1. Home
  2. Forums Index
  3. Local / Foo 9:15 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Could an email sandbox stop malware?

         

incrediBILL

9:10 pm on Sep 28, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I was sitting here thinking that there's a simple solution to stopping file attachment malware from infecting PCs: VM sandbox

If launching a file attachment invoked a virtual machine where any malware infections only happened in the VM sandbox, the host machine could never get injected as all the attempted changes to the OS would vanish when the VM sandbox closes.

Any attempted changes to any files could be done in cloned copies only, or ask the user if the real file should be allowed to be updated.

The important point here is any attempts to tamper with core OS files could be easily detected and stopped as the VM would have the entire OS hooked and monitor such attempts so the only way a machine would ever get infected by email would be if the person at the keyboard was completely stupid.

I'm actually surprised that Windows and Linux doesn't supply a VM for email.

I know they have some people working there smarter than I am, at least 1 or 2 the last time I checked, so I'm surprised this hasn't crossed their minds.

More importantly, this type of sandbox could be applied to all downloads from a browser as well.

If you're talking about web based email and not a Windows or Linux mail client, then all file attachments are actually file downloads in the browser so one VM sandbox fits all.

Sure, running something in a sandbox first to see what it does it a real PITA as you would have to install downloads twice, but most people don't download stuff that often and running it twice to make sure it's safe vs. trying to clean an infected computer, well we all know the answer to that, as cleaning a hacked machine is a nightmare.

Wonder if anyone has already done VM sandboxes for email attachments yet and if so, why the hell isn't this SOP for all downloads?

Using something like Norton AV which can only detect things it knows about doesn't help anyone when it's new code, slightly modified code to avoid detection, etc.

The VM is the only way to go if it's practical and I think it is, and I think MS and Linux should include the technology for free to stop their machines from being infected.

Fr0mCha0s

12:18 am on Oct 18, 2014 (gmt 0)

10+ Year Member



I have thought something similar as well. I am not 100% sure but even surfing the net, if you make several different throwaway user accounts on your computer, and NEVER use the admin account to surf the net. then if you ever get infected could you not just delete the user account that got infected and be OK?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 9:15 pm May 5, 2026