[tor-talk] Benefits of Running TBB in a VM?
scarp
scarp at riseup.net
Thu Jul 3 04:39:50 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Michael Wolf:
> On 7/2/2014 1:02 PM, Bobby Brewster wrote:
>> What are the benefits of running TBB in a VM?
>>
>> AIUI, there are two advantages.
>>
>> 1. If malware infects the VM, then just the VM is compromised. If
>> your Windows/Mac/Linux system is infected, then your entire
>> system is affected (yes, I realise that it should be only the
>> user account for Linux unless you are root).
>>
>> 2. If your system is comprimised, your real IP cannot be
>> discerned. For example, in my non-VM Ubuntu machine, my wlan0 IP
>> is listed as 192.168.1.50. However, on my NAT'd VirtualBox
>> Ubuntu, there is no wlan0, only eth1. This gives an IP of
>> 10.0.2.15 which is obviously not the IP assigned by my ISP.
>>
>> Does this make sense? Are there other benefits? Any
>> disadvantages? Thanks.
>>
> #1 -- Unless the malware breaks out of the VM. [1]
>
> #2 -- Not true. You're assuming the malware is looking at your IP
> address and then reporting it. Well, it may... but the act of
> connecting to another server to report your IP address exposes
> your actual public IP address.
>
> BTW, 192.168.1.50 is *also* not the IP address assigned by your
> ISP, it's a local NAT address given out by your router. If you
> could hide behind NAT, you'd already be safe :)
>
>
> -- Mike
>
>
> [1]http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
>
>
Not a lot to be gained from running the TBB inside a regular VM other
than isolation of malware. If you're using Tor then I assume anonymity
means something to you.
Have a look at Whonix it is designed specifically for this kind of
usage. Additionally it isolates the Tor service in it's own VM to
provide extra network security from malware that could by-pass the Tor
service and directly access some remote location thus revealing you.
Most attacks about breaking out of a VM rely on you installing the
guest tools, so never do that.
- --
scarp | A4F7 25DB 2529 CB1A 605B 3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTtN6VAAoJEF2gSFkP1LMTFsYP/3tXhmN0pMRJH+HPyOPBYQtD
p6+Z51eLLp93g/ugYXy3IG83fxrBUOnAKSa5iQQB+7h1hjRv3dfDSaecH1UtrjXv
8Ojm+LYYRrIsb61gJHCp77liKXT8zNOA1tdzJARvCZDTGeYVZXogXlwckV8bpBHp
gvSZetfaiA/6UTEE+mxjoYkfMvcj9RkeoAEIGB3mAXi54NYoeHe5fGPSTHdr4iIs
QPTqhkw3cRXm9K2qFAPMmQbYuFxpWVhlsGmFJRz8+yc6ajpJftlyK+cofSN3LNbT
7+hLOIJAOji8OdWP4hG7a1E2a1OT4GdbVeo+Jo+HueRrurN2hz28Wv04FGqpCYuc
2Yd8vk9F4+ciE1+I7GFsxMnDibhMAjR9vNP2kImHqxEnO/TfU/7UgDlQuGGgEVPF
uLqak3QsGuOfY4eke5nU2A/C0EN0eBJ8Z4y+kNsN8QSoGEWUB6TwpPV0MUz/nedO
T2hHC1pCzBWFBGk1G4tVOnwElHlH/OLE+GMFUB2GBQpzrttF8XBBmyqDqvXEJcWE
cOSar4ZaS/W/Go5+3CbnDreEFC2qn9FRwgq1Rk6ZPlqpZ3h2yI3KbC7aD8cxgOA2
a+9RIgI9+/X86gcQKVJRZjZQ8ozRu1P1nlyN+7VloSUQ06O1ArFVnN6EFOVXePJx
+aX4nc8XYMRNJ9zN5pac
=zenG
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list