Discord is one of the greedy AI companies training on your data

FOSS only, no proprietary spyware here. Daily driver on Android 15.

If you’re this unsure about running potential malware in a VM, the best method is to just not run it at all.

You should be perfectly fine running with networking on your host, as long as you disable it in the VM configuration before running the potential malware.

It’s not. There’s no way to be 100% certain the shared folder daemon on the host has absolutely zero exploits, same thing for the networking stack used for transport. That also includes VM disk I/O, virtual graphics output, and any other communication between guest and host. It’d take some really advanced malware to abuse such exploits, but you’re better off minimizing attack surface as much as possible. That means disabling (or removing) every possible form of communication between host and guest, unless absolutely necessary for operation.

Start off with a clean slate. Windows, freshly installed from a Microsoft provided ISO (Assuming you’re looking at a Windows executable). Try to follow a guide on bypassing the MS account requirement (AtlasOS has a section of their guide telling you how to do this).

When you’re setting things up, there’s no restrictions to internet access, sharing, etc. You just have to be careful not to open/view the files you want to isolate, which is easy enough by for example putting the files in a password protected zip. You can also install any required tools now (like maybe 7zip).

At this stage, there’s a few options:

• The easiest is to put your files into a separate folder, then run a simple webserver, like with python3 -m http.server on your host. Then download it on the VM.
• Another option is to mount the VMs disk, then copy the files directly. Turn off the VM, mount the disk, copy the files, unmount, then turn it back on.
• You could create a disk image that contains your files, readable by the VM.

When you’re ready to actually open the file, close off all access from the VM to the host. No networking, clipboard sharing, etc. Do this on the hosts VM settings, not inside the VM. Also note that without further tooling, it’s extemely difficult to tell if there’s any advanced malware present.

As soon as you view the potentially malicious files, consider anything coming from that VM as malicious. Don’t try to view/open files on your host, do not give it network access.

Malware can be (but often isn’t) incredibly advanced, and even an isolated VM isn’t a 100% guaranteed method of keeping it contained.