Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 28

Why you shouldn’t use shared folders, shared clipboard and Drag’n’Drop

Users periodically need to upload files to the virtual machine from the main one (or vice versa to the main machine from the virtual one), for example, to launch a suspicious file or a link in an isolated environment. For sure, the average user will study this issue on the Internet, where they will find information about such wonderful and convenient tools as the shared folder, the shared clipboard and Drag’n’Drop, which are in the VirtualBox Guest Additions.

Have you never used these tools, in a nutshell: a shared folder is an option that creates a folder on a computer to files, which both the virtual machine and the host can access to. The shared clipboard allows you to copy and paste files from a host machine to a virtual one and vice versa, while Drag’n’Drop generally allows you to drag files from one system to another easily.

I have to introduce these tools to you, although for security reasons I don’t want to teach you how to use them and I am ready to offer another solution for the interaction between the host and guest systems. I hope you will follow my recommendation, believe me, I am quite familiar with the methodology of going beyond the virtual environment and know how dangerous these tools are.

Tip

Get rid of shared folders, shared clipboard and Drag’n’Drop.

According to my statistics, 85% of the tools for going beyond the virtual environment of VirtualBox required the presence of VirtualBox Guest Additions and related functionality.

Interaction through cloud storage

The first option I recommend as an alternative is to organize the interaction of the host and guest machines through cloud storage, giving the virtual machine access to one of the folders on Google Drive, Yandex.Disk or Dropbox. Or it would be even better to have a separate cloud storage account exclusively for this purpose.

All what a malefactor can get access to your virtual machine is to upload or delete any files in the cloud storage. Definitely, there is a chance that they will somehow force you to run the compromised file from the cloud on the main machine, but I hope you will not make such a childish mistake.

Interaction via messenger

The second option is interaction via messenger. I use Telegram, as it is convenient and secure, you can transfer data with p2p encryption (secret chats), in addition, you can send pretty large files. Maybe you will use another messenger, this is not a significant aspect.

The way it works for me is the folowing: inside the main virtual machine I create clones for further targeted use with, Telegram messenger is installed, where there are no other contacts besides my main one. To send a link or a file I simply send one to my virtual machine in Telegram and open it there.

I can send a suspicious link or file from any computer, phone, tablet with Telegram, in the case of a shared folder or clipboard, you can only send it from a computer with VirtualBox installed.

Tip

To transfer data between the guest and the host system use cloud storage or instant messenger.

I will give you a practical example, I receive a message with a link that I need to follow, but it is unreasonable to open it from the phone. I copy the link and send it to Telegram of my virtual machine, when I turn the computer on and start the virtual system, I follow the link.

I hope that you will arrange the same system as well, as it is necessary, especially if you are using Android devices or you are a person of particular interest for influential detractors. Such a system is an important part of integrated security.

Interview widget: Have I convinced you to use the secure paths between the host and the guest machine?