A virus has access to all data that is mounted. All files that you can list with "dir" are in danger. If you only mount your game directory, you're reasonably safe.

Of course, a virus could theoretically call mount and access everything, but I guess virii from DOS times didn't know DosBox 😉

If you decide to run a "bad" software in DOSBox, you should be able to do so without any real harm.

Best advise I can give is that you only mount a specific folder where the software is, like "mount c c:\badprog\" and NOT use "mount c c:\" incase the bad program decides to do something nasty with C:\ then only the program folder will be affected.

Anyway, only the "emulated computer" can take any possible harm, and not the "real computer".

EDIT: what `Moe` said 😁

The best thing you could do is to scan it using an updated antivirus and disinfect it (if possible), unless you want to keep the virus for some unknown reason.

Not to get too off-topic, but I've never ever had a virus scanner be able to clean the virus from an infected file (except by removing the file).

el_pusher, today's virus scanners may not be able to detect these old virii anymore. A well-made test in a local tech magazine has shown, that manufacturers forget old sigs or remove them after a number of years.

IMO, "safe" and "virus" do not go together. Executing any malicious code on your computer is never "safe".

True, but when you're executing it on an emulator which masks a lot of the real resources of your computer, the risk is significantly lower. As has already been mentioned, the main risk of running virus-infected software in DOSBox would be corruption/infection of other files that are accessible from inside of DOSBox due to being in mounted directories.

DosFreak wrote:

IMO, "safe" and "virus" do not go together. Executing any malicious code on your computer is never "safe".

Nooo. The emulator is a "sandbox". As long as the correct mounting is kept it is ok.
The virus would have to be targeted for DOSBOX...In that case anything could happen.
But I cannot see any way in which a normal DOS virus could do anything (again: on condition that mounting is correct). It would be executed on a "virtual" DOSBOX machine, not having access to the "real" computer...
Even viruses are just programs, nothing magical...

Mirek

As I said: reasonably safe. Safety is always relative to the cost. There is no "absolute" safety, but as long as there are much easier, much more common ways to get infected, this particular scenario can be considered "safe enough" given the right precautions. Since old DOS virii can't possibly target DosBox itself (executing mount, triggering bugs), executing them in a well-defined environment inside dosbox can be considered safe for the rest of the system.

An entirely different matter would be running code that could contain modern virii. These could theoretically target dosbox and break out of the well-defined environment. But even then, it may be worth the risk (a question of personal judgement), since someone writing a virus would rather use some other spreading technique that gives more probability of success than going such a complex route. Well, unless someone you know wants to target you specifically. Et cetera.

In short: Make your own judgement. You know how a virus could break out of the restricted environment. It's up to you to judge if that could actually happen.

The type of virus is also important.

Think of it in this way: Is it safe to go to bed with a person that has a virus?

Well, it depends on which virus is it!

Boot viruses will get nowhere (no boot sector or low level disc access at all unless using disc images - which are in effect just files, not physical discs), worms will get nowhere (no internet connection - and also they are not written to work in plain DOS anyway), only file viruses can get to files on mounted discs...
Theoretically a specially DOSBOX targeted virus could be written which could secretly mount something or abuse a security hole to break out (security holes are in ANY software).

Mirek

There is Internet connection - see IPX (i.e. TCP/IP)...

Actually, not just IPX (which is not ran by default) but virtual modem too (which is ran by default).

By internet connection I meant the ability to get normal internet access, send mails etc... IPx and modem are just tunneled through internet ...

E.g. there is no way how to run a browser or e-mail program in DOSBOX...

Mirek

E.g. there is no way how to run a browser or e-mail program in DOSBOX

well... to be nitpicky you can run them but they may not be able to connect 😀

As to the virus problem, you can even make it safer running in dosbox by running it only on an image you "boot" from in dosbox. Only the files on the image can then be infected and mounting is not possible as well 😀

although in that case the MBR of the image can be infected.

true, but that is not really a problem since you already know you are running a virus infested image 😀

by the way, if need be you could send me the infected game. I still have my Norton Antivirus floppy disks from 1996 or so around and could probably get them to run in dosbox. Maybe it is possible to disinfect the game 😀

Thunderbyte Antivirus successfully removed quite a few *unknown* virii it detected, leaving the files perfectly clean. As for removable virii that it knew, they were a snap, too, but it was its feature of scanning for unknown bugs and curing files via its heuristic debugger that really made it stand out so much. Of course it was in the Glorious Golden Days (DOS 6.22 + Norton Commander).

Some good discussion here. I was going to ask this same question, because strangely it is not answered in any of the faqs that I have found.

>A virus has access to all data that is mounted. All files that you can list with
>"dir" are in danger. If you only mount your game directory, you're
>reasonably safe.

Yes, unless you then execute one of the files outside of DOSBox after it has been infected. Unlikely, true, but if a kid is clicking on files on your computer, there's no telling what they may click on.

>el_pusher, today's virus scanners may not be able to detect these old
>virii anymore. A well-made test in a local tech magazine has shown, that
>manufacturers forget old sigs or remove them after a number of years.

I've seen similar articles, but I still find this *very* hard to believe. The anti-virus software guys are all in a pissing contest and they all love advertising that they can detect 10,000+ viruses or whatever. I doubt they remove any sigs. In fact, most of the sigs are for viruses that have *never* been seen in the wild.

In some anti-virus software test I saw (5+ years ago), most of the common anti-virus software they tested didn't detect an alarming number of common viruses. This couldn't be because they removed the sigs - the viruses were "common and current" - it's just faulty software doing faulty scanning.

>true, but that is not really a problem since you already know you are
>running a virus infested image Happy

Anything downloaded from the net - abandonware, etc - should be treated as highly suspect.

Even after running files through http://www.virustotal.com/ and getting "no problems found" is no guarantee that anything is safe.