would then be: 1. Possible 2. Yes

jmiserez
  • 1,703