My homemade VMs run on VMWare. I use it for a number of years now and is my preference as it’s very fast (especially on SSD), configuration is very flexible, the management of snapshots is very user-friendly and in general – I am really happy with it.
I use VMWare to run some of automated malware analysis too and with nearly 1 million files processed there are occasions when it breaks.
I would be really curious to know what is the failure ratio for the commercial sandboxes, but I would imagine this must be happening quite a bit, given the volume of samples they process. I guess it’s probably one of the best stress tests for VMs – the code ran in a malware sandbox does a lot of funny stuff and is written by gazillions of clever programmers. There is a huge variety of code, data, errors, undocumented tricks, etc. – I bet some researchers already do it, but I would imagine this could be a good way to automate fuzzing of the VM software in order to find VM escapes.
In any case, since this post falls under ‘Enter sandbox’ series, it’s actually just a quickie dedicated to the dialog boxes that every once in a while kill my batch processing 🙂