[tor-talk] janusvm still safe?
hmoh at Safe-mail.net
hmoh at Safe-mail.net
Wed Dec 21 13:19:58 UTC 2011
Something come up to my mind... Vulnerabilitys could be,
- the user forgets to start the VPN, or
- the VPN connection breaks down for some reason (Windows bug or crash), traffic continues without Tor
I like the basic idea of JanusVM. I can say nothing about the concept of the deployed virtual machine but those vulnerabilitys I posted here could be fixed using a software firewall in whitelisting mode. Everything incoming and outgoing blocked expect the VPN connection.
Furthermore the VPN connection and the firewall should be forced enabled by an administrator and all applications should run as user. Not sure if that's best possible. Probable the Tor transparent proxy approach [1] is even better.
What I liked about JanusVM is that it's very easy to install and use.
[1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
More information about the tor-talk
mailing list