[vbox-dev] how to shutdown VBox open APIs?

Alexey Eromenko al4321 at gmail.com
Thu Dec 9 10:27:17 PST 2010

On Thu, Dec 9, 2010 at 8:19 PM, Huihong Luo <huisinro at yahoo.com> wrote:
> We got more and more users to request how to deliver a vm whose configuration cannot be modified in any way.
> VBox is so powerful in its APIs, which is a very good feature compared to other vm software. However, this feature makes it very difficult to prevent people from chaning the vm settings, etc. Any thoughts on this?
> VBox uses across process COM communications, so need a way to only allow internal components to use those APIs, but disallow external programs to use it. Even this is done, a hacker can easily hook a DLL's exports, and change the code.
> For example, even if a VDI disk is encrypted, I can easily hook VBoxDDU.dll to dump its raw content, and bypass the encryption.

Use OVF -- it is a read-only format... better yet is to burn OVFs on CD-ROM.
OVF can't be changed by mistake.
Snapshots are read-only too. Once you have a snapshot it's settings
can't be changed.

-Alexey Eromenko "Technologov"

More information about the vbox-dev mailing list